Just a quick thread to ask if anybody has had to deal with this before. Scenario is as follows:
User 1 accused of looking at Porn, User 2 accuses User 1 of looking at porn.
User 1 doesnt have internet access so its either going to be from email or network/USB stick. Can see that a USB stick hasnt been plugged into the machine in question and a quick review of emails going in/out doesnt show anything immediately obvious.
Next step is to look at the hard drive of the computer in question. I can easily see files that have been deleted (but not yet overwritten) However I cannot view the date they were deleted.
Where can I find the date a file was deleted? It is not the modified date. I fear any responses to this will say depends on the software however if you have any suggestions please give them. Otherwise I'm looking for a more technical answer.
User 1 accused of looking at Porn, User 2 accuses User 1 of looking at porn.
User 1 doesnt have internet access so its either going to be from email or network/USB stick. Can see that a USB stick hasnt been plugged into the machine in question and a quick review of emails going in/out doesnt show anything immediately obvious.
Next step is to look at the hard drive of the computer in question. I can easily see files that have been deleted (but not yet overwritten) However I cannot view the date they were deleted.
Where can I find the date a file was deleted? It is not the modified date. I fear any responses to this will say depends on the software however if you have any suggestions please give them. Otherwise I'm looking for a more technical answer.
