How to tell from the security log that a folder is moved

How to tell from the security log that a folder is moved
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
How to tell from the security log that a folder is moved itcom 01-18-2006
Posted by =?Utf-8?B?aXRjb20=?= on January 18, 2006, 2:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,

I have a security log. I need to find out who moved a folder. I have audit
turned on for delete , delete subfolders and files.

I try to search for event id 560 and check the key word "delete" by using the
eventcombmt
EventID: 560
Text: DELETE

But the result did not give me any clue who moved the file.

Question:
What will be the text string that I should use to search for moved
activities?
e.g. MOVE or INSERT
or
is there any other than audit setting that I should turn on in order to
record a moved folder action?
or
Is there any good tools for such investigation

Thanks


--
it com

Similar ThreadsPosted
RE: Moved & Deleted Files July 26, 2006, 1:16 pm
RE: Moved & Deleted Files July 26, 2006, 1:27 pm
Can Enterprise Root CA be moved? October 23, 2006, 10:50 am
File auditing for MOVED files. May 30, 2008, 11:26 am
Files Deleted (moved) without user intervention October 18, 2005, 8:49 am
Folder Security - Finding Group or User Name in Security settings January 30, 2006, 11:09 am
folder security January 10, 2006, 11:50 am
FOLDER SECURITY June 5, 2007, 3:27 am
Folder security December 24, 2007, 12:30 pm
Folder Security November 1, 2008, 2:15 am

The site map in XML format XML site map

Contact Us | Privacy Policy