Q

Alternative methods for monitoring users who delete files and cookies

The very highest echelons of my company will not permit me to install any type of Internet monitoring tools (probably because they don't want their own usage subjected to scrutiny). However, when mid-managers suspect an employee is violating our Appropriate Use Policies, they call me and want to know if I can provide them with copies of an individual's history files or cookies. Some of our people have become savvy enough to know how to delete things that are not permitted by policy. Is there any other way I can verify what they've visited? We're running W2K on both servers and desktops.

If you can't install any network monitoring or content filtering tools, you still have a few more options:

  1. Enable HTTP, etc. logging on your firewall and trace it back that way.
  2. Install an undelete utility on each PC that allows you to undelete cookies or history files.
  3. Utilize forensics or data-recovery tools that can recover deleted files (there are dozens). There are commercial, freeware and open-source that will allow you to go in and see what was deleted. You'd have to do this pretty quickly before the data's entries on the hard drive are overwritten with new data, though.
  4. Automatically backup each user's cookies and history files to your server for offline access. You could schedule a batch file that does this on every PC at random times every day. You'd have to do this fairly often though to make sure you copy the files before they are deleted.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Executive Security Briefing: Where do you draw the line on employee monitoring?
  • Executive Security Briefing: Tools to guard trusted employees?
  • Best Web Links: Employer/Employee Privacy Issues

  • This was first published in March 2003

    Dig deeper on Information Security Policies, Procedures and Guidelines

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close