Not only can we identify what happened to a file, we can even show you where it ended up. First, start a New Activity Search within the STEALTHbits File Activity Monitor by either pressing Ctrl+F or select the magnifying glass located in the top pane of the console:
Now, scope the search criteria to include only renames and deletes, a typical activity that results in a lost file/folder. Other parameters can help scope the query for meaningful results as well. Consider including the file/folder name or the known extension type within the File Path field like below:
We have now scoped our real-time activity search to included typical lost file operations that were .pdf file types. The data view allows you to filter and sort even further once the query is complete. Here, I’ve scoped our search further to only show rename operations:
Next time someone in your organization has a suspected drag-and-drop or deletion you can simply search within STEALTHbits File Activity Monitor in real-time, skipping any processing necessary for StealthAUDIT’s in-depth analysis.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Stealthbits Credential and Data Security Assessment
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Leave a Reply