Windows Server 2003 Event Logs

S

ServerMachine

Recently someone hacked into my Windows 2003 Server and messed around
with the active directory. It was all recorded in the event viewer
logs. However when I came to look at them, it said that the security
log file was corrupt. This may have been caused by the hacker. The log
file is around 18MB. Is their any way to extract the information so
that this person can be prosecuted.

Thank You
 
S

Steven L Umbach

You could send the log file to a data recovery specialists who would
charge you a ton of money with no guarantees. Even if you got the data you
want it is very doubtful that you could actually be able to track down the
person and prosecute them, and you would need a whole lot more than a log
file - law enforcement has much bigger fish to fry, and your losses would
have to be proveable and substantial. It would make more sense to
concentrate on how this happened [most valuable use of your event log] and
implement measures to reduce the risk of another malicious event in the
future. When someone breaks into someone's house around here, the police
take a report and tell you to "get better locks". --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event Logs 2
Event Logs 2
Event log issues 1
windows security log doesn't have any entry 2
No permission to view Security Log in Event Viewer 2
Event Viewer Error 1
Help: can Windows 2000 Server lbe configured to og IP address in the event log? 4
Activated Windows Server 2003 Ent. asking to re-activate. 3

Top