Would anyone help me with this? Someone deleted a couple of important files on NT Server ,maybe during the night, and it's not the first time;it happened before. The original of deleted files were saved in the owner's own HDD,as of now it's O.K, but everyone concerned want to know who did it and when ,finally why; by mistake or intentianally.
Every clients doesn't log on NT Domain but instead every dept form their workgroup and there are service forders for each workgroups with security option. So the suspect(^^) must be one of members of the dept.
So how can I arrest and get him ? Any tips or suggstion would be greatly of help to me.