Software to trace email intrusion

Byron172

We believe someone in our office has accessed email on a PC that is confidential. Is there a way that we can (a) find out and prove this has happened and (b) install software that will track when someone has done this. I realise that we can stop this person with password access etc however our intention now is to catch them so that we can discipline them accordingly.

Note - Please feel free to bump this thread to a more relevant category if this section is not the right place.

Thrax

You could check the exchange audit logs.

kryyst

How do you suspect they accessed they email? Did they go to bob's computer when bob was on lunch and just use his machine or do you think they accessed it from their own computer through a web client and guessing bob's password?

Byron172

They went to Bob's computer while he was not around. The emails that we suspect were read were in the Deleted Items, Sent Items and Inbox (not downloaded from the server).

kryyst

Then there is no trace software in the world that will help you. That's social engineering hack and not a computer hack so nothing to trace. Technically speaking from a security stand point Bob is equally guilty.

Kwitko

Set up video cameras. That's the best you're going to do.

Byron172

OK - it looks like surveillance might be the way to go. Might also try something like UltraVNC to monitor the PC remotely and maybe catch him in the act that way.
Problem is he's already done it (and we know it) but no way to prove it by the looks of it.......

Vicar

Look at it as a free lesson in security.

Warn your peeps of the danger of keeping their workstation unsecured and let this go. I know its hard but you just have to let go.

Like Kwito said nothing bar a vid cam is going to catch anyone.