[zapp22]

I have a situation with various complications.
I have a file on a CD, and I need all the 'forensic' data I can get from it.

media files that get passed around take on several file types, morphing from video-cam to who-knows-what file types as they are sent here and there.
My question is two-fold
1. given a vid file, how would you determine the original-basis age of that file?
2. I have a separate issue with VPN access to my local network: how can I determine if someone coming in via VPN changed/altered the files local??? and secondly [I'll probably post this on its own], how do I limit VPN remote-access to my local network? I have 5 or so machines connected to wired/wireless on a typical day, and the vpn has been used for remote-control kinds of software..... its bugging me

z

[zapp22]

bump

[lunarlander]

About your VPN question. Windows keeps track of login date and times of all accounts. You can view Administrative Tools/ Event Viewer and look for these event IDs : 4624,4636,4803,4801. ( These IDs are for Vista, on XP systems, subtract 4096 from the numbers to get XP eventIDs. ).

To get an event viewer alert when a file is modified, you first have to place an AUDIT flag on the file. This is done via Right click <filename>, choose Properties, Security tab, Advanced button, Audit tab.

Since you are trying to do forensics, and did not set the audit flag previously, the only info you have is the account login times.

I think the only way to stop people comming in through your VPN is to change your usernames and passwords. You must use strong password that is not a dictionary word. A passphrase is preferred. So for example, the phrase "james t kirk is the captain of the u s s enterprise" becomes the password "jtkitcotusse". A strong password also uses alpha, numbers and symbols, so you should modify the above and it becomes "jtk4443itcotusse&".

You can further strengthen your VPN by using 2 factor authentication. A low cost way is to use a cell phone as the second factor. When someone logs in using account name and password, the system phones the predefined cell phone number, the user presses "#" on the cell phone and he is logged in. See here: http://www.phonefactor.com/solutions...authentication

There are other 2 factor authentication methods like using Smart Cards or RSA tokens, but I think they are more expensive and require more administration.