Unauthorized access by an unknown person (how to detect at what time, on which comp)

thedrama

Hi guys, an adjacent person complained about an unauthorized access from his computer. Someone unknown or unknown to him,
had browsed a couple of website without his permission which is suggestive.

The problem is, the victim doesn't know the time or place in which the unauthorized access had been performed. He demanded it to be identified.

My question is, is it possible to identify the place,the time and the modem (whether school or his home) of that access as a computer user/network technician not the ISP?(not the ISP logs)

vinbuck

Is this on a network you are managing/working?

thedrama

vinbuck wrote: »

Is this on a network you are managing/working?

No its not. This problem belongs to a familiar person who wanted me to solve if possible.

RobertKaucher

Unless auditing is set up before hand, it is genrally exceptionally difficult or impossible to do after the fact.

forestgiant

There's also forensics. I$ he willing to pay$$$$$?$$ (there's a question mark in there somewhere)

Forsaken_GA

black hats arent' going to compromise a box just to use it to look at ****. . The adjacent person is very likely full of it and is indeed the culprit themselves. (Or their kids, girlfriend/boyfriend, if any of those are applicable)

thedrama

so, wouldn't it be possible to track the actions happened in the past as a network tech or specialist without requesting the relevant logs from ISP belonging to that specific subscription to the DSL connection?

RobertKaucher

thedrama wrote: »

so, wouldn't it be possible to track the actions happened in the past as a network tech or specialist without requesting the relevant logs from ISP belonging to that specific subscription to the DSL connection?

Unless you have logging set up on the systems in question, you have confused IT with this: Magic (paranormal) - Wikipedia, the free encyclopedia

Forsaken_GA

thedrama wrote: »

so, wouldn't it be possible to track the actions happened in the past as a network tech or specialist without requesting the relevant logs from ISP belonging to that specific subscription to the DSL connection?

And maybe not even then, most ISP's don't log all traffic, the amount of data that flows through them makes it prohibitive storage wise. The best you're likely to get out of the ISP are netflow logs, which will just give you bare session information, nothing about what actually took place, and you likely can't get those without a court order. From the ISP's perspective, *you* are responsible for securing your CPE.

thedrama

Forsaken_GA wrote: »

And maybe not even then, most ISP's don't log all traffic, the amount of data that flows through them makes it prohibitive storage wise. The best you're likely to get out of the ISP are netflow logs, which will just give you bare session information, nothing about what actually took place, and you likely can't get those without a court order. From the ISP's perspective, *you* are responsible for securing your CPE.

im trying to build the question more clearly. what im intended to learn here is whether i am(as a networker) capable of finding the relevant records, time and the computer (the one at school or at work) accessed from. Without informing the ISP from the situation, is it possible to do those processes above
as a networker?

MAC_Addy

All in all the victim should have locked his computer when leaving the desk. That's what I tell everyone to do.

Forsaken_GA

thedrama wrote: »

im trying to build the question more clearly. what im intended to learn here is whether i am(as a networker) capable of finding the relevant records, time and the computer (the one at school or at work) accessed from. Without informing the ISP from the situation, is it possible to do those processes above
as a networker?

Sure, assuming you've deployed the proper amount of monitoring and logging tools to be able to do that kind of auditing.

Zartanasaurus

Forsaken_GA wrote: »

The adjacent person is very likely full of it and is indeed the culprit themselves.

This was my first thought.