Who accessed my files?

[km23]

Hello,
I believe I have been hacked locally through my wireless router (which was turned off, passwords set, etc), since I see my important files have been accessed on 8/23, when I KNOW I did not access the files.

Is there a way to see anymore details as to who accessed the file, if it was transfered through a network, anything additional info I can get?

I'm in WinXP Pro and do not know of any tools to get me more info. Suggestions?

 

[Pirotech]

Try to check up Settings - Control Panel - Computer Management - Event Viewer

 

[TGS]

I think you need to turn on auditting on the folder prior to the events being generated in the viewer.

 

[MrChad]

How are you determining that they were accessed on 8/23?

 

[gaidin123]

If you allow your drive to be indexed by anything..windows, some sort of desktop search tool, anti-virus tools, spyware, etc. those access times will be touched when those tools run and scan files.

If you copied or potentially even made a system restore point which gets automatically created the times get touched.

So, there are a lot of reasons why files you didn't personally click on might get modified but the best thing you can probably do beyond looking at your event viewer, firewall logs, wireless router logs would be to either have someone who knows how to do OS forensics take a look at your drive or...just clean your machine up as best you can.

Run anti-virus (trend micro's housecall is good and free), anti-spyware (ad-aware, spybot, MS antispyware), rootkit revealer from sysinternals, check for new user accounts, run autoruns from sysinternals to check for all auto-start locations, and back up your important data.

Or, just back up your data and reformat/reinstall.

Gaidin