Click here to visit Original posting
There's a significant data-loss incident at this small company, with important chunks of information going missing, and the lone IT pilot fish there has to scramble to restore the systems and get everything working again.
But fish knows his job isn't done. "Curious about how this happened to one of my systems, which I take pride in and have high standards for, I commenced a full analysis of our system logs," fish says.
"I discovered that the missing information sets were each explicitly deleted in our software, and the logs revealed that each deletion operation was performed from an internal IP address."
So fish cross-checks against the company's Active Directory in order to match the time stamps and find the user. Turns out the culprit who deleted the information from the core system is a recently hired assistant to one of the managers -- who also happens to be a longtime friend of that manager.