[ale] Help unraveling a "practical joke"?
Greg Freemyer
greg.freemyer at gmail.com
Tue Nov 2 17:23:22 EDT 2010
Wong mailing list, please IGNORE as it was as off topic as I could get here!
On Tue, Nov 2, 2010 at 4:58 PM, Greg Freemyer <greg.freemyer at gmail.com> wrote:
> All,
>
> I've got a situation where two business partners were having issues
> with each other.
>
> Based on a brief look at the image of one of their computers:
>
> When partner-A came in to work yesterday and logged into his computer
> with his normal login, a new user profile "/documents and
> settings/TEMP" was created with basically nothing in it.
>
> I still see "/documents and settings/UserA" but when I login as UserA,
> I am presented the desktop from .../TEMP/Desktop.
>
> It feels like a practical joke to me, but I don't know how to make it
> happen in the first place, and I don't know how to undo it so that
> UserA sees the Desktop for "/documents and settings/UserA/desktop".
>
> Alternatively, it might have been some malware screwing with things.
>
> At this point, I don't think its worth spending a lot of time on, but
> I would like to undo the damage.
>
> Thanks
> Greg
> --
> Greg Freemyer
> Head of EDD Tape Extraction and Processing team
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> CNN/TruTV Aired Forensic Imaging Demo -
> http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
>
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
>
--
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list