|The "Event Log" should show you when remote connections were established. If you have auditing enabled, then the Event Log may also show details on who deleted the files. However, auditing is not retro-active, so if it was not on at the time, you really can't tell who deleted the files.|
If you need to recover the files, you might want to read this article: http://blogs.howtogeek.com/mysticge...
It sounds like you have a serious security problem. There is no reason clients should have access to your server, nor is there a reason why a "thick" employee should be able to just go on a deleting spree. You should get in contact with a competent IT firm, and have them analyze and fix your server security.
Free Computer Tips and more:http://RyanTAdams.com
Paid Tech Support: Black Diamond