Hi, Someone logged or hacked into our server (Windows server 2008) and deleted all the files.
Is it possible to tell who did it?
From server logs?
Is it possible to retrieve server logs from backup?
Thanks!
I suspect the person who deleted the files was someone called "Administrator". And if you have to ask whether you can retrieve your server logs then I suspect the answer is "No". More important than worrying about who did it is the question of what aspect of your security allowed this to happen. You need to thoroughly review your settings. If this is a production machine in a commercial environment then you should probably hire someone who knows about computer security to do this review for you. A "penetration" test will reveal the weaknesses that led to this.