Data files are not the only opportunities revealing information from computing systems. The category of data about the computing system includes recording data auditing, computer activity log, access control list, and other information that can not be printed.
Audit records are a means of tracking all activities affecting some data from the moment of their creation to disposal of the system. They are used by most management programs of computer networks. These records and computer log can provide information about who and when accessed the system, where and for how long, and the operations he made (changes, copying, deleting, etc.)
In addition to the audit records, a large number of companies have special software installed to monitor the use by an employee ‘s own information systems. These programs can provide information about the programs accessed, files used, emails sent and received, websites visited, etc.
Access control list (ACL) is associated with a file list that contains the names of users and groups that have permission to access and modify the file. The user access to those files depends on the employee’s duties or position in the company.
The information that can not be printed are also important sources for investigators. Such information are as follow: date and time attached to each file, information about the creation, access and modification of files (provided, for example, by the text editors), comments and notes not intended for printing, etc.