I got my phone stolen a few months ago. No activity on it since. Then, yesterday I received a mail from our Exchange (2013) telling me the remote wipe was completed successfully.

That - in my eyes - means someone started it up and connected it to a network. Which again means it should be loggable. Firewall logs are more or less useless because of the traffic around the time it was remote wiped. I though there would be logs for this in Exchange, but I find almost no information relevant on neither Google nor here. The notification mail gives me no IP-adresses of the phone when it tried to connect and got wiped.

So - can anyone who is fluent in Exchange security help me track down the IP triggering the remote wipe of my phone? Someone has stolen it, tried to use it and got it wiped. I want to deliver the IP, complete with logs and location tracking to the police. Any info I can get my hands on is useful.
0 Comments   [ - ] Hide Comments


Please log in to comment

There are no answers at this time
Answer this question or Comment on this question for clarity