Hi,
I have a coworker who has been found to have been going on another person's machine in the evenings and has changed architectural drawings that the person who's machine it is has done earlier (by scaling them down .9822 or more % depending on his mood),. this has been found to have been going on for at least a year... proof is the log in the hardrive (event viewer, System log and application log) showing someone logged in a couple of hours after the other left. And there are other things like security code for building was signed out last by this individual as well as discovering that the drawings this individual was working on were saved at the same time... the partners want the person whose machine was accessed to let it slide.
Please advice?

Well there's a few odd things going on here.
Isn't the computer/user account password protected? And aren't they supposed to change the password every 60 days or so?
Listserv is server software for managing email newsletter subcriptions, it is not a log of activity on a hard drive.

Sorry,. it was the event viewer, System log and application log,. as well as backup drawing files, a vpn test was done,. did not work.. and a sonitrol(building security) check,. the IT person had only one password for entire office... so if you were out someone else could access machine if need be... was told the machines are 'office' machines not ours...

the IT person had only one password for entire office....so if you were out someone else could access machine if need be...was told the machines are 'office' machines not ours...That's the problem right there - zero security. In this case there is very little to implicate a specific person. Your IT guy is lazy, every one should have a password-protected profile.

That decision was handed down from partners... anyway... the individual was the only one in the office working at that time... and is know to be there often... his name is printed on the fax from sonitrol showing who the last one signed out... 5 minutes after his last drawing was saved as well as the others drawings (the ones tampered with)

Having his name as the last who signed out is not enough unless you have CCTV or other concrete evidence.
Why don't get security system to the network?
It's more professional to be preventive than a clean up afterwards...

that decision was handed down from partners.....anyway...the individual was the only one in the office working at that time...and is know to be there often...his name is printed on the fax from sonitrol showing who the last one signed out....5 minutes after his last drawing was saved as well as the others drawings (the ones tampered with)


You have no hard evidence - this is similar to someone standing next to your car and then your car is scratched. They HAD to do but you can't prove it.

I don't understand what a lawsuit would be about. What are the damages?

The owners of the equipment would probably have the final say as to who used or abused the equipment. If they want to let it slide it's probably going to slide.
Is it sabotage or it comparable to leaving someone's computer on YouTube instead of their home page, where they normally leave it? A toilet seat up/down situation?
If they change dimensions (not just scale) it could be serious.
If it's sabotage and the company doesn't consider it a big deal, I would be seeking employment elsewhere. Something could go unnoticed and cause a big problem.