An intruder on a server is identified by providing files having attractive names in a subdirectory of the server. An agent is provided within one or more of the files. The agent is launched on an intruder's processor after the file containing the agent is downloaded. The agent locates various files and data on the intruder's processor and sends copies of the files and data to the server thus allowing a network administrator at the server to identify the intruder.