If you want to know who deleted a particular file in Windows 2003 all you need to do is enable auditing the folder you want to keep track of. Just right click on the folder, go to “sharing and security”, then “security” tab, at the bottom click on “advanced”. Select the auditing tab, click add, select the group or users to track, then pick what actions you want to track.
To track file deletion you would enable:
Create files/Write data Success/Fail
Create folders / append data Success/Fail
Delete Subfolders/Files Success/Fail
Once thats done Windows will log all the information in the security event log.