The accessing of the remote shares is logged in the security log in event viewer of the remote PC. I don't believe the accessing and copying of files from the remote computer to the local computer is logged unless you enable additional auditing on the remote PC. We had to analyze the event viewer of a remote PC a while ago in an "investigation." Using other strategies we were able to theorize that the user did send himself some docs by email.
The administrator has disabled public write access.