Re: tool to log file access

From: H Carvey (keydet89_at_yahoo.com)
Date: 02/28/05

  • Next message: Chris Thorp: "Re: What is more secure?"
    Date: 28 Feb 2005 11:21:43 -0000
    To: security-basics@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <91FD9E3DC7F754489F7F83AC886B67AD0CE7DF8A@ESMADEXCH02.azertia.com>

    >Is there any tool to log all files accesses that creates a report more =
    >useful than the event log?

    Use WMI to create a listener, waiting for file events...have it start watching at the root of the drive. If this is written in C# or in Perl (and then compiled via Perl2Exe), you could easily have it as a service.

    H. Carvey
    "Windows Forensics and Incident Recovery"
    http://www.windows-ir.com
    http://windowsir.blogspot.com


  • Next message: Chris Thorp: "Re: What is more secure?"