There is any Windows logger tool which would track file manipulation?

I want to be able to know who and when touched a file. My last question showed that I can't rely on NTFS.


The implementation to this is different according to your infrastructure, but the answer (in principal) is the same. Time to implement File Auditing.

If you're talking about shares on a Windows server, then you should implement File Auditing via GPO. If you're concerned about a Windows workstation, this can be implemented via Local Security Policy


You should be able to turn file access auditing on. This is different than looking at the modified date/time. The following page has a really good writeup: http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access


You will probably want to just take the next logical leap and look in the direction of the so-called Host-Based Intrusion Detection Systems (HIDS), which, as one of their features, offer setting up file monitoring.

I can't recommend any HIDS for Windows, but you should be able to find something to suit your needs.