There is any Windows logger tool which would track file manipulation?

windows ntfs logging audit

I want to be able to know who and when touched a file. My last question showed that I can't rely on NTFS.


The implementation to this is different according to your infrastructure, but the answer (in principal) is the same. Time to implement File Auditing.

If you're talking about shares on a Windows server, then you should implement File Auditing via GPO. If you're concerned about a Windows workstation, this can be implemented via Local Security Policy


You should be able to turn file access auditing on. This is different than looking at the modified date/time. The following page has a really good writeup: http://www.techotopia.com/index.php/Auditing_Windows_Server_2008_File_and_Folder_Access


You will probably want to just take the next logical leap and look in the direction of the so-called Host-Based Intrusion Detection Systems (HIDS), which, as one of their features, offer setting up file monitoring.

I can't recommend any HIDS for Windows, but you should be able to find something to suit your needs.

Related

Bad byte in one RAM module / Block area of RAM from being used
Display recent login failures on login
Invoke Remote Desktop Connection from Hyperlink
How do you copy huge (millions) directory trees in Windows?
How do I automatically restart a process on server reboot/process exit?
Mount TrueCrypt encrypted system drive on other computer?
Windows XP Full Disk Encryption - What are the options?
In UNIX, how can I cat a file located in a different server?
Enabling gzip compression in IIS and having it take effect
How many valid NAT mappings can a common NAT support?
Hyper-V Requirements, disk partitioning
Getting full path of executables in 'ps auxwww' output