Can I log file operations (create/modify/delete) in Windows?
Solution 1:
Yes you can and it's called Auditing. You can audit for succesfull and/or failed attempts. To enable auditing you have to take 2 actions:
Enable auditing by a policy. You have to open local Security Policy (or a policy on a domain) and go to Local Policies -> Audit Policy -> Audit object access. Check either Success or Failed, or both.
Enable auditing on a file or folder Now auditing is enabled, you have to set which files are audited. To do so rightclick on the file or folder that you want to audit and choose properties. Go to the security tab and click Advanced. Here you have to select for which users you want to enable auditing. Next you have to check for with actions you want to enable auditing.
You can find the results in the security eventlog.