File auditing

Suppose you want to find out which user account last modified a file.

Why would you want to do that? Well, in cases where a user’s account has been compromised to run a crypto virus, or someone has done something malicious, administrators might need to be able to check which user account last made a change to the file.

To help with this, I’ve written this file auditing tool. Its a stand alone executable which requires .NET 4 and runs on Windows. When the application starts, simply select the target folder from the left-hand folder tree, and click Main > Start Check. If the tool can identify the last user account to modify a file, the information will be displayed in the right-hand pane. Note that this utility relies on information retained within NTFS, hence this information isn’t always available for files (particularly system files) and is not available at all for folders because NTFS doesn’t hold this data. This utility doesn’t work with non-NTFS file systems.

I hope this tool will be useful for you. If you have any suggestions or comments please feel free to let me know.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email
Bookmark the permalink. Follow any comments here with the RSS feed for this post.
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.