none
Monitoring File movement RRS feed

  • Question

  • Hello everyone,

    Could some one guide me if there is any way I can track/monitor the file transferred (details of full path of source file and destination, timestamps ....) out of windows machine to external disks using WDK File system filter driver ( minispy filter driver).

    Thanks and regards

    Sunday, January 12, 2020 5:50 PM

All replies

  • File systems and their filters are the most complex types of drivers in Windows. If you already understand Windows internals and have device driver experience, it takes 5 days to learn file system filter drivers in classes provided by most training companies. There isn't anything meaningful that can be explained in a forum post. If you're not able to go to a training course, then you can try the MSDN docs, but it will take you months to really understand filter drivers. Taking a class is by far the most cost-effective way to learn. Another option is to hire a consultant to write the driver for you and then have him explain the driver's architecture and theory of operation, afterwards.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, January 13, 2020 11:22 PM