如果有人将数据传输到USB存储设备,我该怎么办? [英] How can i find if someone transferring data to usb storage devices ?

查看:82
本文介绍了如果有人将数据传输到USB存储设备,我该怎么办?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我计划开发一个安全应用程序,用户无法在没有管理员权限的情况下将数据传输到USB存储设备。为此需要知道如何通过USB检测写入过程。



我尝试过:



目前我编写的代码用于检测usb并且卡在找到USB的数据传输上

I am planning to develop a security application in which the user cannot transfer the data to the USB storage devices without admins permission. For that need to know how can I detect the writing process over the USB.

What I have tried:

Currently i wrote the code to detect the usb and am stuck on finding the data transfer to the USB

protected override void OnStart(string[] args)
{
    //add this line to text file during start of service
    TraceService("start service");

    //handle Elapsed event
    timer.Elapsed += new ElapsedEventHandler(OnElapsedTime);

    //This statement is used to set interval to 1 minute (= 60,000 milliseconds)

    timer.Interval = 10000;

    //enabling the timer
    timer.Enabled = true;
    ManagementEventWatcher mwe_creation;
    WqlEventQuery q_creation = new WqlEventQuery();
    q_creation.EventClassName = "__InstanceCreationEvent";
    q_creation.WithinInterval = new TimeSpan(0, 0, 2);    //How often do you want to check it? 2Sec.
    q_creation.Condition = @"TargetInstance ISA 'Win32_DiskDriveToDiskPartition'";
    mwe_creation = new ManagementEventWatcher(q_creation);
    mwe_creation.EventArrived += new EventArrivedEventHandler(USBEventArrived_Creation);
    mwe_creation.Start();

    ManagementEventWatcher mwe_deletion;
    WqlEventQuery q_deletion = new WqlEventQuery();
    q_deletion.EventClassName = "__InstanceDeletionEvent";
    q_deletion.WithinInterval = new TimeSpan(0, 0, 2);    //How often do you want to check it? 2Sec.
    q_deletion.Condition = @"TargetInstance ISA 'Win32_DiskDriveToDiskPartition'  ";
    mwe_deletion = new ManagementEventWatcher(q_deletion);
    mwe_deletion.EventArrived += new EventArrivedEventHandler(USBEventArrived_Deletion);
    mwe_deletion.Start();

}


internal void USBEventArrived_Creation(object sender, EventArrivedEventArgs e)
{
    TraceService("USB Added");
}

internal void USBEventArrived_Deletion(object sender, EventArrivedEventArgs e)
{
    TraceService("USB Removed");
}

推荐答案

在这种情况下,尝试使用NotifyFilter集实现FileSystemWatcher类你想要注意的改变..



尝试以下样本:

C#Corner:Error Display [ ^ ]



如何实施C#中的一个简单的filewatcher Windows服务 [ ^ ]
In this scenario, try implementing the "FileSystemWatcher" class with the "NotifyFilter" set to the changes you wanted to watch out for..

Try the following samples:
C# Corner : Error Display[^]

How to implement a simple filewatcher Windows service in C#[^]


如果你想完全禁止写入USB,那么这里有一篇很好的文章:
开发USB存储设备保护工具用C# [ ^ ]



另一种方法是检测正在安装的USB驱动器然后跟踪它,但是有一个复杂性,那就是外部硬盘驱动器不像usb闪存驱动器那样注册,但基本上可以像这样跟踪连接的设备



If you want to disable writing to USB altogether there is an excellent article here:
Developing a USB Storage Device Protection Tool with C#[^]

Another approach is to detect the USB drive being mounted and then keep track of it, there is a complexity though, that external harddrives does not register like the usb flash drives, but essentially keeping track of attached devices can be done like this

using System;
using System.IO;
using System.Linq;
using System.Management;
using System.Threading;

namespace UsbDetector
{
    class Program
    {
        private static bool clear;
        static void Main(string[] args)
        {
            Console.WriteLine("Monitoring for DeviceAttaced event");
            clear = false;
            using (var watcher = new ManagementEventWatcher())
            {
                WqlEventQuery query = new WqlEventQuery("SELECT * FROM Win32_VolumeChangeEvent WHERE EventType = 2");
                watcher.EventArrived += new EventArrivedEventHandler(watcher_EventArrived);
                watcher.Query = query;
                watcher.Start();
                watcher.WaitForNextEvent();
                while (!clear)
                {
                    Console.WriteLine("Waiting for method clear signal");
                    Thread.Sleep(1000);
                }
            }
            Console.WriteLine("Exitting");
        }

        public static void watcher_EventArrived(object sender, EventArrivedEventArgs e)
        {
            Console.WriteLine("Drive mounted " + e.NewEvent.Properties["DriveName"].Value);
            var driveInfo = DriveInfo.GetDrives().FirstOrDefault(d => d.Name == e.NewEvent.Properties["DriveName"].Value.ToString() + "\\");
            if(driveInfo.DriveType == DriveType.Fixed)
            {
                Console.WriteLine("Drive is a Fixed type, could be an external harddisk connected via USB");
            }
            if(driveInfo.DriveType == DriveType.Removable)
            {
                Console.WriteLine("Drive type is Removeable, could be a USB flash drive");
            }
            clear = true;
        }
    }
}


这篇关于如果有人将数据传输到USB存储设备,我该怎么办?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆