记录文件复制操作 [英] Keeping records of file copying operation

问题描述

我想知道如何将复制文件的记录保存到USB等外部磁盘上?有谁知道如何在编码中实现这一目标?可以使用哪种API来做到这一点?

谢谢

解决方案

我建​​议您创建一个服务，使用WMI来检测USB驱动器连接，并使用SystemFileWatcher创建一个服务.

正如 daveauld 所说，这不是一件容易的事.
您将需要编写文件系统过滤器驱动程序 [ 解决方案

I''d reccomend you to create a service whick use WMI to detect USB-drive connection and SystemFileWatcher to create a list of stealed files.

As daveauld said, this is not an easy task to achieve.
You will need to write a File System Filter Driver[^].

There is no simple way to achieve this.

A copy operation is not a straight forward audited event on the file system, and therefore cannot be easily traced.

You would need to hook deep into the os to track file read and file write operations and work out what constitutes a copy.

I believe there are commercial auditing products available on the market, which i would suggest you investigate if you are looking for a reliable solutions.

Programmming one yourself is not something i would suggest you undertake.

To get an idea of what is going on you should download a FileMonitor from Sysinternals and watch what activity is going on at the file system level when things are being opened, copied, deleted etc. and you will see it is quite complex.

这篇关于记录文件复制操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！