hello,
I have given a task to audit copy of file
from harddisk to removable drive and vice versa.
i have gone through minispy code but i don’t know how to do
and also how to identify removable media?
please help.
Start off by going through the archives and then end up finding that you can
NOT detect this.
Think logically and try to understand how copy works. Let me give you a
starting point. Copy is NOT a single file system operation. It is a
collection of file system operations. Now think more on these lines.
Regards,
Ayush Gupta
AI Consulting
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of miti thakkar
Sent: Friday, May 07, 2010 10:09 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Audit Copy File From Removable Media to Harddisk and vice
versa
hello,
I have given a task to audit copy of file
from harddisk to removable drive and vice versa.
i have gone through minispy code but i don’t know how to do
and also how to identify removable media?
please help.
— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Dear Miti,
As Mr. Ayush Gupta written before the copy operation consists of multiple atomic file system operations. (multiple events of the following types: MJ_CREATE; MJ_READ; MJ_ WRITE; MJ_CLEANUP) I’d recommend you to try the Process Monitor utility from Sysinternals (with Advanced Output enabled in Tools menu).
There are commercial products in the market that are targeted at auditing file transfers from/to USB drives. So if you don’t have lots of time and experience in driver development I’d recommend you to look around for such product.
However if you do have the time and knowledge, I’d recommend to do the following:
? Add IncludedFolders/ExcludedFolders functionality to the driver
? Write a new user space code [presumably in .NET] which detects the USB drive plugging events and send the USB drive’s volue path to the driver
? The user space code have to correlate all the atomic events to translate them to copy operations, including watching the data that is being read and the data that is being written [this is the hardest part]
Regards,
Matyas Szentivanyi
.
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of miti thakkar
Sent: 2010. m?jus 7. 6:39
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Audit Copy File From Removable Media to Harddisk and vice versa
hello,
I have given a task to audit copy of file
from harddisk to removable drive and vice versa.
i have gone through minispy code but i don’t know how to do
and also how to identify removable media?
please help.
— NTFSD is sponsored by OSR For our schedule of debugging and file system seminars (including our new fs mini-filter seminar) visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer