Re: Capturing a programs file output.

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2004-08-15 mop () arach net au wrote:
> Can anyone suggest a freeware tool for Windows that can log:
>
> a) The file access of a selected application, such as opening,/closing
> of files, what is written, and if possible the offset the write
> occured at.
> b) Access to a selected file by any application.
>
> Either capability would be useful, but preferably both. Timestamping
> would also be helpful.

a) Can be done thru a tool like Filemon [1], but since it affects
   performance I wouldn't recommend running it in the background all the
   time.
b) Should be doable thru SACLs if you're using NTFS.

Regards
Ansgar Wiechers
-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------