[Question] File monitor?

Post by **ayu** » 24 Jan 2008, 14:34

Ok so i know there are programs to make a list of all the files in your computer and then compare it to another list to see what stuff that has been added to the next time. There are also other programs to monitor the activities in the computer, i believe Mab made something like that not so long ago.

No i am wondering, is there a program like this where i can specify ONE special file? For example a file that i think is malicious, but no AV detects it.....i want to see what that file adds to the system.

Does anyone know of such a program?

Post by **maboroshi** » 24 Jan 2008, 15:52

I have not seen such a program but my app uses the win api to read a folder probably something in the api to monitor one file

Else you could build it

Do your homework Im sure you will find something

Swan · Post by **Swan** » 24 Jan 2008, 17:05

sent via MSN *removed.

Post by **Big-E** » 24 Jan 2008, 17:14

Yuck, I hope that the

Code: Select all

tag messed up your formatting or me and you need to sit down and have a talk on creating neat code.

Post by **bad_brain** » 25 Jan 2008, 05:41

hm, on Linux systems you can use Tripwire, it's used on servers to detect file changes helping to notice if a system was compromised. the usage is pretty easy, but the initial setup is a little pain in the rear because you have to edit/add the paths in the config files.
http://www.tripwire.com/products/enterprise/ost/

Post by **ayu** » 25 Jan 2008, 08:59

sounds nice =o

Doesn't sound doable here though, seeing that it would be an exe file that i want to monitor...i mean...a virus in Linux? THAT'S UNHEARD OF! ^^

Post by **computathug** » 25 Jan 2008, 10:11

You could try this, it enables you to select the folders you want to monitor.

http://www.contactplus.com/products/fre ... onidir.htm

Hope this what you looking for

Post by **ayu** » 25 Jan 2008, 11:53

hmm well it's a very good program....but the thing is that i would have to specify a range of folders to check there....so if the file adds something that is NOT in that folder...then i will not know of it =/

Post by **bad_brain** » 26 Jan 2008, 07:54

hm, you could still use Tripwire to hash the files and compare the hashes then....of course you would need a dual OS system, but I have to admit I am not 100% sure if it works for NTFS file systems...