How to detect if files were saved or copied from an external hard drive/USB?

Question

Is it possible? If so, how?

This is needed to alert on the copying of "important" files.

An example of what I need:

There is a document on an external hard drive/USB.

You're just allowed to VIEW it, not COPY it.

Someone (an employer for example) copy the document. An alert is sent to the owner (by email for example).

There will be a software on the external hard drive/USB to do such thing.

It's to ensure that some people don't get a copy of the files. It's only there to be viewed, not copied. — Anonymous, Apr 13 '16 at 20:54
You may get a response if you give us some more context. This includes what you truly hope to achieve and the situation details. Understand that protection and detection may be related, but are still two distinct issues. — Dave, Apr 13 '16 at 22:08
This is still correct, even with your change. If you can view it, you can copy it. — Mark Buffalo, Apr 14 '16 at 19:22

score 5 · Accepted Answer · answered Apr 13 '16 at 22:10

Reading the file is copying it into active memory.

Once the file is in active memory, you can't control what happens next.

There are special platforms which perform DRM (Digital Rights Management) which can make it far more complex for people to take copies of your file. Snapchat has some controls like this, as does the Kindle reader. Encryption, proprietary protocols and control over the software and or hardware are required.

There are online services such as https://digify.com/product.html which do something like this too, not by USB of course.

This kind of control is really only effective at keeping honest people honest. Even if they haven't hacked the software or have a technical circumvention, a motivated person could always photograph the document from the screen.

See the measures taken in the TTIP as an example of somebody trying to solve this issue: http://www.independent.co.uk/news/world/europe/ttip-controversy-secret-trade-deal-can-only-be-read-secure-in-reading-room-in-brussels-10456206.html

"In the basement of the US capitol, there is a room, a locked soundproof room, and the only people allowed in this room are US senators, and they can't bring their assistants, they can't bring their phones, they can't even take notes in there."

score 1 · Answer 2 · answered Apr 14 '16 at 02:39

Stochastic forensics attempts to detect mass data copying using statistics. In brief, the idea is that the file access meta data contains patterns. If a bulk data is copied, then the meta data will record the bulk transfer as distinct from typical file access patterns. Once a bulk data transfer is predicted using statistics, other forensics analysis helps discover the destination of the data transfer.

How to detect if files were saved or copied from an external hard drive/USB?

2 Answers2

Linked

Related