5

I don't know if I'm looking for a file integrity monitoring software here.

Basically let's say we have firefox or chromium, let's say the user is watching a youtube video, then we'll find that video in our cache right? Now i would like to know if a specific application is creating or modifying some file, even if it calls an "external module" (like, I don't know, launching mkdir command on linux from our target application).

I need a software that does that online, when it's happening. I have just to tell him which process has to be monitored.

I need it for Windows right now but since the application is multi-platform a Linux solution would be ok.

AviD
  • 72,138
  • 22
  • 136
  • 218
dierre
  • 295
  • 1
  • 8

2 Answers2

7

If you're looking for something interactive, and not service-style long-term monitoring software, check out Microsoft's (nee SysInternal) Process Monitor.
Very versatile.

AviD
  • 72,138
  • 22
  • 136
  • 218
7

On the Linux side you can do this kind of monitoring using the auditd subsystem and very cleverly written rules. It can be used to watch for changes to files or directories, entry or exits of system calls, etc.

Scott Pack
  • 15,167
  • 5
  • 61
  • 91