I have a client who wants us to lock down the Mac laptops we're using to access his data. He wants an audit of all files read and written from removable media (USB, FireWire, optical). I have a sister question re: finding a commercial app for this, but I'm starting to feel like the only fun^H^H^H suitable solution will be DIY.
Does Cocoa have an API to audit the bus/device, any identifiers (S/N, vendorID, et.al.), the filesystem metadata (stat()) and blocks in/out, etc.? Does dtrace do this!?
I could reinstall every laptop with ZFS and mirror any external device via copy-on-write...
