What created that file?
February 9, 2006 11:46 AM Subscribe
How can I track the source of a file?
posted by bDiddy to computers & internet (3 answers total)
I have a user who is reporting that something is creating a file in an area that it shouldn't. This folder resides on a Windows server and he is running Windows XP (or 2000, but I'm pretty sure it's XP). He is seeing a file created periodically but has no idea where it's coming from and is concerned that security might have been compromised.
The file is named "clientid.txt" and contains the string, "3145204-218057". The folder it's being created in can only be accessed by him and Domain Admins. The file shows that it was created by this user.
I am thinking that some job or some process is running on his PC that is creating this file, but when I checked he had no jobs running. Maybe a rogue process, but I can't find it. Is there a way to find out what caused a file to be created? If not on an existing file, maybe there's a way to catch a process when it writes a file to a folder?
Again, if I wasn't clear, this is a Windows OS accessing a file share on a Windows network. No Linux servers can access the folder where this is being written. I'd appreciate any help greatly.