Monitor Folder Changes in Windows – A Case Study

Being able to monitor folder changes on Windows servers is important for legal companies. A division from a well-known government law enforcement agency needed to better monitor and track the changes of sensitive files and folders presented in the prosecution of major criminals. 

monitor folder changes in Windows

The division deals with high profile cases such as murder, fraud and serial sexual assaults, serving over 1,000 employees including civilian members and police officers.

Their work supports major investigations by efficiently processing, organizing, indexing, and ultimately disclosing to the courts, large quantities of information derived from investigations.

Databases currently hold some 600 sensitive files that include evidence, images and written documents for operational investigations that will be used for prosecution in crown court.

The Challenge: The risk of tampered files unsuitable for use in court

At any one time up to 200 police officers, administrators and data entry staff can open these sensitive files concurrently. Given the sensitive nature of these documents, which are often vital pieces of evidence, the organization could not risk the files being tampered with or altered in a way that could deem them unsuitable for use in court. If the defence is looking for holes in the evidence it may ask to see how the document has been handled in the investigatory phase.

As a result the IT team needed to be able to track who was making changes to the documents, monitor shared folder access and recover lost work.

The team had previously been using Windows Server Audit, Microsoft’s own built-in back office file auditing system, but the capabilities were limited and did not provide the control they desired.

The IT manager for the division, said:

“Our previous system was not able to give us succinct readable data, which made managing systems extremely time consuming. It was also hard to search the system and query where files had been changed.”

Monitoring file and folder changes in Windows

“We were being asked by police and admin staff where sensitive files had gone, who had deleted documents and why changes they had once made were not saved. With so many different levels of staff, from officers, administrators and data entry in-putters being able to access documents and override each other’s work at the same time we had no way of knowing who had made changes or even who had deleted documents.”

With IT systems of today allowing evidence to be digitized, investigators can get ready access to information they need for review rather than manually going through thousands of physical files. This enables them to make timely and efficient decisions, a necessity when successfully prosecuting a criminal. However this fast access to data must be tracked and monitored, so access to crucial information can be reported on.

The IT team administrators began the search for a Windows-based solution that would allow the department to monitor network access. They needed to be able to monitor, track and record file usage.

The Solution: FileAudit, a file and folder monitoring tool to track all changes on a Windows Server

An online search led the team to IS Decisions product FileAudit. The team discussed it with its headquarters and found another division within the wider organizaiton had recently purchased FileAudit and was very happy with the software.

The IT Manager explains,

“We found FileAudit extremely easy to set up and it was compatible with the system we were using, so we didn’t have to change file names and formats. The pricing was right for what we needed to do too.”

To view the video, please accept all cookies.

How to quickly install your file system auditing software

The Benefits: Accountable for each and every file/folder changes on the server

In less than a week, the team was able to deploy FileAudit for its 1,000 users, across seven servers. The IT Team easily set up what was needed to track within the back office system. FileAudit allows the department to see file ownership changes and permission modifications in real-time. Currently the department is tracking file changes and deletes but will be able to tweak the system at anytime to track even more granular detail. The team is currently getting feedback from police officers to see if they can use the technology to monitor systems in other ways too.

Through FileAudit’s monitoring capabilities for its Windows network, the organization has been able to audit and monitor usage of sensitive files.

The IT Manager said:

“Previously if an important file was deleted or changed, users might blame the server or the IT team for losing their work, but now we can pinpoint who made the changes and relocate important files. By tracking files we can see who has made changes and who is responsible for deleting files.”

“This is important for our department, as the information is critical for the disclosure of evidence in court and successful prosecutions. Without knowing where this information is, it could get us into trouble and result in us losing prosecutions. We have to be accountable for every record on the server.”

The division recently managed to stop someone mistakenly deleting some 100 files, the IT Manager added:

FileAudit allows us to see how people are using our systems whereas before, with some 600 files, we could not easily monitor what people were doing. It gives us peace of mind and we can also be on the front foot with any security issues.”

A Free Fully Functional 20 Day FileAuditTrial

Don’t take our word for it, download now the fully functional free trial
and see for yourself how easily FileAudit can help you
monitor folder changes on your Windows Severs.

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.

Secured By miniOrange