FileAudit Documentation
FileAudit Documentation
You are here: Reference > Advanced > Use case Moving Files or Folders

Use case Moving Files or Folders

Prerequisites:

  • Vista / Windows Server 2008 and later
  • The source and destination paths must be audited.
  • The move operation take place within the same server.
  • The file or folder must not be empty if the move is between two separate disks on the same server.

Moving a file:

When the file is empty and the move is executed from one disk to another within the same server, FileAudit will display a deletion event at the source.

Moving a Folder:

If the move is carried out on a disk within the same server, a single move event will be present for the folder concerned.

If the move involves two separate disks of the server, there will be a move event per subfolder or file moved unless one of the folders or files is empty.

Limitations:

Three cases are identified that could provoke false negatives:

  • When moving from one server to another, FileAudit will display a delete and read event for the source server and a write event for the destination server.
  • When the file or folder is empty and the move is from one disk to another within the same server, FileAudit will display a delete event.
  • During the execution of moving of a very large file or folder that exceeds the normal time limits, FileAudit will display a delete and read event for the source server and a write event for the destination server.