Like File Create, Move, Copy, Paste, Rename, Delet...
# generaln
Nand
05/02/2023, 5:51 AMLike File Create, Move, Copy, Paste, Rename, Delete, Send To etc
j
Jason
05/02/2023, 1:17 PMAbsolutely - but you'd need to enable some feature flags in osquery. https://fleetdm.com/guides/osquery-evented-tables-overview
n
Nand
05/02/2023, 3:47 PMHi Jason, Thanks for your response
Nand
05/02/2023, 3:48 PMFYIP, our Virtual Drive is FAT32 Type, so which approach will be followed
Nand
05/02/2023, 3:54 PMIf this uses NTFS Change Journal then I doubt it will not capture FAT32 virtual drive activities
j
Jason
05/02/2023, 5:01 PMyou are probably right and it does appear to use the NTFS journal
7 Views