Is there a way to get a history of file operations in Windodws, like which folders were moved where, last renamed file, what was deleted, etc.?
Process Monitor by SysInternals can monitor and log all file, registry and network operations.
You have to be careful though. In the screenshot above, even though it says
CreateFile all access is read-only (libraries (DLLs) being loaded).
There is no such log by default.
On a Windows NT system, an administrator can enable auditing of file operations:
For this to work, “Audit object access” must be enabled in
The moment you turn it on, you will get flooded by miscellaneous object access logs.
Audit logs of the entire filesystem will fill up the Security log really fast. I’m not going to talk about performance hits.