Question Software to monitor for malcious deleting of files?

Toggle sidebar Toggle sidebar
M

miogpsrocks

Reputable
Dec 6, 2019
52
1
4,535
I have noticed a lot of my files are missing dispite having RAID 6 and various backups.

I am wondering if there is software that can monitor for deleted files possible by a malcious actor or virus.

Also, there is not a way to make the files not deletable without restricting write access ?

Thanks.
 
miogpsrocks said:
I have noticed a lot of my files are missing dispite having RAID 6 and various backups.

I am wondering if there is software that can monitor for deleted files possible by a malcious actor or virus.

Also, there is not a way to make the files not deletable without restricting write access ?

Thanks.
Click to expand...
How did you discover "missing"?
 
Is the timestamp correct for file modifications? Perhaps you could look at the timestamp of the directory/folder containing the file and find the exact time it was removed (only works if you know nothing in that directory/folder was purposely deleted). If something disappears it is possible it is from disk error, in which case the timestamp won't be updated, but in other cases the timestamp will update. Your RAID probably means no disk loss removal, but study timestamps.
 
I too am interested in how "missing" was discovered.

Also interested in knowing more about the RAID 6 configuration, history, backups, etc..

When did the problems start? Did it fully work before?

Not a "RAID" person at all (full disclosure): however, I am aware that RAID (of any sort) can be quite problematic.

More information needed.
 
rgd1101 said:
so an anti malware software?
Click to expand...

No, I am not looking for an antivirus, more like a data intergrity audit overwatch. Search Everything by Void tools has a way of indexing everything and if it sees any change, it will try to update the indexed database.

I am looking for maybe something that indexing everything and will alert the user if there are files that are being deleted by someone or something.

The antivirus are looking at your files against a database of known virus I think. That is totally different.

Think of it like hidden RFID tags into a retail store's inventory that can keep track of items that have left the store but were not sold. I am looking to keep an eye on files that are being deleted that I did not delete.

Maybe by a neighbor who hacked my wifi or a regular hacker,etc...

Is there any such software?
 
USAFRet said:
How did you discover "missing"?
Click to expand...

I have worked on various video edited project using a software called videopad. The video pad software will save a file in a extension " .VPJ" I have also rendered the edited video in different video usually with the ending like " edit 1, edit 2, edit 3" to show newer versions of the video I edited.

I will often takes these copies and copy them over to a device attacked to a TV, where they can be viewer on a large screen, notes taken then I can return to the PC for refine the editing.

1. I know I worked on a various project but the .VJP files related are missing
2. I see the video I had created even with the " edit 5" at the end that was copied(never cut) into the device on the TV but the source is missing when searched with " search everything"
3. I have open some projects I have with videopad referring to a file it can't find and ask me to locate the missing file. Many times that can be done in 2 seconds using "search everything" but sometimes the file is completely missing.

So there are files that I would never delete that have gone missing even with raid NAS attached to my network.

I would like a software that can keep an eye on everything and explain if a file goes missing at the time it goes missing. I see the copied video with the "edit" ending, I remember working of editing the video but the .VPJ files are missing, the created edited file is missing and sometimes the a video used in a edited project goes missing.

To visualize, picture you have a warehouse full of boxes and you want to know if some of the boxes has left the warehouse but you are not there to keep an eye on everything 24/7. You want something to just alert you when/if a box leaves.

Does such a thing exist?
 
LinuxDevice said:
Is the timestamp correct for file modifications? Perhaps you could look at the timestamp of the directory/folder containing the file and find the exact time it was removed (only works if you know nothing in that directory/folder was purposely deleted). If something disappears it is possible it is from disk error, in which case the timestamp won't be updated, but in other cases the timestamp will update. Your RAID probably means no disk loss removal, but study timestamps.
Click to expand...

I have hard drives filling up and being moved the NAS. Sometimes if I feel the LAN is too slow to edit videos on, I will copy or move it back to the PC. Files are not organized very well but rely on software like " search everything" to get quick access across a lot of different data across the network and on various local PC drives.

The missing files are happen way too often now.
 
The best way to protect files from being deleted is to have regular backups.

The way to make sure that the backups of files aren't deleted is that a NAS where you store them has read access to the PC disk whose files you want to backup so that the NAS can initiate the sync process (i.e. copy from PC to NAS, not the other way around) -- PC shouldn't have write access to backup NAS, only read access.

That said, your files could be missing for a variety of reasons:

1. Drive developing bad sectors
2. Corrupted filesystem
3. Faulty RAM stick corrupting data
4. Power outage during long file operations (especially file moves)

You mentioned RAID6 so I think #1 should be covered (unless RAID6 is only on NAS?).

In any case, just having RAID doesn't protect from bit rot unless the filesystem supports periodic scrubbing (ReFS supports it under Windows but it's a PITA to manage).

RAM with ECC is a must if you want to make sure your data isn't corrupted, and it goes without saying you need to have uninterruptible power supply.

The likelyhood of a rogue program on your PC deleting your files seemingly at random instead of just wiping or encrypting all for a ransom is almost non-existent. If it's not a hardware fault or filesystem corruption you are probably the one who accidentally removed those files somehow.

You should start using a file manager like Total Commander or Directory Opus -- both have logging so if you do something you will at least know what you did and how.
 
  • Like
Reactions: miogpsrocks
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom