I want to generate an alert if someone copies some file from sensitive folder to a USB device.

There is no way to do this by monitoring!

It would be the work of seconds to defeat any attempt to monitor what files are being copied onto a USB device.

First, they could simply change the name. So then you'd need to (say) MD5 every file you find on EVERY USB device and check it against a list of known MD5 signatures. So then all they need to do is zip it; or encrypt it; or add a few byte to the front or the end of it; or just write it to the device reversed.

Reading between the lines you appear to be trying to impose or regulate some security directives. The proper way to tackle the issue is using your OSs security mechanisms.

I'm going to assume (based on your mention of .lnk files) that you are using Windows. In which case the correct mechanism to use is ACLs.

You (for example) could to define a group policy that PERMITs access to the "sensitive folder", and also DENYs access to all USB (or all removable) devices. When someone needs access to the sensitive data, you make them a member of that group. They can see the required data, but can no longer get access to USB devices.

Equivalent mechanisms are probably available for other OSs, but that is beyond my knowledge.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

The start of some sanity?

In reply to Re^3: Find whether a file is copied to USB by BrowserUk
in thread Find whether a file is copied to USB by nepzraaz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.