Copyright (c) 2018 - 2019 Nir Sofer
FileActivityWatch is a tool for Windows that displays information about every read/write/delete operation of files occurs on your system.
For every file, FileActivityWatch displays the number of read/write bytes, number of read/write/delete operations, first and last read/write timestamp, and the name/ID of the process
responsible for the file operation.
This tool works on any version of Windows, starting from Windows Vista and up to Windows 10. Both 32-bit and 64-bit systems are supported.
Elevation ('Run As Administrator') is required to use this tool.
- Version 1.30:
- Added option to filter by process name (In 'Advanced Options' window - F9).
- Version 1.27:
- Added 'Put Icon On Tray' option.
- Version 1.26:
- Fixed to display properly files on a remote network drive.
- Version 1.25:
- Added option to filter by filename wildcard (In 'Advanced Options' window - F9).
- Version 1.21:
- Added 'Add Header Line To CSV/Tab-Delimited File' option (Turned on by default).
- Version 1.20:
- Added command-line options to save the report of FileActivityWatch into a file without displaying any user interface.
- Version 1.10:
- Added 'File Properties' (Ctrl+Enter), 'Open File Folder' (F8), and 'Explorer Copy' (Ctrl+E).
- Version 1.09:
- Added 'Save All Items' option (Shift+Ctrl+S).
- Version 1.08:
- You can now resize the properties window, and the last size/position of this window is saved in the .cfg file.
- Version 1.07:
- Added option to choose another font (name and size) to display in the main window.
- Version 1.06:
- Added 'Automatically Scroll Down On New Items' option.
- Version 1.05:
- Added new columns: 'Read+Write Bytes' and 'Read+Write Count'.
- Version 1.00: First release.
- This tool cannot detect read/write activity if the file was opened white the tool was not running.
Start Using FileActivityWatch
FileActivityWatch doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - FileActivityWatch.exe
Immediately after running FileActivityWatch, the main window displays all read/write/delete operations made by applications running on your system.
Under the Options menu you can choose which type of operation to trace: 'Capture Read Events', 'Capture Write Events', and 'Capture Delete Events'.
You can also turn off all events tracing by unchecking the 'Capture Events' option (F2).
At any time, you can press Ctrl+X (Clear List) in order to clear all items accumulated in the main window of FileActivityWatch.
Mark Files With Active Read/Write
When the 'Mark Files With Active Read/Write' option is turned on, every item with read/write/delete operation in the last few seconds is marked as follows:
- Green - Read operation
- Yellow - Write operation
- Red - Read+Write operation
- Blue - Delete operation
- Filename:The filename that had read/write/delete operation.
- Process ID:The ID of the process responsible for the read/write/delete operation.
- Process Name:The name of the process responsible for the read/write/delete operation.
- Process Path:Full path of the process.
- Read Count:Number of read operations.
- Write Count:Number of write operations.
- Delete Count:Number of times that the file was deleted by the specified process.
- Read Bytes:Total number of bytes read from the specified file by the specified process.
- Write Bytes:Total number of bytes written to the specified file by the specified process.
- First Read Time:Date/time when the first read operation was detected.
- First Write Time:Date/time when the first write operation was detected.
- Last Read Time:Date/time when the last read operation was detected.
- Last Write Time:Date/time when the last write operation was detected.
Specifies the capture time in milliseconds for the save command-line options (/stext, /stab, /scomma, and so on...)
The default is 10000 milliseconds (10 seconds).
Start FileActivityWatch with the specified configuration file.
FileActivityWatch.exe /cfg "c:\config\faw.cfg"
FileActivityWatch.exe /cfg "%AppData%\FileActivityWatch.cfg"
||Save the report of FileActivityWatch into a simple text file.
||Save the report of FileActivityWatch into a tab-delimited text file.
||Save the report of FileActivityWatch into a comma-delimited text file (csv).
||Save the report of FileActivityWatch into HTML file (Horizontal).
||Save the report of FileActivityWatch into HTML file (Vertical).
||Save the report of FileActivityWatch into XML file.
||Save the report of FileActivityWatch into JSON file.
This command-line option can be used with other save options for sorting by the desired column.
The <column> parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or
the name of the column, like "Filename" and "Process Name".
You can specify the '~' prefix character (e.g: "~Write Bytes") if you want to sort in descending order.
You can put multiple /sort in the command-line if you want to sort by multiple columns.
Translating FileActivityWatch to other languages
In order to translate FileActivityWatch to other language, follow the instructions below:
- Run FileActivityWatch with /savelangfile parameter:
A file named FileActivityWatch_lng.ini will be created in the folder of FileActivityWatch utility.
- Open the created language file in Notepad or in any other text editor.
- Translate all string entries to the desired language.
Optionally, you can also add your name and/or a link to your Web site.
(TranslatorName and TranslatorURL values) If you add this information, it'll be
used in the 'About' window.
- After you finish the translation, Run FileActivityWatch, and all translated
strings will be loaded from the language file.
If you want to run FileActivityWatch without the translation, simply rename the language file, or move
it to another folder.
This utility is released as freeware.
You are allowed to freely distribute this utility via floppy disk, CD-ROM,
Internet, or in any other way, as long as you don't charge anything for this and you don't
sell it or distribute it as a part of commercial product.
If you distribute this utility, you must include all files in
the distribution package, without any modification !
The software is provided "AS IS" without any warranty, either expressed or implied,
including, but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The author will not be liable for any special, incidental,
consequential or indirect damages due to loss of data or any other reason.
If you have any problem, suggestion, comment, or you found a bug in my utility,
you can send a message to email@example.com
FileActivityWatch is also available in other languages. In order to change the language of
FileActivityWatch, download the appropriate language zip file, extract the 'fileactivitywatch_lng.ini',
and put it in the same folder that you Installed FileActivityWatch utility.