摘要 |
Apparatuses and computer-implemented methods of tracking high-risk, computer-readable files as they are accessed or created on a computing or data storage device are described according to some aspects. In one embodiment, file access events and file creation events between at least one software, middleware, or firmware application and at least one file system are monitored. When a high-risk file is created or accessed on the file systems, a unique identifier can be associated with the file and stored in a data store, which is independent of the file system. Access-event and creation-even information can then be stored to records in the data store for the high-risk files associated with unique identifiers.
|