Log PC activity in real time with Event Monitor Service
Security vendor NoVirusThanks has released Event Monitor Service (EMSvc), a Windows application which logs key system events in real time.
The package can track file creations, file deletions, PE files dropped to disk, created processes, loaded modules, loaded drivers and registry changes.
EMSvc is packaged as a Windows service, improving reliability, avoiding the need for application windows, and ensuring that users of the logged PC can’t easily see what’s happening.
The system is targeted at sysadmins and other expert users. It has to be set up manually, configured via an INI file, and events are written to plain text LOG files.
EMSvc is free for personal use, though, and if you can find your way around tools like Process Explorer you’ll have it up and running in something less than five minutes.
If you need something like this, take a look at Sysinternals’ Sysmon, too. It records fewer event types, but some are arguably more useful (network connections, file creation date changes), and support for logging activity to the Windows event log may make for easier analysis.
Event Monitor Service is a free-for-personal-use ($30/ year commercial license) application for Windows Vista and later.