To stop capturing file activity, click the Capture icon
(magnifying glass), select File
→ Capture Events from the menu, or type
To search the captured data, click the Find icon (binoculars),
select Edit → Find from
the menu, or type
text you enter will be matched against any part of the captured data
(index, time, process name, request, and file path).
To filter the captured data so that only the entries that
match your filter are displayed, click the Filter icon, select Options → Filter/Hightlight from the menu, or type
If you double-click a particular entry in File Monitor, it will open a Windows Explorer window to the directory containing the target file.
Ever hear your hard disks spinning or disk indicator light flashing, but you don't know why? You may not appear to have any applications open or running, but something is still accessing the hard disks. The Sysinternals File Monitor utility lets you see what processes are reading or writing files. It has some robust filter and search capability as well, which is helpful considering the fact that File Monitor can capture thousands of operations in a matter of minutes. Figure 4-2 shows sample output from File Monitor.