How can I monitor I/O activity on a specific file or folder in Windows?

Question ID : 136
Created on 2010-07-13 at 11:58 PM
Author : Veryant Support [support@veryant.com]

Online URL : http://support.veryant.com/support/phpkb/question.php?ID=136

Use Windows Sysinternals Process Monitor utility.

For example, download http://download.sysinternals.com/Files/ProcessMonitor.zip and extract procmon.exe to a directory in your PATH such as C:Windows. Or copy it to a new directory named C:Sysinternals and add that to your PATH. Or simply run promon.exe by clicking here http://live.sysinternals.com/procmon.exe

1. Run procmon.exe
2. Immediately press the magnifying glass toolbar button or disable "Capture Events" from the File menu (Ctrl-E)
3. Press the "Clear" toolbar button or "Clear Display" from the Edit menu (Ctrl-X)
4. To narrow the types of events to be captured click each of the rightmost toolbar buttons (except for the file cabinet) so they appear flush with the toolbar. Leave the file cabinet button pressed so that Process Monitor will show file system activity.
5. Select "Filter..." from the Filter menu
6. Press the Reset button if it is enabled
7. In the filter fields, select "Path" "is" and then type into the entry field the local disk or UNC path name for the directory you want to monitor (e.g. c:data or \myservermydir). Select "Include", press Add, Apply, OK.
8. Enable "Capture Events" (Ctrl-E) to watch the I/O activity in the specified directory.

Select Find... from the Edit menu to search for a particular filename.

Note that you can save the log in various formats by selecting Save... from the File menu. Save the log in .PML format if you want to reopen it with Process Monitor.

For more information about Windows Sysinternals visit http://technet.microsoft.com/en-us/sysinternals/default.aspx

Back to Original Question