tracing activity of a particular software

Maybe FileMon will do what you need?

What operating system platform are you looking at (if Windows, which version), and what is the application?

Maybe FileMon will do what you need?

filemon might do the trick, i will try it out tomorrow. thanks.

What operating system platform are you looking at (if Windows, which version), and what is the application?

any windows version. no specific application. i'm hoping this method will work for a variety of software. objective is to see which files are modified / accessed if a certain part of software is activated, assuming it is a big application.

In part, the artifacts of a running application, particularly a GUI app, will be consistent (to a degree) across Windows OSs…with additional artifacts being available on XP systems.

This will also vary based on the application.

> objective is to see which files are modified / accessed if a certain part of
> software is activated, assuming it is a big application.

Again, depends on the application…

Your initial post stated "i need to pinpoint the activity dates of a particular software.", and yet now, you're saying "…no specific application." Which is it?

sorry keydet. i'm just experimenting. there is no named software at the moment. a prospect client has approached me asking if i can find out if certain modules of a suite of applications were accessed and if they were, find out when they were last accessed. i was thinking if i can do a mock setup with the application and locate the files accessed and modified, i can find out what he wants.

i use the term "particular software" because i don't know what software the client was using, yet. as he has not formally engaged with me yet, i'll just have to keep guessing and think through the possible solutions.

anyway i've tried process monitor, after linking from filemon as suggested by jonathan. it seems workable with ability to export in xml, although it logs everything that i don't need as well. i'll just program an xml parser to suit my needs.

the client mentioned windows xp. that much i know.

Most large applicationis do their own logging for module access. None of this will matter from an investigative standpoint unless there is a user authentication system in place to show who was using a particular module or application at a given time.

If it is a financial app, it should have audit trails for that.

Also, many programs keep logs for troubleshooting purposes.

Why not just use a keyloogger or screen capture tool to find out who is doing what?

So many possiblities to get the same answer. You really need more specific information about what the purpose and goal is.