I'd like advice on choosing a method to collect file access statistics on NTFS volumes under Windows Vista and Windows 7 (32 & 64-bit). I'd like to count file create/open, delete, read/write accesses for every file.
API hooking is out. I need system-wide counts, and both 32 and 64-bit OS without mucking up the OS. Also, I don't think Shell Notification would work.
I know I could do it by installing a file system filter driver. The Windows DDK has a samples, and that's how Mark Russinovich's FileMon (Sysinternals) works.
I think I might also accomplish this using WMI, but I'm not sure. That is one crazy messed up API. But if Microsoft will gather the stats for me, I'll use it.
So the question is, which method would be best & why. Am I missing another possibility, and would WMI do it?