I would like to present my small research on tool which will log all the history of copy and move operations in windows. In existing standard there is no way to detect which file/directory getting copied/moved at what time. This is the most vulnerable thing present in the system now. The idea behind this research is to simply provide some tool which keeps auditing all these file/directory operations. This can be a daemon in the system.
Consider a scenario where in research lab, person 'A' attach USB and transfer few confidential files. In this case administrator never comes to know which files he had stolen. He could have investigation on hardware later from entries which are stored in windows registry under USBSTOR registry key from path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR but, is it really helpful? There can be a debate on this. But there is no any detection of which data is copied or moved to USB. Let me explain more in deep what is there in my mind.