File system snapshot and change lookup

09 Jan 2015 | java

Being engaged in system administration and reverse engineering of software, I periodically have a need to find out what files and directories were created or modified by some program. For these purposes, you can use existing solutions that track file system changes, logging, installing hooks on system calls to change files or completely isolating a particular program. However, I had a purely sporting interest in making my own version of such software that would work quickly and did not require any additional actions or changes in the working environment of the program under study. This is how the JCut program appeared, creating a quick snapshot of the file structure of a specific directory, and then comparing the new state with the previous or other previously saved snapshot.

The format for running the utility is as follows:

java -jar jcut.jar <directory> [snapshot.gz]

Usage example (SATA 7.2k hard drive):

$ java -jar jcut.jar /path/to/dir
add	/dir1	0
del	/dir2	0
del	/dir2/file1	1433802787000
mod	/file1	1433802751000
Time: 3742 ms
Processed: 209846 items
Snapshot: 1384480 bytes

The processing speed increases linearly with the number of files in the directory.