Volume filter for tracking changes to system volume

Hello everyone,

I am trying to figure out if it is possible to monitor changes made to the system volume (where the OS is installed) using a volume filter. Let’s assume that it does not cover the scenario of dual boot system where user can choose to boot into another OS and make changes to this volume, etc. Let’s also assume that we are not concerned with the special “boot partition” that exists Windows 7 onwards.
That being said, assuming I write a volume filter, is it possible that I might miss some changes made to the system volume by the drivers that load before my driver? The question really narrows down to whether any OS components including third party drivers modify the volume (even by way of modifying the registry keys) right during the boot time?
Additionally, will using a lower vs upper filter make any difference and what is the load order group etc that should be chosen in this case?

Thanks,
Tushar

You can make your filer as
1.upper filter to volume
2.SERVICE_BOOT_START
3.ServiceGroupOrder as Boot Bus Extender.

it may do the trick.

TuTen