Honeypot files came out of the old days when a) a box was known to be compromised b) the box contained sensitive data (government) c) the logs showed the user had particular interest in certain types of files The files planted would be fakes aimed at providing a spy with false information that would potentially reveal spies within the country. Your concept won't catch anyone at all. If a true hacker saw your box unlocked and wanted to find these 'honeypot' files they'd open a command prompt and use dir /s to locate the files of interest then copy them to a usb disk. How does your scheme cover that?