You might need to enable Object Access: File System Audit Policy setting.
Monitor the Event 4663 (An attempt was made to access an object), which will allows you to track what content was accessed, the source (IP address and port) of the request, and the user account used for the access. However, this might not be able to
accurately reflect the copy activity, only about file/folder creation, data write.
Also, please note that audit events are only generated for objects that have configured system access control lists (SACLs). So after configuring the Audit Policy setting, you will have to enable it in the Access Control List of the resource
(Right click and go to properties, click the security tab>Advanced>Auditing Tab>Edit>Add>then add the group that has access to that folder>Select the events you want to audit and click OK).
Regards,
Eth