1) RTMP instead of HTTP (i.e., streaming audio/video data from server instead of downloading file); you will need FMS, Red5 or similar software on server; this still can be recorded by using RTMP streamers and/or line-out recorders.

2) Add some unique session-based identifier so that file (or stream in RTMP case) can be accessed by the same URL only once; next request of the same URL would be invalid. E.g., in your PHP file, set

$_SESSION['file_unique_stuff'] = rand(1000000, 9999999);
<a href='<?php echo "file.php?file_id={$file_id}&amp;unique_stuff={$_SESSION['file_unique_stuff']}"; ?>'>file</a>

And then in the file that passes content to client (file.php):

if ( empty($_GET['unique_stuff']) || empty($_SESSION['file_unique_stuff']) || $_GET['unique_stuff'] != $_SESSION['file_unique_stuff'] ) ) {
    header("Status: 404 Not Found");
    exit;
}
// session's "unique stuff" is validated and is not needed anymore
unset($_SESSION['file_unique_stuff']);
// pass file to client
//...

For the best results, combine both methods. Do this for every file, i.e., you’ll probably have array of “unique stuffs” ($_SESSION[$file_id]['unique_stuff']) instead of single value ($_SESSION['file_unique_stuff']).

You could also hide file_id completely from URL by linking it to some random hash value in session, i.e., store $_SESSION[$hash] = $file_id and use URL ?hash={$hash}.

It’s not 100% safe, but that’s the best you can do in web, as there is no way to ensure that user does not use any 3rd party tool.