Tools to Track Registry And File System Changes

Status
Not open for further replies.

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Tools to Track Registry And File System Changes

- monitor with free tools:

How do I monitor what changes in my registry? : Ask Leo : http://ask-leo.com/how_do_i_monitor_what_changes_in_my_registry.html

Monitoring what happens in the registry - and HD - can sometimes be a very useful thing.

There are two ways to do : comparing before and after snapshots of the registry and system files, and monitoring the changes as they happen.

WinMerge: http://winmerge.org/?lang=en
WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle.

Process Monitor: procmon from Microsoft: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.

.. read more on the website, please ..

-------------------------------

Registry Monitoring Tools : on woodmann.com : http://www.woodmann.com/collaborative/tools/index.php/Category:Registry_Monitoring_Tools

All-Seeing Eye : developer page, Fortego Security website: http://www.fortego.com/en/ase.html
Tool for automated diff-style checking of many sensitive system areas that malware and other programs often try to modify silently. Like Tripwire on speed.

Buster Sandbox Analyzer : Buster developer page: http://bsa.isoftware.nl/
Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of sandboxed processes and the changes made to system and then evaluate if they are malware suspicious.
The changes made to system can be of several types: file system changes, registry changes and port changes.

SysAnalyzer : David Zimmer developer page: http://sandsprite.com/blogs/index.php?uid=7&pid=185
SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states. SysAnalyzer was designed to enable analysts to quickly build a comprehensive report as to the actions a binary takes on a system.

------------------------------

WhatChanged : from vtaskstudio.com : http://www.vtaskstudio.com/support.php
WhatChanged is a system utility that scans for modified files and registry entries. It is useful for checking program installations. There are two steps for using WhatChanged:
1) First, take a snapshot to get the current state of the computer; 2) Second, run it again to check the differences since the previous snapshot.
WhatChanged uses the "brute force method" to check files and the registry.

MJ Registry Watcher : from jacobsm.com : http://www.jacobsm.com/mjsoft.htm
MJ Registry Watcher is a simple registry, file and directory hooker/poller, that safeguards the most important startup files, registry keys and values, and other more exotic registry locations commonly attacked by trojans.

Tiny Watcher : by Olivier Lombart developer page: http://kubicle.dcmembers.com/watcher/
The way Tiny Watcher works is pretty simple: basically, it starts by taking a snapshot of important parts of your Windows system; then it tracks changes (every time you log in, or whenever you want to).

-----------------------------

- So which are your favorite monitoring, track changes software, please ..
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
.. this topic is about monitor, track registry and file system changes (with free tools) only, please stay on topic, thank you all ..
 
Last edited:
  • Like
Reactions: given

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Andy Ful thank you!
"Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product." - here: regshot - regshot Last Update: 2018-01-09.

But this same I think make Tiny Watcher (I use), automatically, on its Quick Check scan after each reboot of PC... or on demand...
Could you use Tiny Watcher on your Windows, please?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Andy Ful thank you!
"Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product." - here: regshot - regshot Last Update: 2018-01-09.

But this same I think make Tiny Watcher (I use), automatically, on its Quick Check scan after each reboot of PC... or on demand...
Could you use Tiny Watcher on your Windows, please?
I can find only very old version from the year 2006. The link you posted (http://kubicle.dcmembers.com/watcher/) is probably dead.
Tiny Watcher is very different from RegShot, when dealing with Registry. Tiny Watcher monitors some autoruns from the Registry, but it is outdated and abandoned for many years. The updated list of Registry keys was posted on WildersSecurity forum (2013) but I did not test them.
Updating Tiny Watcher for Win 7
I prefer Sysinternals Autoruns for comparing the autorun changes in the Registry.
RegShot compares two full 'Registry + Disk' snapshots, so it is good for analyzing software installations.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top