There are plenty of tools that will do this for both windows or Linux (and Mac too). I will look at one for the windows platform. Specifically regshot.
The program can be downloaded from sourceforge at the following address : http://sourceforge.net/projects/regshot/
Once the program has been downloaded, extract it using your favorite file extractor such as winrar, winzip or 7zip. Then launch the regshot.exe file to open the program.
You can choose to save the output file as either a text file or HTML. HTML is a bit easier to read, so I'll use that. Then decide where you want to save the file. I'll put mine in "My Documents"
Once that is done you can take your first "shot" which records the state of the machine prior to installing anything as the first screen shot shows (choose "shot", instead of "shot and save").
Once you have saved your first shot, install some software (I installed audacity - an audio editor for this demo) as the next screen shows.
Finally, take your 2nd shot after the software has completed installing (again using "shot and save")
When that is complete the "compare" button which was previously greyed out should now be available. The resulting window should look something like this:
As you can see from the output Regshot will show you exactly what files were added to the machine, what registry entries were added and what values were added to those keys, as well as how many changes total there were.
This tool can be very handy if you want to examine malware (hopefully in a VM) and want to know what changes it has made to your system.
No comments:
Post a Comment