Is your documentation look like this?
Step 1 (1/10/2014 124940 PM) User left click on "Start (list item)" in "Start"
It is important to document problems precisely and record error messages exactly how they appear for technical support to help troubleshoot system errors. Recording the precise steps that a user took in order to reproduce the exact error is even more useful in troubleshooting technical issues when the client is not technical at all. This is especially important if we need to troubleshoot technical problems remotely.
The word I’ve mentioned above was “reproduce”. It is very important in forensics to reproduce the exact steps an investigator performs on a live system in order to create repeatable and verifiable steps for volatile or sparse data acquisition. We can provide hand written documentation or record steps on the system itself. We can use third party tools for this purpose, but Windows includes a very useful utility that not many people talks about even though it’s been available since Windows 7.
It is nice to know that we have this utility available that we will not have to take with us or install on the suspect drive. It is less than 600KB in size and does a great job recording precise steps using official Microsoft terminology and includes time tamps as well. It creates screenshots with auto highlight of focus area. It creates the report as a flat report in MHTML format that can be viewed as a slide show as well. It also allows the saving of the report and it does it automatically as a compressed ZIP archive to save space.
One of the drawbacks I can see is that it does not record actual characters typed in the Command Line Interface ( CLI ). I guess, it was not meant to be a keylogger, just a Graphical User Interface ( GUI ) action recorder. For any typed keywords or commands, the user can add comments to the specific step to make it clear if the user finds it necessary. This can be a useful feature as well since no password will be recorded by mistake and shared with unintended parties.
You can start the Steps Recorder from the Run dialogue or directly from C\Windows \System32. The executable is called psr.exe. Give it a try and see if you can utilize its capabilities in your environment. I would be curious if anyone is using this tool already or if you can see its benefits in some cases.
It creates screenshots with auto highlight of focus area.
But only up the the maximum number of captures that you've configured – the default is 25. Past 25 (or whatever the current maximum is), the oldest captures are overwritten. And you need to keep track yourself.
That is, it doesn't do the right thing by default, so you'll either need to remember to reconfigure it, or save and restart recordings repeatedly as you work.
Added On Win7, I find the snipping tool slightly more convenient in that you will need to save each capture by hand. Even so, there are situations where it will simply block … so it's not ideal either.
My tests show a different picture. You are right, the default value of the number of recent screen captures is 25 and the maximum is 100, but the value will not limit the number of steps it will record. It might take you many steps to get to a utility or screen, but the last 25 screenshots would be the most crucial to see. You can set it to 100, but the only change it will make after step 100 is to remove the first screenshot while leaving the text entry and assign the most recent screenshot to step 101. It does not work like a "round robin" like log file, but a sequential log, so it will not overwrite previous entries. It is more like a sliding window.
I would be more concerned about memory overwrite on live systems and I would reduce the screenshots to maybe 10 and only capture the text interpretation of the actions with time stamps.
I have tried many screen capture utilities over the years, but none of them gave the text log and timestamp as this built-in utility.