Hi, just wondering if anyone can recommend a good open-source tool for monitoring and comparing all system changes during application installs and uninstalls?
Greetings,
Microsoft's own SysInternals suite can do this for you, and a lot more.
http//
-David
Procmon, combines the old RegMon and FileMon is best I have come across.
http//
The last chapter of "Windows Forensic Analysis Toolkit, third edition" covers the topic of application testing and lists several useful (and free) tools.
Hi, just wondering if anyone can recommend a good open-source tool for monitoring and comparing all system changes during application installs and uninstalls?
'Monitoring' … as in real-time? Or is it enough to compare system states before and after?
Open source … that probably restricts it to tools such as Tripwire, Osiris, Samhain, OSSEC, etc. They only 'monitor' at the file level, though. You'll need to disentangle individual changes to, say, registry files, in other ways.
thanks for the help guys. don't think it needs to be real time monitoring, its for a thesis topic where i am comparing what artifacts a number of similar apps, that are installed on a system, leave behind
We did a step by step article on identifying artifacts here,
http//
(Is free, but not open source)
And those useful free tool names are?
The last chapter of "Windows Forensic Analysis Toolkit, third edition" covers the topic of application testing and lists several useful (and free) tools.