Good tools for moni...
 
Notifications
Clear all

Good tools for monitoring changes in file systems?

4 Posts
4 Users
0 Reactions
440 Views
(@kovar)
Prominent Member
Joined: 18 years ago
Posts: 805
Topic starter  

Greetings,

I'm starting to do more analysis of the effect of various tools on the filesystem and am looking for a tool to show the changes quickly. I can use a variety of things I already own to do a diff - pulling the MFT and using MFT Ripper for example. But it'd be nice to do this in one step.

One option seems to be http//www.prismmicrosys.com/whatChanged.php .

Any thoughts on it, or other options?

-David


   
Quote
(@bithead)
Noble Member
Joined: 20 years ago
Posts: 1206
 

Process Monitor v2.8 (formerly FileMon RegMon).

Overview of Process Monitor Capabilities
Process Monitor includes powerful monitoring and filtering capabilities, including

-More data captured for operation input and output parameters
-Non-destructive filters allow you to set filters without losing data
-Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
-Reliable capture of process details, including image path, command line, user and session ID
-Configurable and moveable columns for any event property
-Filters can be set for any data field, including fields not configured as columns
-Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
-Process tree tool shows relationship of all processes referenced in a trace
-Native log format preserves all data for loading in a different Process -Monitor instance
-Process tooltip for easy viewing of process image information
-Detail tooltip allows convenient access to formatted data that doesn't fit in the column
-Cancellable search
-Boot time logging of all operations


   
ReplyQuote
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
 

David

Take a look (and listen) to Cyber Speak CyberSpeak November 14th 2009

http//cyberspeak.libsyn.com/index.php?post_id=549266

Ovie did a "File Saving saving process" that was very interesting. He mentioned tools and methods for system snapshots and comparing.


   
ReplyQuote
(@Anonymous)
Guest
Joined: 1 second ago
Posts: 0
 

The grand-daddy of file-system change-management tools is Tripwire. Originally, open-source, now a commercial product, it was developed for Unix and has been ported to various *nix flavors, Linux, AS400 and, yes, Windows!

You probably want Tripwire Enterprise if you are looking at monitoring a desktop environment. I believe the company provides an eval edition of the product.


   
ReplyQuote
Share: