Forums
Main Category
General (Technical,...
Snapshot/Fingerprin...
 
Notifications
Clear all

Snapshot/Fingerprint software

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jot49 17 years ago
7 Posts
6 Users
0 Reactions
505 Views
RSS
 Arkian
(@arkian)
New Member
Joined: 17 years ago
Posts: 2
Topic starter 13/08/2008 8:24 pm  

Hello everyone

I need help in locating a certain kind of software to aid me in my foresic work - specifically when testing applications and their effect on the OS.

What I am looking for is software of some kind, that is able to do a snapshot of either an entire OS or just certain folders or the User Registry and then let me do the testing (installing programs, changing program settings etc.) and then do another snapshot and present to me which folders are created, which files were altered and what keys in the Registry was affected.

I am aware of a complicated solution where one utilizes some uninstall software combined with Total Commander and UltraEdit. What I need has to be faster and more simple and able to present the result in an easily understandable format.

I have been browsing these forums to find an answer, but neither my browsing or searches revealed the answer. I hope you guys can help.

If this thread should have been placed in another forum please feel free to move it.

Best regards
Michael


   
Quote
 farmerdude
(@farmerdude)
Estimable Member
Joined: 20 years ago
Posts: 242
13/08/2008 9:18 pm  

Michael,

Have you researched any of these;

Tripwire

Osiris

Open Source Tripwire

Note that OST runs only on *NIX systems, IIRC. But Osiris has zero financial cost and runs on the Windows environment.

Cheers!

farmerdude

http//www.onlineforensictraining.com

http//www.forensicbootcd.com


   
ReplyQuote
 Minesh
(@minesh)
Trusted Member
Joined: 18 years ago
Posts: 75
14/08/2008 1:32 am  

Have you looked at the SysInternals tools?
http//technet.microsoft.com/en-us/sysinternals/0e18b180-9b7a-4c49-8120-c47c5a693683.aspx

In particular, FileMon and RegMon.

Kind Regards,

Minesh


   
ReplyQuote
pronie2121
 pronie2121
(@pronie2121)
Estimable Member
Joined: 17 years ago
Posts: 117
14/08/2008 3:10 am  

Yes RegMon is definitely a great program


   
ReplyQuote
tabz
 tabz
(@tabz)
Active Member
Joined: 19 years ago
Posts: 19
14/08/2008 9:22 am  

Not sure if this is what you're after but I found an app named TotalUninstall really good for tracking the changes to an OS before and after the installation of an application. It tracks changes to folders, system files, the registry etc.

I've used it in investigations where it was suspected programs were installed and then uninstalled and we needed to identify if any remnants were left behind. I used this program to track changes of installing and then uninstalling on a test system and have found it reliable.


   
ReplyQuote
 Arkian
(@arkian)
New Member
Joined: 17 years ago
Posts: 2
Topic starter 14/08/2008 12:17 pm  

Thank you all for the replies. I know about RegMon and find that it is great for monitering the Registry (of course) but not the rest of the system.

I will look into TotalUninstall and software mentioned by farmerdude.

If anyone has any other suggestions please go ahead.

Thanks once again.

Michael


   
ReplyQuote
 jot49
(@jot49)
Active Member
Joined: 18 years ago
Posts: 16
14/08/2008 2:29 pm  

Arkian,
I think you are searching for tools like
InCtrl5
Regshot
MJ Registry Watcher
SpyMe Tools
What Changed 1.06
InstallWatch
or
Tiny Watcher

jot


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: