Jump to content

System Snapshot - Then List System Changes


Recommended Posts

I have been looking for programs that can passively monitor an operating system and list all changes to file structure and registry. The monitoring has to be done passively, (without installing any software on the OS). The idea is to track all changes made to the OS after installing a program in order to detect any payloads attached to an EXE.

I was thinking of two options -

- either a program which takes a snapshot at a point in time creating an image, then at a later stage another image is taken and these are compared.

- a method logging registry and file structure changes to a log file.

Does anyone know of programs that are capable of this?



Link to comment
Share on other sites

I have no idea of any specific softwares that would perform this task. However, I suspect that if you used some forensic packages, remote image acquisition and post-acquisition analysis should be able to enumerate the differences between the images. It will most likely be expensive, though. Perhaps AccessData (FTK) or Encase offerings do this?

Link to comment
Share on other sites

There are a few programs, that I know of that is capable of informing you of any changes made to your computer. Will try looking for them and then I'll post them in here.

Edit: By the way, there is a Hak5 episode of a guest, who did some Malware analysis and he used some tools to demonstrate what changes were made to the system, before and after the malwares were executed, you might want to check that out.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...