CyberShadow Posted October 6, 2011 Share Posted October 6, 2011 I have been looking for programs that can passively monitor an operating system and list all changes to file structure and registry. The monitoring has to be done passively, (without installing any software on the OS). The idea is to track all changes made to the OS after installing a program in order to detect any payloads attached to an EXE. I was thinking of two options - - either a program which takes a snapshot at a point in time creating an image, then at a later stage another image is taken and these are compared. - a method logging registry and file structure changes to a log file. Does anyone know of programs that are capable of this? thanks CybrShadow Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted October 6, 2011 Share Posted October 6, 2011 I have no idea of any specific softwares that would perform this task. However, I suspect that if you used some forensic packages, remote image acquisition and post-acquisition analysis should be able to enumerate the differences between the images. It will most likely be expensive, though. Perhaps AccessData (FTK) or Encase offerings do this? Quote Link to comment Share on other sites More sharing options...
CyberShadow Posted October 6, 2011 Author Share Posted October 6, 2011 Hi, Thanks for the reply I was wondering if something could be done using Vmware, or a logging program which stealthily sends or records this data. Splunk seemed to do the job but not the opensource version...??? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 7, 2011 Share Posted October 7, 2011 (edited) There are a few programs, that I know of that is capable of informing you of any changes made to your computer. Will try looking for them and then I'll post them in here. Edit: By the way, there is a Hak5 episode of a guest, who did some Malware analysis and he used some tools to demonstrate what changes were made to the system, before and after the malwares were executed, you might want to check that out. Edited October 7, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.