Jump to content


Photo

OSForensics keeps watch on pesky Windows Registry changes


  • Please log in to reply
No replies to this topic

#1 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 23,534 posts

Posted 16 July 2011 - 03:31 PM

QUOTE
OSForensics keeps watch on pesky Windows Registry changes
By Mike Williams on July 15, 2011, 11:58 AM

Install one program, run another, remove a third, and all kinds of changes will be made to your system: files added, others deleted, Registry keys modified and more. Understanding exactly what's going on can help you uncover malware, troubleshoot conflicts and solve many other problems, and the latest beta of OSForensics makes this very easy indeed.

The program has always been able to monitor and report on file-based changes. So you could use it to create "before" and "after" signatures of your current system, then compare the two for a report of all the files that have been created, modified or deleted. And OSForensics 0.98 has extended this by adding the ability to check for Registry changes, too.

To make this happen, click Create Signature > Config. By default the program is configured to monitor all changes to drive C:\ and subfolders, but the Directory list now also includes each of the Registry hives. So if you'd also like to monitor changes to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE, say, just select them, and click Add To List > OK.

Now the process essentially works as before. Use the Create Signature option to record a baseline of your system as it is now; install or uninstall something, or do whatever else you'd like to monitor; create a second signature, and use the Compare Signature option to see everything that's changed on your system -- both files and Registry keys.

More about at:
http://www.betanews....nges/1310746211

More info about OSForensic:
http://www.osforensics.com/index.html

When downloading, make sure it's a beta release BetaSoft.gif
http://www.osforensi...m/download.html



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users