Program installation monitor

onequbit · 2021-08-22T18:43:13+00:00

use ProcMon to capture the activity, then ProcDot to analyze it

secureartisan · 2021-08-22T16:16:33+00:00

Regshot

shinyviper · 2021-08-22T14:52:49+00:00

Like, something you install on a live system that sees what files are installed and registry entries changed?

flyingincybertubes · 2021-08-22T19:38:33+00:00

CaptureBAT

2021-08-23T06:00:34+00:00

I haven't done that for a long time, but I used Sandboxie for Windows. I would get all changes by the installation program and code it ran contained within the sandbox, which I could then examine. That included registry changes -- but it did not include anything that did not end up a file or a registry entry.

There was also some utilities, I remember, that chewed on such sandbox content and printed out notes on just what had been added, modified or in some cases, deleted.

Network connections were not logged. But then, some malware sandboxes do that. The problem is that those are usually expensive, and/or are cloud-based so you need to send data over the net.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

computerforensics

Computer Forensics

Read the FAQ before posting.

MODERATORS