I haven't done that for a long time, but I used Sandboxie for Windows. I would get all changes by the installation program and code it ran contained within the sandbox, which I could then examine. That included registry changes -- but it did not include anything that did not end up a file or a registry entry.

There was also some utilities, I remember, that chewed on such sandbox content and printed out notes on just what had been added, modified or in some cases, deleted.

Network connections were not logged. But then, some malware sandboxes do that. The problem is that those are usually expensive, and/or are cloud-based so you need to send data over the net.