lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Windows Registry Analzyer

"Cassidy Macfarlane" wrote in message
news:6C822FACDE1C534CA72836EC615EFC4D3E58@...l.dm.local...
> You can, of course, use regmon (sysinternals.com) to monitor the
> registry 'live' while changes are being made, however it sounds like you
> want a product that would analyse the reg, then re-analyse after
> installation, and report on changes.
>
> This would indeed be a handy tool.  Anyone know of anything better than
> regmon for this purpose?

  Yes, absolutely.  It's called "InCtrl5" and it is *exactly* what you both
want.

  You run it once, it snapshots the state of the registry, the entire
contents of your HD, and the content of all the various text files such as
autoexec.bat / win.ini / boot.ini / autoexec.nt (etc).  Then it exits.  You
install whatever it is you wanted to install, then run it again; it takes
another snapshot, then compares the two and makes you a nice report showing
*every* change to your system - registry keys and values added, deleted or
modified; files and directories added, deleted or modified; and any changes
to those startup-script text files.

  It needn't be an install.  It'll tell you whatever differences there are
between the before and after snapshots.  What you do in between those two
times is up to you.  For instance it's quite interesting to take a snapshot,
do a reboot, and run the comparison when the machine boots up again, to see
how much volatile stuff gets changed every time you reboot windows.  Or you
can *un*install something, and by checking against the original installation
report (or by snapshotting, installing, running, then uninstalling the app
straight away before finally getting the comparison report) see if it's left
any traces behind.

  It's incredibly useful.  You'll have to google for it though.  It was
originally given away by some PC magazine or other, but they've restricted
access to their archives now.  See what you can find.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ