Monitoring Registry and File Changes in Windows – forensic analytics for windows registry and files
“fingerprint” records the state of a windows system, in terms of files and registry. Such fingerprints can be compared to find all changed data. The data can be narrowed with procmon logfiles, in order to see which process caused the changes. Procmon Logfiles can be filtered to show only events for changed Files or Registry Entries. This makes it much more easy to find the cause of system changes.
All fingerprints are stored in csv, Excel compatible format, for convenient filtering, sorting, etc. You can also use third-party tools like “Meld”, “FC”, “diff” to compare fingerprints.
You can use fingerprint in batchfiles to automatically filter out events of Your interest – its batch friendly
Monitor honeypots, monitor system changes, find “hidden” registry entries or files, like the expiration of demo versions, analyze virus activities, analyze if Your privacy was compromised. You will be able to find every Spy Program, Worm, or hack into Your system unless the program ONLY resides in memory and does not alter anything – but that is very unlikely.
Copyright (c) 2017 Robert Nowotny
The post fingerprint: Monitoring Registry and File Changes in Windows appeared first on Penetration Testing.