Hi,

I did a lot of searches in technet forums and with google but still missing some clear statements:

I like to see the footprint in terms of a list of files and registry entries of a software install or what ever, e.g. malware or browsing session.

1-2 decades ago this was done by sysdiff, which scans the hard disk and compares it simply on application level.

now in 2015 we have VSS feature for the file system and virtualPC, hyper-v and more and snapshots, differencing disks and VM states.

Which is these new features is helping to speed up finding these diff between two times of a windows system (desktop)? I thought there would be a snapdiff tool or sth. but I did not find...

thanks in advance

A.

• Edited by Alex_2015 23 hours 1 minutes ago

Hi Alex,

There is no official utility to meet your requirement. You could consider if Process Monitor to help you.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

You could obtain it from the following address:

https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx