-
December 7th, 2005, 02:03 PM
#1
Junior Member
What detection tools are available?
Hi,
I wasn't sure at the beginning where to post, and in the matter of fact I am still not sure!! Anyhow if I am posting in wrong section I apologise.
Now, my question is about what kind of tools are available that would help me identify before and after changes in my machine?! For example I want to identify what kind of files and values are being made to my computer when I try to install new software.
Thanks
aak19
-
December 7th, 2005, 02:29 PM
#2
We'll need some more information here..
Most importantly what operating system are you running..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
December 7th, 2005, 02:35 PM
#3
If you are using Windows so here you can find some progs that can help you to monitor changes
http://www.sysinternals.com/
and also SpyBot has lot of tools (in advanced mode) that can be used for checking you system
// too far away outside of limit
-
December 7th, 2005, 02:37 PM
#4
Hi
Assuming some Windows derivatives, I suggest
the classic pair:
-> Sysinternals File monitor[1]
-> Sysinternals Registry monitor[2]
or the all-in-one solution by epsilonsquared[3].
Have a look at this new tutorial[4] for some
additional aspects.
Linux: dnotify[5] / inotify[6] (?)
Cheers.
[1] http://www.sysinternals.com/Utilities/Filemon.html
[2] http://www.sysinternals.com/Utilities/Regmon.html
[3] http://www.epsilonsquared.com/
[4] http://www.antionline.com/showthread...hreadid=272469
[5] http://freshmeat.net/projects/dnotify/ (not performant)
[6] http://www.edoceo.com/creo/inotify/
[6a] http://www-128.ibm.com/developerwork...l-inotify.html
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
December 7th, 2005, 02:46 PM
#5
..BTW... what monitoring tools mac has?
// too far away outside of limit
-
December 7th, 2005, 05:05 PM
#6
Junior Member
Thank you all for helping! My question was regarding Windows operating system, and to be precise XP.
The sysinternal tools (i.e. file and registry monitoring tools) are excellent! However, what I am concerned about now is that those utilities are in real-time which means dozens if not hundreds of data are being revolved up and down the screen rapidly! Which is somewhat confusing to know what is what? But this is going to do fine as I was just introduced to such tools, I have to research around these utilities to try and reverse installations, to learn installation paths, files added, and new or altered records etc once a specific program were employed!
Any adivce or comments are most welcomed!!
Thanks
aak19
-
December 7th, 2005, 07:16 PM
#7
Try Inctrl5. It's better than regmon and filemon for windows. Much more comprehensive, although I think you have to pay for it now..
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
December 7th, 2005, 09:47 PM
#8
http://www.tripwire.com/kb/view.cfm?aid=62
Tripwire looks for changes these by monitoring key attributes of files that should not change, including binary signatures, size, expected changes in size, etc. - and reporting its findings.
AND TO PREVENT
http://www.faronics.com/html/deepfreeze.asp
Absolute Protection
* Guarantees 100% workstation recovery on restart
* Provides password protection and complete security
* Protects multiple hard drives and partitions
* Protects CMOS
* Protects master boot record
Integration and Compatibility
* Supports multiple hard drives and partitions
* Supports multi-boot environments
* Compatible with Fast User Switching
* Supports SCSI, ATA, SATA, and IDE hard drives
* Offers single install for Windows 95,98ME, 2000, XP
-
December 8th, 2005, 12:43 PM
#9
you can also use filters in settings to chose what you want to monitor.
// too far away outside of limit
-
December 8th, 2005, 12:50 PM
#10
LOL. How interesting that people are asking for this just after I posted a tut...
Go download install watch pro. It's free and acts like a tape recorder on your system. Once you install software, you get a nice report back that shows alll changes and activities the installation performed.
http://www.epsilonsquared.com/installwatch.htm
Mr. Babis, visit the BSD forums. There are numerous toolz available for MACs.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|