Originally posted here by sec_ware
Hi

Assuming some Windows derivatives, I suggest
the classic pair:

-> Sysinternals File monitor[1]
-> Sysinternals Registry monitor[2]

or the all-in-one solution by epsilonsquared[3].
Have a look at this new tutorial[4] for some
additional aspects.

Linux: dnotify[5] / inotify[6] (?)

Cheers.


[1] http://www.sysinternals.com/Utilities/Filemon.html
[2] http://www.sysinternals.com/Utilities/Regmon.html
[3] http://www.epsilonsquared.com/
[4] http://www.antionline.com/showthread...hreadid=272469
[5] http://freshmeat.net/projects/dnotify/ (not performant)
[6] http://www.edoceo.com/creo/inotify/
[6a] http://www-128.ibm.com/developerwork...l-inotify.html
Thank you all for helping! My question was regarding Windows operating system, and to be precise XP.

The sysinternal tools (i.e. file and registry monitoring tools) are excellent! However, what I am concerned about now is that those utilities are in real-time which means dozens if not hundreds of data are being revolved up and down the screen rapidly! Which is somewhat confusing to know what is what? But this is going to do fine as I was just introduced to such tools, I have to research around these utilities to try and reverse installations, to learn installation paths, files added, and new or altered records etc once a specific program were employed!

Any adivce or comments are most welcomed!!



Thanks
aak19