Good Freeware System Snapshot Tool For Windows? 219
Khyber writes "I'm doing a little personal research into a project that tracks what changes get made to your system every time you install a program. I know there are ways of checking through Windows Restore Points, but that's not what I'm trying to do. Instead, I'm going to start with an absolutely fresh Windows XP install, take a full snapshot of the entire installation on the hard drive, and burn that to a DVD (somewhat like a backup disc with an entire snapshot of my hard drive's current contents.) With every program I install, I'm going to take another snapshot, burn to DVD, and repeat the process until I have recreated every step taken to get to my current system state (all programs installed on a separate hard drive, all registry entries etc on the OS drive, with only snapshots of the OS drive being recorded.) The purpose for all of this I'm not legally allowed to talk about, due to confidentiality requirements. Does anybody know of such a program, preferably freeware, that will accomplish my objective, and are there tools that can be used to compare the difference in drive images?"
FOG might do it. (Score:5, Informative)
Wow, quiet in here.
FOG, aka Free Open Ghosting, at www.fogproject.org, will certainly take images of your hard drives; that's not a problem.
And, I haven't played with it, but it has the capability to do install packages, so that meets the bit-by-bit portion of things.
Like most open-source packages, FOG improves constantly, and recently, it's getting better by leaps and bounds.
Re: (Score:3, Funny)
Re: (Score:2, Informative)
The best snapshotting tool I have found (I'm not entirely sure if this is what you are after, as the summary is not clear) is BartPE with the DriveImageXML plugin. It's free and legal, although you need a Windows XP disc to build the tool (no really, it's free and legal).
I use it to install Windows fresh, add my apps, and then take a snapshot. If there is a virus attack or the install is otherwise dirtied, I can restore to a clean Windows install in around 10 minutes as opposed to the 2 or 3 hours it takes
Re: (Score:2)
Re: (Score:2)
Norton Ghost is fairly cheap and Ghost Explorer will allow you to "browse" the images. I'm not entirely sure on the comparisons angle.
Trying to make an "alternative system rollback/savestate" program are we?
Re:FOG might do it. (Score:4, Interesting)
Norton Ghost is fairly cheap and Ghost Explorer will allow you to "browse" the images. I'm not entirely sure on the comparisons angle.
Trying to make an "alternative system rollback/savestate" program are we?
First, Ghost sucks. Not version 8, which was awesome, but the recent versions, which won't let you run ghost off the damn CD you paid for. No, you have to find an old copy and put that on a USB or other HD to run it from. B-tards.
This guy isn't trying to make his own ghost, he's trying to clone registry keys and serial numbers so he can push a software install. So he's tryign to clone Installshield, but in a way that magically provides great MSI compatibility to installers that don't already have MSI functionality.
AKA the windows tech pipe dream. And I say this after my last post was called an anti-apple troll because I suggested a $299 emachine laptop was "good enough" for most people vs a $1500 macbook :p
Oh and thanks to OP for the FOG link. Hadn't heard of it.
Captcha: atheism - the practice of not believing Steve jobs is God
Take that mods :)
Re: (Score:2)
If he actually wants to snapshot installers, then he could try Total Uninstall? Or he could try Emco.is and their RDK which has worked decently for me.
If he actually just wants to snapshot a drive, then there's Seagate's tool that's a stripped down Acronis(free with a Seagate drive hooked up), or the full Acronis True Image(not free though)...
Re: (Score:3, Informative)
Re: (Score:2)
Acronis (Score:1)
I could tell you... (Score:5, Funny)
...but then I'd have to kill you. You know, confidentiality agreements and whatnot...
Do my work, I can't tell you why (Score:3, Interesting)
No kidding. The story seems a bit too much like "do my job for me". It says it's just a "personal research project" but if it really were personal, then there wouldn't be "confidentiality requirements". Maybe this guy's a RIAA/MPAA stooge and wants to more efficiently look for P2P software or something.
Re: (Score:2)
Re: (Score:2)
Maybe he's doing it to prove the existance of a DRM rootkit for a legal challenge, and he has some kind of attorney-client privelage. But then he should talk to forensics experts, not Slashdot.
Re: (Score:2)
But hey, if you'd rather us not help us win against this company and you'd like to be ass-raped by DRM for the rest of your life - FEEL FREE.
Stooping so low as to use a false dichotomy? You lose.
Re: (Score:2)
All better now...
I know of a free trial... (Score:4, Interesting)
The best tool I have ever used is Prism Deploy [newboundary.com].
It isn't free, but they do have a free trial. I've tried a number of programs to package executable programs and manage Windows images, but nothing has come close.
I'm really interested to see if there are any freeware programs that come close.
Re: (Score:2)
Prism is based upon taking a baseline image and checking for changes after an installation, which in itself is fine. You will get an identical installation of every package each time.
The issue arrises when you use an old package on a newly patched machine, and it overwrites a patched file with an older, unpatched version. This can happen when installing Office 2007 on a machine, then running an Office 2000 package, a
Re:I know of a free trial... (Score:4, Informative)
I agree, this is a poor choice if your only goal is a typical black box Windows image. However, listen to what the author was trying to do:
I'm doing a little personal research into a project that tracks what changes get made to your system every time you install a program.
As you know from using it, Prism Deploy allows you to see every single file change, registry change, file deletion, and file modification that has been made since the last snapshot. Sure, you could put all of that into an executable if you want and distribute that, but you could also save it as a prism image, and use that information to create your own package, or in the author's case, whatever undisclosed nefarious purpose he has in mind.
I'm going to start with an absolutely fresh Windows XP install, take a full snapshot of the entire installation on the hard drive, and burn that to a DVD... With every program I install, I'm going to take another snapshot... all programs installed on a separate hard drive, all registry entries etc on the OS drive. [emphasis mine]
I think that prism deploy (or a similar tool) would allow him to do this with minimal work.
Re: (Score:2)
You could try the Emco.is Remote Deployment Kit - they license down to 50 PCs, and at $145 for the full Enterprise edition for those 50PCs, it's pretty cheap really.
Re: (Score:2)
Prism certainly doesn't include this function.
Rsync is your friend (Score:2, Informative)
If all you need is an indication of what files
have changed, then just use rsync --only-write-batch=FILE
http://samba.anu.edu.au/ftp/rsync/rsync.html [anu.edu.au]
If you need more detailed descriptions (especially for registry changes) you may want to export the registry files in a pre-script, then diff the registry entries.
Do it from your Linux partition (Score:1, Interesting)
The easiest way is to run dual boot Fedora/XP. It will take you all of a couple of hours to install Fedora/Ubuntu/Whatever from a Live CD, partitioning the drive as required during the install. You can then backup the whole Win partition without Windows locking any files and what-not. Another approach is to add in another disk for that purpose, maybe a USB thumbdrive if your OS can boot from it.
The other approach is to use a VM machine. There are some cut-down versions of XP designed to work well in them.
WinINSTALL? (Score:4, Informative)
WinINSTALL LE [microsoft.com]
Download [ondemandsoftware.com]
easy: (Score:1)
Re: (Score:2)
e.g.
time dd if=/dev/sda bs=131072 conv=noerror | lzop -c >
(WARNING!!! Achtung!!! Do NOT typo the if=/dev/sda and make it of=/dev/sda there is a very big difference
gzip might be fast enough on modern CPUs to give near max disk speeds.
But I still only get about 33-35MB/sec with gzip on my core 2 duo for the first 1000 blocks of my drive (even cached!). lzop is much faster.
The conv=noerror is to tell dd to ignore read error
Re: (Score:2)
dd_rescue > conv=noerror. It'll read in big blocks and when one fails, it'll drop the block size and retry, so you don't lose a 128k chunk when there's only one unreadable 512 byte sector.
Re: (Score:2)
Should be conv=noerror,sync
Comment removed (Score:5, Interesting)
Re: (Score:3, Informative)
No, I do not need a virtual environment.
I want to do this on a level THE REGULAR COMPUTER USER CAN ACHIEVE. This needs to be easily and SIMPLY explained and proven in a court of law. As the machine I will be doing this test on will be the same machine admitted as evidence, it will be much simpler to have it all contained within a pure windows environment.
ANYTHING requiring Linux or Unix will not be that simple, period, as this only involves the Windows OS and the BEST evidence is a direct comparison through
Re: (Score:2)
I think Total Uninstall will track all changes and show them, including registry changes between two scans it does. So you'd do a scan, do an install, scan again save that. Rinse and repeat... Not free, but $35 or so is cheap, and totally windows, though you do need to first install Total Uninstall...
Re: (Score:2)
That would be nice except I wish to have *ONLY* the original OS install, and the programs which I will be installing, nothing more.
Got anything that would work on a USB stick so the OS install isn't touched besides from what I plan on installing on it for the demonstration? Preferably freeware and will work in Windows itself (the comparison tool, whether it be for drive images or just filechange logs) so the average juror can understand it easier?
Re: (Score:2)
Not that I know of... Perhaps Filemon/Regmon from sysinternals? But not nearly as easy to understand as Total Uninstall is. . .
Why? (Score:5, Interesting)
Personally, I use Ghost for imaging and if I want to find out what a program is doing, I run sysinternals File Monitor and Registry Monitor. They're real-time and don't record in a nice format but nothing really beats them on Windows. They've helped me diagnose hundreds of horrible modern and ancient installation programs used in an educational environment to allow network installation (why, exactly, do you need write access to C:\WINDOWS to run a Shockwave-based game for toddlers, etc.?).
Linux/Unix has this much easier because it allows you to monitor EVERYTHING without massive binary blobs having settings stored in them, having settings locked to particular machines, etc. or things generally getting in your way. Windows, it's a pain in the proverbial.
Even a lot of the professional MSI-Builders with their "discovery" modes are absolutely useless at working out what was actually a vital change and what was just the installer playing about, or the user changing their screensaver / explorer view preferences while they installed etc. I spend half my life cleaning MSI's of unnecessary cruft and inserting the entries that they miss. About 50% of automated install captures like this are useless for deployment to a different machine.
Basically, despite the "secrecy" around your particular purpose (why did you have to mention that at all... it makes no difference to what you want and adds nothing to our knowledge), it's probably not worth the hassle. Before and after snapshots, or package the programs and MSI's and you'll find out everything you need along the way, with an actual, practical result at the end. Trying to diff a filesystem/registry image in any way is madness and is only useful if you can get a *perfectly* clean machine, a VERY good automated program to do it brilliantly, where you'll end up with a lot of cruft that isn't related to the program installation at all (e.g. event log entries, temporary files, taskbar icons saving their settings etc.).
Shockwave installs system files for it to run (Score:2)
Shockwave installs system files for it to run
C:\WINDOWS\system32\Adobe\Shockwave 11
the game may of needed to install a Xtra for Shockwave
C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras
Virtualization (Score:4, Insightful)
Do the install in a virtual machine like VirtualBox or similar. Then you can do as many snapshots you like directly.
A good one pre-installed with windows... (Score:3, Funny)
Seriously, do we even need an article on this?
... I wonder how important the article is after all, but I'm too lazy to read it
Re: (Score:2)
ERM?!
Re: (Score:2)
i knew i would end up talking to myself - but i didn't see it coming that fast.
Regshot at sourceforge (Score:3, Interesting)
Linux live cd (Score:2, Funny)
I'd use xVM (Score:4, Insightful)
You might of course just use any hard drive imaging tool, but this is rather slow and clumsy, and it will use a lot of disk space (which isn't necessarily a problem if you really wanna burn a DVD every time). It might be easier and quicker to use one that supports incremental backups. I like Acronis True Image a lot but it is not free.
If you mainly want to document changes done to a running system over time, virtualisation products might fit your purposes well. Most of them have some sort of ability to make snapshots. The popular free VMware Server only allows a single snapshot, but Sun's xVM is every bit as good and does multiple snapshots easily [techtarget.com].
Re: (Score:1, Informative)
Ditto. In my opinion, your methodology is insane and unlikely to produce anything of value -- Windows really is huge, and much of the data you're interested is locked away past the filesystem level of abstraction -- but doing it with a VM makes a lot more sense than doing it on actual hardware. You can switch between states easily. You can retain easily-bootable, read-only copies of previous states (say, if you want to dump the registry). In any event, you don't tie up an entire computer for this project, a
Re: (Score:3, Interesting)
virtualization takes TOO LONG.
I'm going to be demoing this LIVE in court. That's NOT FEASIBLE AT ALL.
I've got most of what I need - I just need a GREP tool for windows. DIR /b /s /a:AHRS > file.txt is fine for almost everything. I need a comparison tool.
Does the command I listed above happen to record filesizes as well? The faster and quicker I can make this happen in court, the better off EVERYONE will be. It's gotta be simple enough for a JURY OF MINDLESS IDIOTS TO UNDERSTAND.
In other words - LINUX, UN
Re: (Score:2)
If you don't like my previous suggestion, you might try Cygwin? Then you do have grep...
Re: (Score:2)
cygwin might work.
So many suggestions, I'm having problems deciding which woudl be better:
my original suggestion - the DIR command with all the extended parameters outputting to a text file - can be used to demonstrate changes made to the system and be used for demos
Anon-inspired idea: Dual boot XP on separate hard drives within the same system, C as base comparison control, D with the software causing the problem - easier hardware forensics analysis and comparison
Majorly recommended but not feasible for th
Re: (Score:2)
Why not two identical systems? I have a feeling even "dual booting" may not prove your point since the average person probably doesn't know what that even means.
Re: (Score:2)
I think the way you asked your question lead to confusion, since it appears you don't care about file contents.
If all you want is diff, install diff, don't install cygwin if you're only going to use a couple tools. Most GNU tools have a windows build. http://gnuwin32.sourceforge.net/packages/diffutils.htm [sourceforge.net]
Some antivirus will hook write events (I know Avast can for example, I'm assuming Kaspersky can too), they do this to ask permission (allow? deny?), however if you set up the logging right, you could get
Re: (Score:2)
ehm do you mean the 'fc' (File Compare) command that comes with windows, by any chance?
If you need more, you might want to download a Windows version of 'diff', hte standard UN*X tool for this sort of thing.
It's available at:
http://unxutils.sourceforge.net/ [sourceforge.net]
Just copy diff.exe from the zipfile to c:\windows and you're set to go.
Example: diff c:\oldregistry.reg c:\newregistry.reg
Once, you've enjoyed 'diff', you might want to look into 'find' in the same Zipfile.
Example: find c:\ -ctime -2
This will report all f
Re: (Score:2)
Great suggestion - however I need this to be easy for the average clueless American computer user to be able to do and come to the same conclusion. I've outlined the details in a few of my responses to this thread, the most recent and updated idea/system in mind is in response to GNU above.
Grep for Windows (Score:2)
Where filename.ext is the file name and
/i means "ignore case". omit this is want case-sensitivity grepping for:
"searchstring"
Re: (Score:2)
going deeper than that, actually.
The system, without too much detail revealed.
1. Install fresh copy of XP on a full-formatted hard drive. /B /S /A:ASRH > file.txt from a USB stick or make a RELIABLE image of the drive (at that stage, about 2 GB in size) with EVERYTHING, hidden, system, etc folders and files accounted for, all without needing to install another program directly to the drive I'm trying to image.
2. figure out a reliable way to either DIR
3. Install the program that I believe causes the confl
Re: (Score:2)
Previous creation = possibility of tampering of evidence. No thanks. Something cleaner and faster, as I'm going to have to demonstrate this step by step. The jury can listen to other arguments while the install happens right there in the courtroom in front of them. The transcriptionist can easily re-read the record of events without any issues.
Partimage (Score:3, Informative)
I was looking into taking a snapshot of a fresh+patched windows install because I was tired of reformatting and then spending hours reinstalling+patching.
I checked out http://www.partimage.org/ [partimage.org] which seems to be the tool targeting what you're trying to do.
For me, it didn't work out because the only apparent way to burn an image to disc is to have DVD+RW media [sysresccd.org] and I didn't have the patience to wait until I could get to the store to buy the rewritables.
Re: (Score:2, Informative)
Very flexible, lots of driver support, backup from/to CD, HDD, USB drive, FTP or network share, and GPL'ed. Active forum, too.
DD (Score:2)
http://www.ss64.com/bash/dd.html [ss64.com]
Re: (Score:2)
Sure, I'll "second" that.
Make sure the disk is zeroed prior to installing anything (dd if=/dev/zero of=/dev/sdb -- replacing sdb with whatever the drive actually is).
The partition the drive and install your software.
To capture -- dd if=/dev/sdb | bzip2 >image.bz2
I would use bzip2 instead of gzip for the slightly better compression. It would be possible to "delta" two images, but you didn't ask about it.
This presumes unix (linux), possibly as a "live cd"; it may be workable with "cygwin".
It is ALSO possib
Re: (Score:2)
http://www.linux4dummies.com/WTFisSDBandhowdoIfindoutwhatmydriveactuallyis?
Re: (Score:2)
Easy... is relative. Let's try to remove Unix (Linux) from the equation:
There is a weird convention used with Windows for direct drive access:
http://support.microsoft.com/kb/100027 [microsoft.com]
\\.\PhysicalDriveN for physical drives (0, 1, 2...), or \\.\X: for logical drives (C, D, E...). Of course, the mapping between physical and logical isn't particularly clear, given the partition tables on the physical devices.
Under Unix (linux, here) /dev/sdx is physical drive x (a b c...), /dev/sdxn (1 2 3...) is a partition. Its
Linux LiveCD (Score:2)
Horribly Inefficient (Score:5, Informative)
What you're aiming to do is perfectly valid but the method you describe in order to achieve your goal is horribly inefficient; I'd be hard pushed to think of a more time-consuming and difficult way to achieve your goal. My tip:
This sounds like an absolutely ideal scenario where you could benefit from virtualisation technology. Install the system you wish to "monitor" in a virtual machine. I come from the VMware world, and I can say that the snapshots feature of VMware Workstation would do exactly what it sounds like you want. Whenever you wish to capture an image of the present state of the machine, take a snapshot. Further, you can take as many snapshots as you please, these snapshots can be built on previous snapshots, and you can even have branching snapshots. Icing on the cake: only the differences since the last snapshot will be saved, so you'll save a huge amount of data versus burning complete snapshots to DVD.
What next? Simple, mount the snapshots as a drive on the host machine and diff them using the tool of your choice. I use WinDiff for basic directory/file comparison, but there's a multitude of options out there. The only problem I can imagine would be you probably can't mount multiple snapshots simultaneously from the same virtual disk, but you could get around this by just making a copy of the VHD on your HD and mounting the second snapshot off that.
By the way, there's likely other virtualisation products out there (e.g. VirtualBox) that can achieve what I described above, I'm purely using VMware Workstation as an example as it's my virtualiser of choice. Further, VMware Workstation is not free, VBox is.
Re: (Score:2)
even better, run VirtualBox on linux and create windows instances, then you have the best of both worlds: linux stability and security, and access to windows applications.
Re: (Score:2)
Re: (Score:2)
Also, unless you're only ever installing on the system and no one ever actually uses it, you'll probably want to take snapshots immediately before installation as well as immediately after. Things change just from day-to-day use. You wouldn't want a restore after a bad install to lose all your work since the previous install.
Re: (Score:2)
Tell me if I'm making shit up, but wouldn't it be possible to do it like this?
Run two VMs.
Install your setup in both.
Add apps to the 2nd VM.
Do a DIFF of the two running VMs.
Dupe the 2nd VM to a 3rd VM, rinse and repeat the further steps.
And so on, saving the DIFF info between generations of VMs.
And only save DVD snapshots of each VM for "in case the process dies before I'm done, so I don't have to start over" and for archival documentation, but don't waste time DIFFing DVDs (which has gotta be WAY slower th
Re: (Score:2)
Virtualization is useless in a live demo in front of a jury that has NO CLUE what virtualization/Linux/Unix is.
I must keep this simple and to the level the regular juror will understand.
The full process goes like this.
1: Install Windows on a freshly full-formatted HD. /b /s /A:ASRH > file.txt to get a listing of every file present, hidden, system, read-only, etc.
2: DIR
3: Install a program with a DRM feature
4: Repeat step 2, then check with some form of GREP for windows or something to compare the two wri
Re: (Score:2)
A good generic file comparison tool I've used is Beyond Compare:
http://www.scootersoftware.com/ [scootersoftware.com]
Has a 30-day trial and a reasonable cost.
Why I'm replying to your ungrateful and horrible impoliteness is beyond me, though. I really like how you didn't say that virtualization wouldn't work in your original question, nor did you mention the scenario/target audience, yet you are insulting those who couldn't read your mind. Well done!
Re: (Score:2)
Now *THAT* might be an idea!
Dual-boot environment - Two copies of Windows XP on separate hard drives would be almost perfect for hardware forensics analysis. I'm mainly dealing with software issues, but the issue I am addressing in court has been known to cause hardware problems as well. This might be a more useful approach.
Thanks for the brilliant idea!
Re: (Score:2)
Great input, I wish I could mod you up for this (possible slashdot feature in the future, creators of ask slashdot stories mod up the information they found helpful and useful alongside the other moderators?)
I think while laptops would be easier all the way, they are pricey and we need to demonstrate on a machine well-capable of handling the system requirements for the software we're testing. That does get kind of expensive given the game requirements. (If you thought it was SPORE, sorry, not the problem in
Re: (Score:2)
I think you may run into problems if you try running off an image on a different drive/partition. Windows generally looks at what drive letter it is on. If you have the base install on the C drive and boot an image on the D drive all of the registry entries and other stuff are still going to point to the C drive. Trouble.
I think what you need is two identical drives, and then physically swap the connectors so that the C drive becomes D and D becomes C. Then you can still work with a single PC.
You might want
Re: (Score:2)
I've dropped the idea of using an image. i think it'd be simpler to just Install Windows on both hard drives individually so there's a record in the MBR of an install on C and an install on D. Then infect the D drive with DRM. From there it should be easy enough to use some USB or CD-bootable tool to compare what got changed between the two drives.
Still thinking about the old DIR /B /S /A:ASRH > File.txt, but need more time to figure out how to implement it, if I should at all. I could run it from the cl
liveCD (Score:2)
Just boot from a liveCD, then clone the drive?
That would make sure that your clone is consistent, and since you cannot continue working with the pc while the cloning is in progress (that would certainly make it inconsistent), there is not much disadvantage in rebooting.
If you want to get fancy, install a second OS, and make a script that upon booting that OS automatically clones the first OS and then reboots. Any linux can do this easily.
Since you also have a second drive, the burning to dvd can happen late
Already free and included in Vista (Score:1, Informative)
It is called the Shadow Copy. It will give you snapshots of the drive state periodically and all the changes (this is not Restore Points). More info can be found here...
http://sansforensics.wordpress.com/2008/10/10/shadow-forensics/
i use becose of family (children f* evithin up in) (Score:2, Informative)
dd + cygin (Score:2)
Macrium Reflect (Score:1, Informative)
Is free for personal use, makes images, creates a boot cd for recovery. very slick program.
Microsoft BDD (Score:1)
sysprep (Score:2)
Is there a reason why sysprep wouldn't work? It's already on your system I would wager.
Re: (Score:2)
c:\windows=system32\sysprep.exe
It basically prepares a system for image capture. I suppose that was incomplete.
imagex is what I meant. It's the ms tool to archive up a system and apply, doing whatever magic microsoft blesses for imaging a system. It's akin to a cpio, except it has an xml index to multiple images (which can have inter-image references).
g4l (Score:3, Informative)
There's a tool called Ghost 4 Linux that might do what you need. You boot with the g4l disk on your backup target. You can then specify a remote server or a local storage device to create the image backup. It doesn't matter what OS is being stored as it's a physical image.
Files can be very large because it copies sectors, not files, so even deleted files can take space. To minimize this there are some disk zero utilities that will zero out the unused space on your drive.
I use it often for backing up my Windows laptops.
ZFS (Score:2)
If only Windows ran on ZFS :(
Us Solaris peeps do *exactly* this. Take a snapshot immediately after install, take another snapshot after configuring the system, take any additional snapshots later...
I would post an output from zfs list showing all the snapshots taken on the root filesystem, but unfortunately slashdot's lameness filter REFUSES to cooperate telling me to use fewer junk characters :(
FreeBSD http://wiki.freebsd.org/ZFS [freebsd.org] and MacOSX http://www.apple.com/macosx/snowleopard/ [apple.com] will soon have proper ZFS
Re: (Score:2)
FreeBSD's UFS2 supports snapshots too, though they're not as effecient as you might like.
I'm pretty sure NTFS supports snapshots in the form of the volume shadow copy service, but they're not as clearly exposed to the user.
Regsnap will get your registry changes. (Score:2, Interesting)
Regsnap from LastBit Software will snapshot the entire registry and system file
lists (if you want it to) and save it out to a file. Once you make your changes
or installations you can snapshot it again and then directly compare the two files
and generate a difference file of all the changes to the system. It's a fairly
useful utility for capturing what installers/applications do to windows based
systems. Unfortunately it's not free.
if people are going to put up not free options (Score:2)
Very not free but... (Score:2)
Sera
Virtual PC 2007 - also think outside Just Imaging (Score:2)
Taking an initial and progressive snapshots are a good idea to start with and a VM tool will let you do this if you are just monitoring what software is doing. Go with Virtual PC 2007, it is free and will let you take the VHD images and later remount them as secondary drives on a VM to compare them.
However depending on your end goal, it might be better to 'also' just data mine the changes to the system. Use http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx [microsoft.com] (Process Explorer) as it tracks all the
deep freeze (Score:2)
http://www.faronics.com/html/Deepfreeze.asp [faronics.com]
Forensic Discovery, Windows Services for UNIX (Score:2)
Windows Services for UNIX 3.5:
http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx [microsoft.com]
http://technet.microsoft.com/en-us/magazine/cc160802.aspx [microsoft.com]
Utilities
SFU comes with more than 300 UNIX utilities as part of the Interix subsystem, with additional utilities available either from InteropSystems or by compiling from available source code. These utilities cover all the major UNIX utilities and areasâ"everything from addr to yaccâ"and behave exactly as you and your UNIX users would expect them
VMware (Score:2)
Re:DIY (Score:5, Insightful)
Re: (Score:2)
While that is a better approach, I would argue that the entire concept of using a diff to try to determine what an installer is doing is usually a bad idea.
It can be useful for troubleshooting, but most people (and software vendors) try this kind of thing to build "repackaging" installer-builders. It's a terrible idea.
An installer may do completely different things depending on the system configuration. There is the factor you mention about existing file versions. If the user chooses a different install pat
Re: (Score:2)
I think we can agree that the registry is 100% Microsofts' fault :-)
It was one of those design decisions that "sort of" seemed to make sense (if you were drunk enough), but that in retrospect was just plain wrong.
That said, a diff of the entire filesystem between a virgin install and any particular program could be useful, especially when tracking down files modified bye spyware or malware installs.
Re:Duh! (Score:5, Insightful)
2. Boot to Linux Live CD. Find out your hardware isn't supported as MoBo is new.
3. Download different Live CD.
4. Repeat 2 and 3.
5. Find Live CD which allows you to boot X. You're not a console monkey, so you need a GUI.
6a. Wireless network doesn't work "out of the box." Find / make 30m patch lead to go from back of PC downstairs to your router. Download NDISWrapper and firmware. Configure wireless networking. Alternatively;
6b. Look online for help using dd and sdiff, as you've never, ever heard of these applications.
7. Read three different forums full of "OMG go bk 2 winbl0wz, n00b!11" posts regarding the same issue until you find one person who has managed to pry the information you need out of somebody with a small sense of community.
8. Take image of Windows partition. Make coffee while you wait.
Total time to complete, with downloading images: 9 hours 40 minutes.
Total time to reinstall Windows XP, patch, and install games: 5 hours.
THAT'S how tough it is. We're not all Linux users.
Re: (Score:2, Funny)
Re: (Score:2)
"THAT'S how tough it is. We're not all Linux users."
I'll buy the live CD distro churning (BTDT), but among the reasons I enjoy Linux is that there are plenty of helpful folks who DIDN'T give me the "GTFO newfag" treatment.
It's easy to find newbie forums and lurk before posting, and it was easy back in 1999 when I didn't know shit about computers let alone Linux.
"Total time to complete, with downloading images: 9 hours 40 minutes."
Seems reasonable, since learning new stuff is involved. Once ya are edumacated
Re: (Score:3, Informative)
Live Linux CD + dd + sdiff
How tough was that?
The question is "Livecd + dd + sdiff what?"
It's easy to get a dd image of a running machine this way (and just as easy to do it using virtualisation-solution-of-your-choice, as everyone who isn't saying "just use dd" is saying).
It's slightly less easy to work out which files have been added, which modified, and which deleted , since you last did it. You'll also need to work out which were changes due to the new software that you installed, and which due to stuff that happens anyway. Changes to text files
Re:NTBackup (Score:4, Funny)
Possibly free OEM version for Seagate drives (Score:2)
Re: (Score:2)
Process Monitor is blocked by the issue I'm encountering.
Re: (Score:2)
I seriously doubt that keeping Windows working is the point of this little exercise. For starters, that wouldn't require any sort of confidentiality. Second, Windows is pretty stable to begin with, unless you're experimenting with malware, which would be a good reason for doing what he wants to do.
You must be knew here, having Windows is a good reason for confidentiality.