Best file and registry monitoring tools (like Regshot)

I currently use InCtrl5 to log registry and file system changes caused by installers. Taking snapshots of the whole system drive is too slow, so I prefer to monitor only certain critical areas such as C:\Windows and its subfolders. But I'd also like to monitor files and folders created or modified in C:\ without recursing into subfolders. Is there a software that can do this i.e. that let's you specify whether or not to recurse into each of the monitored directories. Also, the ability to use RegEx or wildcard expressions to specify folders to include and exclude would be a plus.

In addition to InCtrl5, I've also tried RegShot (original and the unicode version), SysTracer, Evans Tracker and probably some others, but haven't found the perfect tool yet. The ultimate goal here is very fast before and after snapshots. Any suggestions?

 

I use snapshots feature in System Explorer. With it user can edit the "Global Filter" directly (or edit the "snapshotFilter.txt" file). So exclude files/folders and registry entries is a easy way; user can also use a regular expressions.

 

Well, I guess the ultimate file and registry snapshot tool is yet to be programmed. I've been searching for a long time and InCtrl5 still tops my list even though it's over 10 years old by now.

In any case, I decided to try programming my own file snapshot tool using AutoHotkey (this is strictly an amateur affair). I wrote a small (80 line) script that loops through the specified directories and retrieves file path, size, attributes and time stamps. The script then saves this information into a text file. For each base directory, the user can choose whether to retrieve files, folders or both and whether to recurse into subfolders. On the second run, the script compares the current snapshot to the previous one and reports the differences (new files/folders, modified files/folders and deleted files/folders). I ran it a few times on all of C:\*.* including subfolders, and it took about 30 second to go over the 27 GB of files on my system partition. The comparison of two snapshots took less than a second. If I target only certain important directories, I can get the snapshot time down to ~10 seconds, plus another ~20 seconds for the registry with Regshot or similar.

 

SE is indeed excellent for that purpose.

I also use sandboxie and WRR (Mitec Window Registry Recovery). With the standard sandboxie features, I see which files are changes/added, and with the help of WRR, I can also see the changed registry keys.

 

As for the registry part, Registry Workshop is hard to beat. It has a nice feature allowing us to load and compare any 2 given system registries bit by bit, in a double window. It can also create as many snapshots of your local registry at your desired time, to compare them later at will.

The amazing speed of doing all this job and the easy way the program presents the comparaison results are the big benefits of using RW here, or to verify and possibly correct the job done by any other installation monitor. I don't need to be that thorough to check on each installation but it can another good option to explore for occasional use. I also find this way very educational.

On many occasions now I use both Ashampoo Uninstaller and RW together to monitor bigger program installation and archive each result for any possibly problematic uninstallation later on.
Another possible use of this is with exploring baddies "amusing" work on a system...

 

@ MerleOne, in fact System Explorer'snapshot feature is excellent. And fast to do the snapshots; noticeably faster if user add in 'Exclude' field drives not needed for the analyze, like non-system partitions, usb external hard drives, ramdisks, usb pen drives.

I used WRR when installed sandboxed app. also. Until I did SanboxDiff to check changes in files/registry entries in sandboxed programs. It can show changes for a new installation, even when user have applications installed in a sandbox folder yet.

Maybe a day you could try SandboxDiff...

Unlike ruinebabine I don't use Ashampoo Uninstaller to install/uninstall; I use ever ZSoft Uninstaller with their analyze feature, that allows to do a clean uninstall. Freeware.

 

I have no problem with that majoMo and would even love to be able to use Zsoft over Ashampoo (my choice was strictly a "moindre mal")...

Let it be known: ZSoft Uninstaller v2.5 still does not really support a 64-bit OS.

But please, please correct me!

(edited to make the link more acurate)

 

Thanks for the tip about sandboxdiff, I'll definitely try it next time !

 

I use Total Uninstall from http://www.martau.com/ it takes a snapshot of the registry and file system, installs the software and then does another snapshot and compares them.
If I want to uninstall I use the same program and I know all traces are removed.

Suggest you give it a try, might be what you are looking for

You can even completely uninstall previous software installs before TU was installed. There are two buttons (above modules) on the top left. Pushing the left one shows previous installs (which you can uninstall) i.e programs installed without Total Uninstall. The right button is for completely monitored installs and uninstalls using Total Uninstall - Hope that makes sense

What I also like about it is that you can export all the changes. Now that helps with GiveAwayOfTheDay software - which normally must be installed and activated the same day. I install the GAOTD software and activate it, if I like the software I export the changes (which goes is in to a zip file) and save them on my external drive. Later if I reinstall the OS I can reload the saved program and every time it works - a side bonus. For this I believe you need the Professional version

 

It's not necessary... You are right! Since I use Win XP and I didn't know you are using 64bits system, I understand you are using a "moindre mal"... .
Ashampoo is a good choice indeed (but payware...). ZSoft full supports 64bit OS only if app. are 32bits native. For now.

I hope it can be helpful to you.

Thanks for share with us this feature'info. (maybe it can't be installed in another PC though; what you think about?). I think Ashampoo can do that also (perhaps ruinebabine can confirm that). For GAOTD software I use a trick that ruinebabine (thanks again... ) gives instructions to me... Total Uninstall is a very good uninstaller app. (payware) definitively. Sometimes I read users claiming their license policy about.

BTW, System Explorer was just updated to v. 2.5; with a new looking...