I need to compare the windows registry data before and after install a program ?
Launch Event Viewer, and browse to Event Viewer > Windows Logs > Security. You should see “Audit Success” events recording the date and time of your tweaks, and clicking these displays the name of the Registry key accessed, and the process responsible for the edit.
In order to extract Windows registry files from the computer, investigators have to use third-party software such as FTK Imager [3], EnCase Forensic [4] or similar tools. FTK Imager is oneo fthe most widely used tool for this task.
Regshot Unicode is an Open-source Registry monitoring tool that monitors your computer's file system and Registry keys. A snapshot of the system registry is taken before and after the changes have been made. You will be able to see what changes have been made to your files by looking at that snapshot.
If you happen to have Total Commander, this is pretty easy:
export the registry before the installation and after the installation (save with the same name in different folders)
open both folders in Total Commander, highlight the file on one side, go to Files > Compare By Content... voilá:
Total Commander is shareware, try before you buy.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With