Track modifications made by a program on your system



  • Our rating
Sending
User Rating 4 (1 vote)
DiffView is a program able to display and log modifications made by a program on the system, in the filesystem and the registry.
IconDiffView Download
AuthorAdlice Software
Version1.6.0.0
Download1,049
Category,
File Size315.57 KB
LicenseFreeware
Operating SystemWindows XP, Vista, 7, 8, 8.1, 10. 32/64 bits
Tags   analysis     difference     filesystem     malware     registry     research  
 

Screenshots

 

Description and Review

 
DiffView is a FREE software able to search for modifications made by a program during a given time. The features are listed below:

 

Requirements

 

Features

DiffView is able to tell which key/registry key as been modified within a time range (in minutes), in order to retrieve changes made by a program installation.

You can also select registry keys / folders to scan, for performance purpose. The registry scan cannot give deep change information, it knows only if a registry key has changed. To have better information about it, you can make a Thorough scan (see user guide).

 

User guide

The best way to use it for malware analysis is the following:.

  1. Make a snapshot of your VM!
  2. Launch the malware dropper
  3. Make a scan of files with a time range depending on when you started the dropper
  4. Make a quick scan of registry with a time range depending on when you started the dropper
  5. Get the report
  6. Analyse the report, and note the keys suspected of being relevant (you can see the values by clicking on them)
  7. Restore your VM for thorough registry scan (if needed)
  8. Tick the "Thorough" option and choose only relevant keys get from the previous report. NOTE : This scan is long, so you have to choose the least keys you can
  9. Backup these keys with the "Snap" button
  10. Launch the malware dropper
  11. Make a thorough scan of registry based on the previous backup
  12. Get the report
 
Download
FileAction
DiffView.exe (portable)Download