Registry Snapshot Tools: 8 Best to Track & Compare Changes
Usually when software gets installed onto your computer, it copies the needed files and registry entries onto the system for the program to function properly. And when you want to uninstall the software it should but doesn’t always remove everything that was added in the first place. Most of the time there is useless data left over which should have been removed because the uninstaller maybe is corrupted or even badly programmed. Depending on the program and how good the uninstaller is, this could range from one or two innocuous registry keys right up to hundreds of keys and several Megabytes of leftover files.
One way to find out yourself what is getting added to your system during a software install is to actually check the state of your system before the installation, and then check again afterwards to see what has changed. Here’s a selection of 7 tools that can track what file and registry changes are made during a software install by creating and then comparing before and after snapshots of your system, all were tested on Windows 7.1. Regshot unicode
Regshot is a long running utility that can quickly take a before and after snapshot of the system registry. Also in the more recent unicode version it’s gained the ability to monitor for file changes using CRC32 and MD5 file checksums although this function is turned off by default and you have to go to File -> Options -> Common Options -> and tick “Check files in the specified folders” to enable it.
Only the Windows folder is entered into the list of watched folders so you have to enter any others yourself through the Folders tab. This version also added the Connect to remote registry option.
Regshot is very much a “hands on” utility and is more for experienced or advanced users to quickly check for system changes between two different points in time. Simply create the 1st shot, install the software or run the program you want to watch, and then press 2nd shot. After comparing the differences in the 1st and 2nd shots, it will open an HTML log in your browser listing all the detected changes.
Being only a few hundred KB and portable, Regshot is an extremely valuable tool to have around. The original Regshot is still very slowly being developed and there is a recent beta with separate 32 / 64-bit and ANSI / Unicode versions that can be found at SourceForge.
2. InstallWatch Pro
InstallWatch Pro is quite an old utility which works in a similar way to RegShot in that it tracks any changes made to your registry and files between 2 given points in time although this program is more specifically designed for tracking installs. The program is quite detailed in what it can track and includes additions, deletions, or modifications to files and directories, INI files and the system registry.
The good thing about InstallWatch is the easy to read way in which the results are displayed because it behaves just like a standard Explorer window with an expanding tree view of the sections on the left. While the program is running it will detect if you run a setup installer and ask to create a before snapshot, or you can simply click the Snapshot button on the toolbar.
After install, it will ask to create the after snapshot or you can use the Analyze button. The result can then be browsed or individual sections can be exported to text or HTML. All installs are instantly accessible from the tree view and there is also a useful search function.
3. SpyMe Tools
This utility has something the others in the list don’t which is a function to monitor a drive or folder in real time for file changes and could prove a useful addition when doing a bit of troubleshooting. SpyMe Tools is a quite an old program but is still perfectly capable at creating before and after snapshots to watch an install or software for changes.
It does have one drawback though because there is only the facility to snapshot either files or registry, not both together, changeable in the Current Mode option on the toolbar.
Like InstallWatch Pro the interface looks a lot like Explorer so you should feel at home navigating around. The way SpyMe Tools works is slightly awkward because you have to click the Scan button and save the snapshot, install or run the software to track, then click the Scan button again and save another snapshot with a different name.
Both are then tested for changes using the Compare button and the results will show in the window. The differences between the 2 snapshots can be saved as a text file. SpyMe Tools is also a portable program.
InCtrl5 is an incredibly old tool dating way back to the year 2000 but some users may have heard or used it before, and it can still do a job with a little bit of effort. There are one or two issues with it though which require a bit of knowledge to use the program effectively. First, unsurprisingly InCtrl5 will need to be run in compatibility mode for Windows Vista, 7 or 8.
Secondly, there is an issue with it’s output results for 64-bit users as it won’t display the Software\Wow6432Node registry keys as coming from there, but will instead show them as coming from simply Software, something to watch out for.
Using the program is pretty easy and it will track changes to the registry, drives and folders, ini files and also specific text files. Inclusions and exclusions can be configured by using the What to track buttons. After selecting the installer you want to track, it will create the before snapshot for you.
Then you install the software and press the Install Complete button to create the after snapshot and the analysis, which could take a little while. The result will then open up a window where it can be viewed or saved as HTM, TXT or CSV files formats.
The free System Explorer systemexplorer.net and has also a Snapshots tool to record and compare changes in files and/or registry.
My favourites were always Advanced Registry Tracer [ART] & Advanced Registry Monitor [ARM].
They both have a “create redo reg” & “create undo reg” feature.
From memory they [or only one of them] can detect file size increase/decrease/modified & file date changes too.
Its been a while but Advanced Registry Tracer’ System requirements for ART states it can support current windows versions.
Process Monitor works with x64 and 32 registry.
It also can monitor both files and registry at the same time, plus much much more.
It’s free, and you can get it from Microsoft.
It replaced RegMon and FileMon tools.
You can download it from the following link:
The only downside is that because it has so many extra capabilities, it’s not as user friendly as older registry tools. It does come with a great help file, and once you get the hang of it, you’ll never look at older registry tools the same.