Wait, did something change? Don’t know, use Regshot

1. Download the program from http://sourceforge.net/projects/regshot/.
2. Right-click the program and run it as administrator.
3. The below screen should appear. From there we have the option of comparing logs in plain TXT or HTML. We can also choose folders to scan as well.


4. To get the first shot (baseline), click “1st shot” and then “Shot” as depicted below.
Note: Although not used in this scenario, we could take a shot of the system and save it by selecting “Shot and Save” for use later and then we could use the “Load” button to load it.


5. Now make a change to the registry or somewhere on your system that will change a key in the registry.

6. Let’s take the second shot by clicking “2nd shot” and then “Shot” as depicted below.


7. Once complete, click “Compare” as depicted below.


8. Something like the below should appear depicting keys added and deleted and values added, deleted, and modified along with the total changes. This is all from comparing the two shots.

Screen Shot 2015-05-14 at 7.15.30 PM

9. Done!