Compare Registry Snapshots with Regshot
Regshot is a free program for the Windows operating system that enables you to compare two snapshots of the Windows Registry and directories.
Taking Windows Registry snapshots can help you analyze changes that have been made to the system during a set period of time. The time being of course the days, hours or minutes between the first and second snapshot.
Regshot is a software that enables you to take Windows Registry and folder snapshots, and compare two of the snapshots that have been crated with each other to find out what changed in the time between the creation of the first and second snapshot.
This can be useful to find out exactly what a software installer changed on a system for instance, or if files in a folder of interest were modified.
Regshot Review
Regshot is a portable program that comes as a 32-bit and 64-bit version both as ANSI and Unicode versions.
The interface is functional and provides you with the following configuration options:
- Select whether you want to compare the logs using a plain txt or HTML document.
- Add directories that you want included in the scan. Separate the paths of folders using ";".
- Set the output path for the data.
- Add a comment to the log.
- Create the 1st and 2nd snapshot of the Registry and, if selected, directories.
- Compare the two snapshots with each other, and have Regshot create the comparison log for you.
Once you are ready to create the first snapshot hit the 1st shot button to do so. Regshot gives you the option to create the first snapshot with or without saving it to the local system.
Saving enables you to load it at a later point in time. This can be useful if you want access to a default snapshot, for instance directly after the installation of the Windows operating system or the most recent update.
Another interest application for Regshot is to compare how well a program's uninstaller removes files and Registry information that were added during the software's installation. If the program recorded 1000 changes in total during the installation of a program on the machine, it should match that number during uninstallation and any variation of it may indicate leftover data.
If you don't save the snapshots, they will be lost when you close the program.
The same options are provided for the second snapshot. Once you have created or loaded two snapshots in Regshot, you may hit the compare button to have the program create a compare log file that highlights all differences in the two snapshot files.
The log file displays the date and time of both snapshots at the top, the computer name, and the name of the user used to run the program.
It then highlights the following information:
- Keys added or deleted highlighting any Registry key that got added or deleted.
- Values added or deleted highlighting Registry values added to keys or removed from keys.
- Values modified listing Registry keys and values that were modified.
The comparison file can be extremely large depending on when the two snapshots were created. It is therefore usually best to make sure the time between both snapshots is as short as possible to prevent the log file from filling with unrelated data.
Also, you may need to load the comparison file in a compatible program, as the size of it may be too large for it to be opened in the default text editor Notepad.
Closing Words
Regshot is a mighty useful program for Windows, not only to monitor the installation of software on the system, but also changes during Windows updates or simply monitoring what a program does while it is running.
Alternatives
We have reviewed quite a few Regshot alternatives in the past years. Here is a quick selection of programs that offer similar functionality:
- Event Monitor Service monitors file creations and deletions, the Registry, and several other events. It saves all information to a log that you can access at any time.
- Registry Alert is a free Registry monitoring program. On top of that, it can be configured to alert you whenever changes are made to monitoring keys.
- Registry Finder is an advanced Registry editor that ships with an option to list Registry changes by date and time.
- Reg From App puts the focus on specific applications. It monitors one application and displays all the changes it made to the Windows Registry.
- What Changed works in pretty much the same way as Regshot. Create two snapshots, and compare those. It does provide options to scan only select Registry hives and not all of them though.
