Change Analysis Diagnostic Tool for Windows XP
Microsoft recently released this KB article, titled The Change
Analysis Diagnostic Tool for Windows XP is available.
So, why is this interesting? Bear with me for just a moment. Reading
the article, we see that the tool looks at programs, OS components,
BHOs, drivers, ActiveX controls, and ASEPs (MS's term for autostart
locations). Okay, so not entirely interesting, per se...there are
tools that already do this, I know. However, the really interesting
part is this:
The Change Analysis Diagnostic tool queries the System Restore data
for the number of days that the user selects. The tool finds the
changes to the registry and to the file system that are relevant to
these categories. Then, the tool presents the changes together with
contextual information.
Is that sweet or what? Tools like this generally require a baseline,
such as when we're performing dynamic malware analysis (ie, snapshot
the system, install malware, snapshot the system again, and compare
the two). In this case, MS is using the Restore Points as the
snapshots. Makes me glad that I took the time to address Restore Point
analysis in my book!
No comments:
Post a Comment