Windows Log Software - File Copy, Execute, Delete etc

deadevil13 · 12 Apr 2011

Hi

Ok, this has bugged me for a while now. About 3 months ago, with my college computing class we attended a lecture/presentation from the guys at Kapernsky in which they showed us some basic tools for securing, and monitoring your own system. I remember them using programs like OllyDBG - but they also had this little software application (btw they told us all of the utilities they were using in the demonstration were available free online!) that monitored the copying of files, deletion of files, edits to the registry, starting/stopping services, running other exe's and opening new webpages.

In the demonstration they ran a 'malicious' installation package and this little log program ran beside it; once they had finished installing, they brought up the log screen and it showed that some services had been started, and where the virus had been installed.

Just wondering if any of you guys may know what this software is called? Links would be great!

Many Thanks

Neutron16 · 12 Apr 2011

I'm not sure what programs Kaspersky Lab uses in their demonstrations.
I am aware of Sysinternals suit, which has a set of free useful utilities with huge potential to trace viruses and things like that.
I have seen a video of Mark Russinovich (author) using this suit to do that. This guy works for MS now.

Update: In some of the Kaspersky Lab's slides it is possible to see Process Explorer by Sysinternals and another program Wireshark (Linux version).