6

I already know some programs can compare between two snapshots but they only work on my real machine but I want to know how to know the difference between two virtual machine snapshots

Example :

->Create new VirtualBox virtual machine 

->Install windows

-> take snapshot (1)

->Execute a malware

->take snapshot (2)

now how can i know the new , the edited and the deleted files or registry keys or any other thing ( What the malware have done on the system ) ???

Please focus on how to know the file changes

Improve this question
4
  • Your step 4 is interesting: "Execute a malware" :)
    – Leo Chapiro
    Commented Sep 16, 2015 at 9:32
  • Take a look: serverfault.com/questions/41683/…
    – Leo Chapiro
    Commented Sep 16, 2015 at 9:38
  • 2
    it was a great idea but i'm already using the same program but there are two problems 1) it takes a long time 2) it can't detect what rootkits have done "they can hide their files & registry keys" , Thank you anyway ^_^
    – Khalil Bz
    Commented Sep 16, 2015 at 9:47
  • Ever come up with a solution to this?
    – ylluminate
    Commented Aug 31, 2019 at 19:48

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .