Hi,
I am looking for suggestions on different File/Register/Memory anylsis or monitoring tools, I currently use SysTracer which takes a before and after snapshot and then provides a comparison (Added/Changed/Deleted) however this works only at basic level so won't show changes to PEB/Memory/Kernel.
http://www.blueproject.ro/systracer (I have a developer share license if this tool is of interest to anyone).
There may not even be a single tool that can accomplish all this in one on x64 but some of you gurus may have a favourite.
My scenario would be;
Injector injects dll into notepad
Driver loads and protects notepad.exe
Cleanup
>> Analysis to see what is still visible from the above operations (Kernel object, Module object, Registry changes, File operations etc etc.
Thanks
I am looking for suggestions on different File/Register/Memory anylsis or monitoring tools, I currently use SysTracer which takes a before and after snapshot and then provides a comparison (Added/Changed/Deleted) however this works only at basic level so won't show changes to PEB/Memory/Kernel.
http://www.blueproject.ro/systracer (I have a developer share license if this tool is of interest to anyone).
There may not even be a single tool that can accomplish all this in one on x64 but some of you gurus may have a favourite.
My scenario would be;
Injector injects dll into notepad
Driver loads and protects notepad.exe
Cleanup
>> Analysis to see what is still visible from the above operations (Kernel object, Module object, Registry changes, File operations etc etc.
Thanks
