Even when they appear idle, PCs are forever buzzing with background activity, as Windows and application processes save data to log files, tweak Registry keys and carry out assorted other updates. Normally this can be safely ignored, but sometimes – if you think you’ve just installed malware, say, and would like to check what it’s done – then you might wonder what’s changed on your system in the past few minutes. And that’s where DiffView comes in.
If you want to find out more about recent activities on your PC, then you’ll first need to tell DiffView where you’d like it to scan. Clicking the Files tab reveals an Explorer-type view where you can select particular folders – \Windows, say, or \Program Files – while the Registry tab allows you to select a particular area of the Registry.
Next, you’ll have to define how “recent” these changes might have been. Enter “5″ in the “Diff time” box, say, and the program will only look for items which have been created or modified in the last 5 minutes. (You can enter much higher figures here, but remember that there are legitimate background changes going on all the time, and the further back you go, the more these will clutter your finished report.)
With the configuration done, all you have to do is click “Scan files” or “Scan reg”, depending what you’re doing, and wait for the results. This can take a while if you’re scanning the entire Registry – so you might want to tag an extra 5 minutes onto your “Diff time” figure to make up for that – but be patient, it will finish eventually.
Once the process is complete, DiffView displays a tree view report of your system, instantly highlighting any recent additions changes in the areas you’ve specified.
And a Report button (scroll down in the “Common” box if you don’t see it) can even create a text report for reference later.
DiffView has its limitations. In particular, the program will only highlight new or modified files and Registry keys; it can’t warn you if something is deleted. And so if you want comprehensive real-time system monitoring, then you’ll still need to use something like Sysinternals Process Monitor.
DiffView can be very useful when you just need a quick ad-hoc check, though. And it’s also free, no adware annoyances, and a ridiculously small 71KB download, which works for us. On balance, the program will make an excellent addition to anyone’s troubleshooting toolkit, and you should go grab a copy immediately.
0 comments:
Post a Comment