mailing list archives
Re: [PEN-TEST] Autocomplete Function
From: Bill Weiss <bill_weiss () att net>
Date: Mon, 13 Nov 2000 23:50:10 -0700
Davidson,Sam(SDAVIDSON () CERNER COM)@Mon, Nov 13, 2000 at 03:27:57PM -0600:
Has anyone tried taking a sysdiff snapshot, then visiting some sites and
taking a diff shot to find the modified files?
This would be verrrry valuable info when compromised.
In response to the original (and maybe yours, I don't know), check out www.sysinternals.com. They have some "mon"
tools, such as RegMon and FileMon, which are damn helpful when wondering what that program's doing in there.