List Registry changes by time

[Jordan]

List Registry changes by time

 

The default Windows Registry editor, much like many other default programs that ship with the operating system, is functional but severely lacking when it comes to features that it provides.

Search for instance is bare bones and does not provide you with an overview of all hits found, and there is no way to enter a key path directly to jump straight to it.

Third-party Registry editors add these features, and more. One interesting feature provided by Registry Finder, a free portable software for all versions of the Windows operating system, is that you can use it to list all Registry changes by time.

Listing Registry Changes by Time

 

Maybe you are wondering why you'd ever need that functionality. While most Windows users may have no need for it, and this is likely the reason why Microsoft did not add the feature to its Registry editor, it can be useful when you are troubleshooting issues, or want to know if specific keys have been modified in a time period.

Or, you are curious and want all changed Registry keys of the given day displayed to you.

Naturally, you may combine the date filter with others, for instance a string value or restrict the output to a certain key path.

Using Registry Finder for the purpose

Download, unpack and run Registry Finder on your Windows machine. It is provided as a 32-bit and 64-bit version, so make sure you download the right one for your system.

Open Registry Finder afterwards and select Edit > Find from the main menu at the top. Doing so opens the following "Find" menu that you use to find Registry keys.

 

 

The "modified in period" filter allows you to set a starting and end date for your search. You can leave the search term empty to display all Registry keys modified in the time period, or restrict results to the search string and other parameters such as a root key that you want searched.

As far as the date is concerned, you can set either a starting or end date, or both. Please note that results are limited to 10,000 by default, and that you will receive a prompt if the search hit the limit.

If that is the case, try limiting results to a specific key instead or narrowing down the search term.

The search results list a "date modified" value which shows when a key was modified the last time. A click on the header sorts the data based on it.

Registry Finder highlights the value, type and data of the key in its interface but does not reveal what has been changed actually as it is not a Registry monitor which records all changes made to the Registry.

Tip: If you want to monitor the Registry, try applications such as RegFromApp, What Changed, or Registry Alert.

 

Closing Words

Registry Finder is an excellent program that offers several advantages over the default Registry editor of the Windows operating system. While you may find the date-based filter useful, other program features such as tabbed browsing, better search results, or entering a path directly to jump to it may even be more useful than that.

 

 

Source

[Pequi]

Amazing, it works. Anyone know where Windows keeps the data about when a registry key is created or modified ?

TIA

[Jordan]

On 27/02/2016 at 4:42 PM, Pequi said:

Amazing, it works. Anyone know where Windows keeps the data about when a registry key is created or modified ?

TIA

 

i don't think windows is keeping tracks of modified or created registry keys by itself (or am i wrong?)

 

you need to execute the built-in fc.exe to see changes.

About FC.EXE:

 

Monitor changes to Registry in Windows 10/8/7 using built-in FC.exe tool

 

Windows does not have an in-built Registry monitoring tool. But you can use the Windows command-line program File Compare or fc.exe to compare two registry export files, and thus monitor changes in the Windows Registry.

Monitor changes to Registry

File Compare fc.exe

To use this File Compare or fc.exe program, first, export a .reg file, & name it as say rega.

After the change takes place export the changed .reg file & name it as say, regb.

Now, open a command prompt and type:

fc /u rega.reg regb.reg > regcompare.txt

Since .reg files use unicode, the /u switch, tells fc.exe to use Unicode.

You can now inspect the output regcompare.txt in Notepad.

WhatChanged

You can also try this 3rd party utility whatchanged to monitor the changes in your Windows 10/8/7 registry, easily.

 

 

Download this portable app whatchanged and run it before and after the changes.

RegShot

RegShot is another small registry compare utility that allows you to quickly take a snapshot of your Registry and then compare it with a second one; done after doing system changes or installing a new software product. The changes report can be produced in text or HTML format and contains a list of all modifications that have taken place between snapshot1 and snapshot2. Get it here.

 

[Pequi]

The util above does give the time the reg key was last changed. I was surprised, I didn't know that was hidden away. Rather like MS NTFS, which keeps the names of files long after you have "safely" deleted them.

When I install a program, I use Soft Organizer (available for free on comss) to log the actual install, and regshot when I register it, to see where the program stores the info. You can make regshot monitor any folders or even whole drives, as well as the registry.