Slashdot Mirror

← Back to Stories (view on slashdot.org)

Good Freeware System Snapshot Tool For Windows?

Posted by timothy on from the esoterica dept.

Khyber writes "I'm doing a little personal research into a project that tracks what changes get made to your system every time you install a program. I know there are ways of checking through Windows Restore Points, but that's not what I'm trying to do. Instead, I'm going to start with an absolutely fresh Windows XP install, take a full snapshot of the entire installation on the hard drive, and burn that to a DVD (somewhat like a backup disc with an entire snapshot of my hard drive's current contents.) With every program I install, I'm going to take another snapshot, burn to DVD, and repeat the process until I have recreated every step taken to get to my current system state (all programs installed on a separate hard drive, all registry entries etc on the OS drive, with only snapshots of the OS drive being recorded.) The purpose for all of this I'm not legally allowed to talk about, due to confidentiality requirements. Does anybody know of such a program, preferably freeware, that will accomplish my objective, and are there tools that can be used to compare the difference in drive images?"

31 of 219 comments (clear)

  1. FOG might do it. by millia · · Score: 4, Informative

    Wow, quiet in here.

    FOG, aka Free Open Ghosting, at www.fogproject.org, will certainly take images of your hard drives; that's not a problem.
    And, I haven't played with it, but it has the capability to do install packages, so that meets the bit-by-bit portion of things.

    Like most open-source packages, FOG improves constantly, and recently, it's getting better by leaps and bounds.

    --
    stored on computers from birth to the grave
    1. Re:FOG might do it. by n1ckml007 · · Score: 3, Funny

      Windowskey + E then alt+printsrn then Ctrl-v to paste into MSPaint There's your snapshot

    2. Re:FOG might do it. by MrNaz · · Score: 2, Informative

      The best snapshotting tool I have found (I'm not entirely sure if this is what you are after, as the summary is not clear) is BartPE with the DriveImageXML plugin. It's free and legal, although you need a Windows XP disc to build the tool (no really, it's free and legal).

      I use it to install Windows fresh, add my apps, and then take a snapshot. If there is a virus attack or the install is otherwise dirtied, I can restore to a clean Windows install in around 10 minutes as opposed to the 2 or 3 hours it takes to get a bare metal box up and running with Windows plus all your apps.

      --
      I hate printers.
    3. Re:FOG might do it. by Gazzonyx · · Score: 2, Informative

      I've used FOG before, a few months ago, in fact. It just isn't production ready yet. IIRC, you had to install a service on the windows box, etc. The web interface was somewhat counterintuitive and left a bit to be desired. It also had a few rather annoying bugs. This may have changed since the last time I used it. I'd say that as it was a few months ago, you'll be pulling you hair out since it works just enough to let you see what it's capable of, and then falls through on delivery of said capability. Give it another few months if it isn't there yet, it will be great once it gets to RC maturity.

      I always fall back to using the PartImage live CD, or a live CD that uses partimage, and then booting a VM with the parted daemon to accept the incoming system image. It will GZip the image on the fly, then you can just split(1) and burn to DVD (dual layer burners are cheap now, but use archival grade media or DVD-RAM for long term storage... you'll thank yourself for spending the few extra bucks/pounds down the road.).

      Many live CDs have PartImage now, Trinity Rescue Kit, Ghost 4 Linux, Knoppix, System RescueCD (just had another release lately), and the rest of the usual suspects, as well as many forensics live CDs.

      FWIW, I have used partimage to mirror a Windows install on to another drive, and then back to the original again, and since you get a gzipped img file, you can use it with KVM, Xen, VMware (after conversion to vmdk or ovf). Check out Convirt for provisioning systems from a gzipped img file. It's also not production ready, but very cool nonetheless.

      --

      If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.

    4. Re:FOG might do it. by Anonymous Coward · · Score: 4, Interesting

      Norton Ghost is fairly cheap and Ghost Explorer will allow you to "browse" the images. I'm not entirely sure on the comparisons angle.

      Trying to make an "alternative system rollback/savestate" program are we?

      First, Ghost sucks. Not version 8, which was awesome, but the recent versions, which won't let you run ghost off the damn CD you paid for. No, you have to find an old copy and put that on a USB or other HD to run it from. B-tards.

      This guy isn't trying to make his own ghost, he's trying to clone registry keys and serial numbers so he can push a software install. So he's tryign to clone Installshield, but in a way that magically provides great MSI compatibility to installers that don't already have MSI functionality.

      AKA the windows tech pipe dream. And I say this after my last post was called an anti-apple troll because I suggested a $299 emachine laptop was "good enough" for most people vs a $1500 macbook :p

      Oh and thanks to OP for the FOG link. Hadn't heard of it.

      Captcha: atheism - the practice of not believing Steve jobs is God

      Take that mods :)

  2. I could tell you... by MikeV · · Score: 5, Funny

    ...but then I'd have to kill you. You know, confidentiality agreements and whatnot...

  3. I know of a free trial... by Daryen · · Score: 3, Interesting

    The best tool I have ever used is Prism Deploy.

    It isn't free, but they do have a free trial. I've tried a number of programs to package executable programs and manage Windows images, but nothing has come close.

    I'm really interested to see if there are any freeware programs that come close.

    1. Re:I know of a free trial... by Daryen · · Score: 3, Informative

      I agree, this is a poor choice if your only goal is a typical black box Windows image. However, listen to what the author was trying to do:

      I'm doing a little personal research into a project that tracks what changes get made to your system every time you install a program.

      As you know from using it, Prism Deploy allows you to see every single file change, registry change, file deletion, and file modification that has been made since the last snapshot. Sure, you could put all of that into an executable if you want and distribute that, but you could also save it as a prism image, and use that information to create your own package, or in the author's case, whatever undisclosed nefarious purpose he has in mind.

      I'm going to start with an absolutely fresh Windows XP install, take a full snapshot of the entire installation on the hard drive, and burn that to a DVD... With every program I install, I'm going to take another snapshot... all programs installed on a separate hard drive, all registry entries etc on the OS drive. [emphasis mine]

      I think that prism deploy (or a similar tool) would allow him to do this with minimal work.

  4. Rsync is your friend by frith01 · · Score: 2, Informative

    If all you need is an indication of what files
    have changed, then just use rsync --only-write-batch=FILE

    http://samba.anu.edu.au/ftp/rsync/rsync.html

    If you need more detailed descriptions (especially for registry changes) you may want to export the registry files in a pre-script, then diff the registry entries.

  5. WinINSTALL? by dsginter · · Score: 3, Informative

    WinINSTALL LE

    Download

    --
    More
  6. Re:DIY by tomhudson · · Score: 4, Insightful

    Instead of just making a copy after each install, make your copy after you install a program, then copy the original "clean" image back to the drive. Otherwise, you'll never know if a second program would have installed some files that the first program already installed.

  7. Xen? by SanLouBlues · · Score: 4, Interesting

    Sounds like a virtual environment is exactly what you need.

    1. Re:Xen? by Khyber · · Score: 2, Informative

      No, I do not need a virtual environment.

      I want to do this on a level THE REGULAR COMPUTER USER CAN ACHIEVE. This needs to be easily and SIMPLY explained and proven in a court of law. As the machine I will be doing this test on will be the same machine admitted as evidence, it will be much simpler to have it all contained within a pure windows environment.

      ANYTHING requiring Linux or Unix will not be that simple, period, as this only involves the Windows OS and the BEST evidence is a direct comparison through the Windows OS itself (i.e. what Windows reports as having changed)

      I've almost gotten what I need from a built-in windows tool - the ol' DIR command. DIR /b /s /A:AHRS > File.txt but I need a comparison tool that will show me the differences (like a grep for windows) so I can track what got changed, how it was changed, and WHY.

      Registry comparison tools would be helpful as well.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  8. Why? by ledow · · Score: 4, Interesting

    Personally, I use Ghost for imaging and if I want to find out what a program is doing, I run sysinternals File Monitor and Registry Monitor. They're real-time and don't record in a nice format but nothing really beats them on Windows. They've helped me diagnose hundreds of horrible modern and ancient installation programs used in an educational environment to allow network installation (why, exactly, do you need write access to C:\WINDOWS to run a Shockwave-based game for toddlers, etc.?).

    Linux/Unix has this much easier because it allows you to monitor EVERYTHING without massive binary blobs having settings stored in them, having settings locked to particular machines, etc. or things generally getting in your way. Windows, it's a pain in the proverbial.

    Even a lot of the professional MSI-Builders with their "discovery" modes are absolutely useless at working out what was actually a vital change and what was just the installer playing about, or the user changing their screensaver / explorer view preferences while they installed etc. I spend half my life cleaning MSI's of unnecessary cruft and inserting the entries that they miss. About 50% of automated install captures like this are useless for deployment to a different machine.

    Basically, despite the "secrecy" around your particular purpose (why did you have to mention that at all... it makes no difference to what you want and adds nothing to our knowledge), it's probably not worth the hassle. Before and after snapshots, or package the programs and MSI's and you'll find out everything you need along the way, with an actual, practical result at the end. Trying to diff a filesystem/registry image in any way is madness and is only useful if you can get a *perfectly* clean machine, a VERY good automated program to do it brilliantly, where you'll end up with a lot of cruft that isn't related to the program installation at all (e.g. event log entries, temporary files, taskbar icons saving their settings etc.).

  9. Virtualization by pipatron · · Score: 3, Insightful

    Do the install in a virtual machine like VirtualBox or similar. Then you can do as many snapshots you like directly.

    --
    c++; /* this makes c bigger but returns the old value */
  10. A good one pre-installed with windows... by Auroch · · Score: 3, Funny

    Well, I havn't read the article, but just hit prt-scr! Although, some computers require you too hit function+prt scr. Of course, linux and OSX have better screen shot tools built in. Linux also has GIMP, which does shots! Yup, clearly the answer is 'switch to linux'!

    Seriously, do we even need an article on this?

    ... I wonder how important the article is after all, but I'm too lazy to read it ... *sigh*

    --
    Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
  11. Regshot at sourceforge by metaphorplay · · Score: 3, Interesting

    I would recommend regshot at sourceforge. GPL'd.

  12. Linux live cd by Judinous · · Score: 2, Funny

    1. Install program on Windows 2. Boot to linux live cd of your choice 3. cat inputdevice > outputdevice 4. Repeat steps 1-3 as needed 5. diff 6. ????? 7. NDA'd

  13. I'd use xVM by florin · · Score: 3, Insightful

    You might of course just use any hard drive imaging tool, but this is rather slow and clumsy, and it will use a lot of disk space (which isn't necessarily a problem if you really wanna burn a DVD every time). It might be easier and quicker to use one that supports incremental backups. I like Acronis True Image a lot but it is not free.

    If you mainly want to document changes done to a running system over time, virtualisation products might fit your purposes well. Most of them have some sort of ability to make snapshots. The popular free VMware Server only allows a single snapshot, but Sun's xVM is every bit as good and does multiple snapshots easily.

    1. Re:I'd use xVM by Khyber · · Score: 2, Interesting

      virtualization takes TOO LONG.

      I'm going to be demoing this LIVE in court. That's NOT FEASIBLE AT ALL.

      I've got most of what I need - I just need a GREP tool for windows. DIR /b /s /a:AHRS > file.txt is fine for almost everything. I need a comparison tool.

      Does the command I listed above happen to record filesizes as well? The faster and quicker I can make this happen in court, the better off EVERYONE will be. It's gotta be simple enough for a JURY OF MINDLESS IDIOTS TO UNDERSTAND.

      In other words - LINUX, UNIX, etc IS FUCKING USELESS FOR MY REQUIRED TASK.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  14. Partimage by horatio · · Score: 2, Informative

    I was looking into taking a snapshot of a fresh+patched windows install because I was tired of reformatting and then spending hours reinstalling+patching.

    I checked out http://www.partimage.org/ which seems to be the tool targeting what you're trying to do.

    For me, it didn't work out because the only apparent way to burn an image to disc is to have DVD+RW media and I didn't have the patience to wait until I could get to the store to buy the rewritables.

    --
    There is very little future in being right when your boss is wrong.
    1. Re:Partimage by ternarybit · · Score: 2, Informative

      Try PING (PartImage is Not Ghost) -- ping.windowsdream.com

      Very flexible, lots of driver support, backup from/to CD, HDD, USB drive, FTP or network share, and GPL'ed. Active forum, too.

  15. Horribly Inefficient by Ralish · · Score: 5, Informative

    What you're aiming to do is perfectly valid but the method you describe in order to achieve your goal is horribly inefficient; I'd be hard pushed to think of a more time-consuming and difficult way to achieve your goal. My tip:

    This sounds like an absolutely ideal scenario where you could benefit from virtualisation technology. Install the system you wish to "monitor" in a virtual machine. I come from the VMware world, and I can say that the snapshots feature of VMware Workstation would do exactly what it sounds like you want. Whenever you wish to capture an image of the present state of the machine, take a snapshot. Further, you can take as many snapshots as you please, these snapshots can be built on previous snapshots, and you can even have branching snapshots. Icing on the cake: only the differences since the last snapshot will be saved, so you'll save a huge amount of data versus burning complete snapshots to DVD.

    What next? Simple, mount the snapshots as a drive on the host machine and diff them using the tool of your choice. I use WinDiff for basic directory/file comparison, but there's a multitude of options out there. The only problem I can imagine would be you probably can't mount multiple snapshots simultaneously from the same virtual disk, but you could get around this by just making a copy of the VHD on your HD and mounting the second snapshot off that.

    By the way, there's likely other virtualisation products out there (e.g. VirtualBox) that can achieve what I described above, I'm purely using VMware Workstation as an example as it's my virtualiser of choice. Further, VMware Workstation is not free, VBox is.

  16. i use becose of family (children f* evithin up in) by Hugorm · · Score: 2, Informative

    i Use http://www.clonezilla.org/ to backup the HD. nomaly i only backup the patision were the system is on, a 100GB HD i take 20 GB for the backup then it don't take me 3-10h to install windows + programmers + setup then it only take 10 mins. to get back on and the children can play agen. fist time i say to my border nothing can go rung it took him 10 mins to fuck windows up :) he was 6 at that time

  17. g4l by digitalhermit · · Score: 2, Informative

    There's a tool called Ghost 4 Linux that might do what you need. You boot with the g4l disk on your backup target. You can then specify a remote server or a local storage device to create the image backup. It doesn't matter what OS is being stored as it's a physical image.

    Files can be very large because it copies sectors, not files, so even deleted files can take space. To minimize this there are some disk zero utilities that will zero out the unused space on your drive.

    I use it often for backing up my Windows laptops.

  18. Re:Duh! by L4t3r4lu5 · · Score: 4, Insightful

    1. Download Linux Live CD (700mb).
    2. Boot to Linux Live CD. Find out your hardware isn't supported as MoBo is new.
    3. Download different Live CD.
    4. Repeat 2 and 3.
    5. Find Live CD which allows you to boot X. You're not a console monkey, so you need a GUI.
    6a. Wireless network doesn't work "out of the box." Find / make 30m patch lead to go from back of PC downstairs to your router. Download NDISWrapper and firmware. Configure wireless networking. Alternatively;
    6b. Look online for help using dd and sdiff, as you've never, ever heard of these applications.
    7. Read three different forums full of "OMG go bk 2 winbl0wz, n00b!11" posts regarding the same issue until you find one person who has managed to pry the information you need out of somebody with a small sense of community.
    8. Take image of Windows partition. Make coffee while you wait.

    Total time to complete, with downloading images: 9 hours 40 minutes.

    Total time to reinstall Windows XP, patch, and install games: 5 hours.

    THAT'S how tough it is. We're not all Linux users.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
  19. Re:NTBackup by L4t3r4lu5 · · Score: 3, Funny

    Mod parent -1 Sadist.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
  20. Regsnap will get your registry changes. by Airioch · · Score: 2, Interesting

    Regsnap from LastBit Software will snapshot the entire registry and system file
    lists (if you want it to) and save it out to a file. Once you make your changes
    or installations you can snapshot it again and then directly compare the two files
    and generate a difference file of all the changes to the system. It's a fairly
    useful utility for capturing what installers/applications do to windows based
    systems. Unfortunately it's not free.

  21. Re:Duh! by Curmudgeonlyoldbloke · · Score: 2, Informative

    Live Linux CD + dd + sdiff

    How tough was that?

    The question is "Livecd + dd + sdiff what?"

    It's easy to get a dd image of a running machine this way (and just as easy to do it using virtualisation-solution-of-your-choice, as everyone who isn't saying "just use dd" is saying).

    It's slightly less easy to work out which files have been added, which modified, and which deleted , since you last did it. You'll also need to work out which were changes due to the new software that you installed, and which due to stuff that happens anyway. Changes to text files you may be able to work out what they're for by looking at them, but changes to binary files you can't.

    You also need to treat the Windows registry as one or more "files", which you can read with dd, but if you want to get any sense out of it you're going to need to dump it to text first and compare those

    The really difficult bit is going through the sheer volume of data that you'll create doing this. How do you know that application a requires component c but didn't install it according to your diff because application b had already installed it?

    As part of my job I'll occasionally need to test the effect of a bit of new software in slightly different configurations and then retest it in the same configurations to make sure that it still does what it's supposed to do. Something like VMware is great for this (quicker than dd, because you're not booting off a CD every time you want to make a copy). Neither will help you analyze what's changed between image a and image b though.

  22. Re:Duh! by mrfriendly · · Score: 2, Funny

    I'm going for +5 Informative: http://en.wikipedia.org/wiki/Diff http://en.wikipedia.org/wiki/Dd_(Unix) At least by doing this you will educate yourself along the way. If you are opposed to self-education, here is another wikipedia entry for you: http://en.wikipedia.org/wiki/Ignorance

  23. Do my work, I can't tell you why by nacturation · · Score: 2, Interesting

    No kidding. The story seems a bit too much like "do my job for me". It says it's just a "personal research project" but if it really were personal, then there wouldn't be "confidentiality requirements". Maybe this guy's a RIAA/MPAA stooge and wants to more efficiently look for P2P software or something.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.