×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Good Freeware System Snapshot Tool For Windows?

timothy posted more than 5 years ago | from the esoterica dept.

Data Storage 219

Khyber writes "I'm doing a little personal research into a project that tracks what changes get made to your system every time you install a program. I know there are ways of checking through Windows Restore Points, but that's not what I'm trying to do. Instead, I'm going to start with an absolutely fresh Windows XP install, take a full snapshot of the entire installation on the hard drive, and burn that to a DVD (somewhat like a backup disc with an entire snapshot of my hard drive's current contents.) With every program I install, I'm going to take another snapshot, burn to DVD, and repeat the process until I have recreated every step taken to get to my current system state (all programs installed on a separate hard drive, all registry entries etc on the OS drive, with only snapshots of the OS drive being recorded.) The purpose for all of this I'm not legally allowed to talk about, due to confidentiality requirements. Does anybody know of such a program, preferably freeware, that will accomplish my objective, and are there tools that can be used to compare the difference in drive images?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

219 comments

FOG might do it. (4, Informative)

millia (35740) | more than 5 years ago | (#25719999)

Wow, quiet in here.

FOG, aka Free Open Ghosting, at www.fogproject.org, will certainly take images of your hard drives; that's not a problem.
And, I haven't played with it, but it has the capability to do install packages, so that meets the bit-by-bit portion of things.

Like most open-source packages, FOG improves constantly, and recently, it's getting better by leaps and bounds.

Re:FOG might do it. (3, Funny)

n1ckml007 (683046) | more than 5 years ago | (#25720507)

Windowskey + E then alt+printsrn then Ctrl-v to paste into MSPaint There's your snapshot

Re:FOG might do it. (2, Informative)

MrNaz (730548) | more than 5 years ago | (#25720807)

The best snapshotting tool I have found (I'm not entirely sure if this is what you are after, as the summary is not clear) is BartPE with the DriveImageXML plugin. It's free and legal, although you need a Windows XP disc to build the tool (no really, it's free and legal).

I use it to install Windows fresh, add my apps, and then take a snapshot. If there is a virus attack or the install is otherwise dirtied, I can restore to a clean Windows install in around 10 minutes as opposed to the 2 or 3 hours it takes to get a bare metal box up and running with Windows plus all your apps.

Re:FOG might do it. (1)

Moryath (553296) | more than 5 years ago | (#25720595)

Norton Ghost is fairly cheap and Ghost Explorer will allow you to "browse" the images. I'm not entirely sure on the comparisons angle.

Trying to make an "alternative system rollback/savestate" program are we?

Re:FOG might do it. (4, Interesting)

Anonymous Coward | more than 5 years ago | (#25721537)

Norton Ghost is fairly cheap and Ghost Explorer will allow you to "browse" the images. I'm not entirely sure on the comparisons angle.

Trying to make an "alternative system rollback/savestate" program are we?

First, Ghost sucks. Not version 8, which was awesome, but the recent versions, which won't let you run ghost off the damn CD you paid for. No, you have to find an old copy and put that on a USB or other HD to run it from. B-tards.

This guy isn't trying to make his own ghost, he's trying to clone registry keys and serial numbers so he can push a software install. So he's tryign to clone Installshield, but in a way that magically provides great MSI compatibility to installers that don't already have MSI functionality.

AKA the windows tech pipe dream. And I say this after my last post was called an anti-apple troll because I suggested a $299 emachine laptop was "good enough" for most people vs a $1500 macbook :p

Oh and thanks to OP for the FOG link. Hadn't heard of it.

Captcha: atheism - the practice of not believing Steve jobs is God

Take that mods :)

Re:FOG might do it. (2, Informative)

Gazzonyx (982402) | more than 5 years ago | (#25721529)

I've used FOG before, a few months ago, in fact. It just isn't production ready yet. IIRC, you had to install a service on the windows box, etc. The web interface was somewhat counterintuitive and left a bit to be desired. It also had a few rather annoying bugs. This may have changed since the last time I used it. I'd say that as it was a few months ago, you'll be pulling you hair out since it works just enough to let you see what it's capable of, and then falls through on delivery of said capability. Give it another few months if it isn't there yet, it will be great once it gets to RC maturity.

I always fall back to using the PartImage [partimage.org] live CD, or a live CD that uses partimage, and then booting a VM with the parted daemon to accept the incoming system image. It will GZip the image on the fly, then you can just split(1) and burn to DVD (dual layer burners are cheap now, but use archival grade media or DVD-RAM for long term storage... you'll thank yourself for spending the few extra bucks/pounds down the road.).

Many live CDs have PartImage now, Trinity Rescue Kit, Ghost 4 Linux, Knoppix, System RescueCD (just had another release lately), and the rest of the usual suspects, as well as many forensics live CDs.

FWIW, I have used partimage to mirror a Windows install on to another drive, and then back to the original again, and since you get a gzipped img file, you can use it with KVM, Xen, VMware (after conversion to vmdk or ovf). Check out Convirt for provisioning systems from a gzipped img file. It's also not production ready, but very cool nonetheless.

Re:FOG might do it. (1)

kv9 (697238) | more than 5 years ago | (#25722063)

I use G4U [feyrer.de] . it can snapshot your system on a remote server and do all kinds of neat tricks.

Acronis (2)

winterphoenix (1246434) | more than 5 years ago | (#25720017)

Depending on how long you need to keep the backup, Acronis [acronis.com] makes some great imaging utilities with free trials

Re:Acronis (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25720803)

Be careful - Acronis restore doesn't work properly with many USB 2.0 external drives.

It defaults to USB 1.1 speed.

Consequently, restores from a USB drive can take literally several days.

Check the Acronis True Image forums for many tales of woe about this.

The answer seems to be to build a BartPE disc with an Acronis plugin, but the exact process is shrouded in mystery and uncertainty.

Re:Acronis (1, Informative)

Anonymous Coward | more than 5 years ago | (#25721783)

The newer versions of Acronis do in fact use BartPE/WinPE for building the bootable media, so this might no longer be an issue.

Re:Acronis (1)

schwinn8 (982110) | more than 5 years ago | (#25722031)

I agree - I have had no end of issues with Norton Ghost starting with version 9, but Acronis (though not free) has been utterly simple to use and totally worth it.

I could tell you... (5, Funny)

MikeV (7307) | more than 5 years ago | (#25720023)

...but then I'd have to kill you. You know, confidentiality agreements and whatnot...

Re:I could tell you... (0)

Anonymous Coward | more than 5 years ago | (#25722203)

You're confusing Windows with Apple...

I know of a free trial... (3, Interesting)

Daryen (1138567) | more than 5 years ago | (#25720055)

The best tool I have ever used is Prism Deploy [newboundary.com] .

It isn't free, but they do have a free trial. I've tried a number of programs to package executable programs and manage Windows images, but nothing has come close.

I'm really interested to see if there are any freeware programs that come close.

Re:I know of a free trial... (1)

L4t3r4lu5 (1216702) | more than 5 years ago | (#25720875)

We use Prism App Manager where I work to perform remote installations, and it's appalling.

Prism is based upon taking a baseline image and checking for changes after an installation, which in itself is fine. You will get an identical installation of every package each time.

The issue arrises when you use an old package on a newly patched machine, and it overwrites a patched file with an older, unpatched version. This can happen when installing Office 2007 on a machine, then running an Office 2000 package, and is a real ballache when you've just ghosted a machine. (We have to use both side-by-side for continuity in coursework packages; A poorly thought out purchasing decision by the PHB gave us all the hard work. We should have just said "We're not installing it." and taken the flak, but hey... You live and learn...)

Anyway, this is offtopic; The guy wants disk imaging, not distributed app management.

Re:I know of a free trial... (3, Informative)

Daryen (1138567) | more than 5 years ago | (#25721307)

I agree, this is a poor choice if your only goal is a typical black box Windows image. However, listen to what the author was trying to do:

I'm doing a little personal research into a project that tracks what changes get made to your system every time you install a program.

As you know from using it, Prism Deploy allows you to see every single file change, registry change, file deletion, and file modification that has been made since the last snapshot. Sure, you could put all of that into an executable if you want and distribute that, but you could also save it as a prism image, and use that information to create your own package, or in the author's case, whatever undisclosed nefarious purpose he has in mind.

I'm going to start with an absolutely fresh Windows XP install, take a full snapshot of the entire installation on the hard drive, and burn that to a DVD... With every program I install, I'm going to take another snapshot... all programs installed on a separate hard drive, all registry entries etc on the OS drive. [emphasis mine]

I think that prism deploy (or a similar tool) would allow him to do this with minimal work.

Re:I know of a free trial... (1)

L4t3r4lu5 (1216702) | more than 5 years ago | (#25721387)

Upon further investigation (R'ingTFA), I see you also wish for image comparisons.

Prism certainly doesn't include this function.

Rsync is your friend (2, Informative)

frith01 (1118539) | more than 5 years ago | (#25720071)

If all you need is an indication of what files
have changed, then just use rsync --only-write-batch=FILE

http://samba.anu.edu.au/ftp/rsync/rsync.html [anu.edu.au]

If you need more detailed descriptions (especially for registry changes) you may want to export the registry files in a pre-script, then diff the registry entries.

DIY (0)

Anonymous Coward | more than 5 years ago | (#25720105)

The hard drive snapshot/comparison is easy enough with any number of *nix tools. The most straightforward would be cp and diff. In short: have a clean copy with an export of the registry (IMPORTANT!) in a fixed location. Make your changes, re-dump the registry. Reboot to Linux, copy everything, then create a diff with the original clean copy. As far as I know, that would be sufficient.

Re:DIY (4, Insightful)

tomhudson (43916) | more than 5 years ago | (#25720157)

Instead of just making a copy after each install, make your copy after you install a program, then copy the original "clean" image back to the drive. Otherwise, you'll never know if a second program would have installed some files that the first program already installed.

Re:DIY (1)

blincoln (592401) | more than 5 years ago | (#25721789)

While that is a better approach, I would argue that the entire concept of using a diff to try to determine what an installer is doing is usually a bad idea.

It can be useful for troubleshooting, but most people (and software vendors) try this kind of thing to build "repackaging" installer-builders. It's a terrible idea.

An installer may do completely different things depending on the system configuration. There is the factor you mention about existing file versions. If the user chooses a different install path/install options, has different OS components or software, etc. etc. that can potentially change things like registry keys or even the data inside binary files.

Unless you're building for an environment that is 100% standardized on a particular model of device, with a consistent OS version/patch level, there's just no point. Use the vendor's own MSI's or other installers in silent mode - that's what they're there for!

Using this type of approach for a pseudo-uninstall is equally dangerous, for similar reasons. Because Windows is such a hack-job for backwards compatibility purposes (which I think is the only option MS has, due to the public's perception that issues with backwards compatibility are their fault rather than the fault of terrible software developers), the only safe way to do this kind of thing that I can think of is what Vista does with its Windows-on-Windows (ew!) file and registry virtualization. It's a huge space hog, it's a waste of RAM (IMO), but it works.

Do it from your Linux partition (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25720131)

The easiest way is to run dual boot Fedora/XP. It will take you all of a couple of hours to install Fedora/Ubuntu/Whatever from a Live CD, partitioning the drive as required during the install. You can then backup the whole Win partition without Windows locking any files and what-not. Another approach is to add in another disk for that purpose, maybe a USB thumbdrive if your OS can boot from it.
The other approach is to use a VM machine. There are some cut-down versions of XP designed to work well in them.

Re:Do it from your Linux partition (0)

Anonymous Coward | more than 5 years ago | (#25720195)

Every default installation of any Linux system should contain dd to backup a partition, a diff tool to find out the differences, and a patch tool to patch a system from one state to another.

easy: (1)

pinky99 (741036) | more than 5 years ago | (#25720171)

knoppix + dd

Re:easy: (1)

TheLink (130905) | more than 5 years ago | (#25721247)

I used to use knoppix + dd + lzop

e.g.
time dd if=/dev/sda bs=131072 conv=noerror | lzop -c > /mnt/backupdrive/20081111-machine1-sda.img.lzo

(WARNING!!! Achtung!!! Do NOT typo the if=/dev/sda and make it of=/dev/sda there is a very big difference ;) )

gzip might be fast enough on modern CPUs to give near max disk speeds.
But I still only get about 33-35MB/sec with gzip on my core 2 duo for the first 1000 blocks of my drive (even cached!). lzop is much faster.

The conv=noerror is to tell dd to ignore read errors. If you are getting read errors, that's the time when you probably want to try to get as much data from the drive before it stops working, rather than try again from scratch and add the conv=noerror flag ;).

bs=131072 gives me OK enough speeds. Figure out what works best for your system - may be different for RAID etc.

time is to help you figure out if something fishy happened - e.g. it finished a bit too quickly ;).

Re:easy: (1)

Fweeky (41046) | more than 5 years ago | (#25721333)

dd_rescue > conv=noerror. It'll read in big blocks and when one fails, it'll drop the block size and retry, so you don't lose a 128k chunk when there's only one unreadable 512 byte sector.

Xen? (4, Interesting)

SanLouBlues (245548) | more than 5 years ago | (#25720173)

Sounds like a virtual environment is exactly what you need.

Re:Xen? (0)

Anonymous Coward | more than 5 years ago | (#25721091)

You could use vmware converter [vmware.com] to turn your physical machine into a virtual machine then continue to make your changes to the virtual machine only and use the features of the vm-host (vmware/virtual box/virtualPC/etc..) to track the changes.

I have a vague recollection that it's possible to track changes with the vm-host but I guess it all falls down if not. Do any vm hosts offer this?

Why? (4, Interesting)

ledow (319597) | more than 5 years ago | (#25720199)

Personally, I use Ghost for imaging and if I want to find out what a program is doing, I run sysinternals File Monitor and Registry Monitor. They're real-time and don't record in a nice format but nothing really beats them on Windows. They've helped me diagnose hundreds of horrible modern and ancient installation programs used in an educational environment to allow network installation (why, exactly, do you need write access to C:\WINDOWS to run a Shockwave-based game for toddlers, etc.?).

Linux/Unix has this much easier because it allows you to monitor EVERYTHING without massive binary blobs having settings stored in them, having settings locked to particular machines, etc. or things generally getting in your way. Windows, it's a pain in the proverbial.

Even a lot of the professional MSI-Builders with their "discovery" modes are absolutely useless at working out what was actually a vital change and what was just the installer playing about, or the user changing their screensaver / explorer view preferences while they installed etc. I spend half my life cleaning MSI's of unnecessary cruft and inserting the entries that they miss. About 50% of automated install captures like this are useless for deployment to a different machine.

Basically, despite the "secrecy" around your particular purpose (why did you have to mention that at all... it makes no difference to what you want and adds nothing to our knowledge), it's probably not worth the hassle. Before and after snapshots, or package the programs and MSI's and you'll find out everything you need along the way, with an actual, practical result at the end. Trying to diff a filesystem/registry image in any way is madness and is only useful if you can get a *perfectly* clean machine, a VERY good automated program to do it brilliantly, where you'll end up with a lot of cruft that isn't related to the program installation at all (e.g. event log entries, temporary files, taskbar icons saving their settings etc.).

Shockwave installs system files for it to run (1)

Joe The Dragon (967727) | more than 5 years ago | (#25720417)

Shockwave installs system files for it to run

C:\WINDOWS\system32\Adobe\Shockwave 11

the game may of needed to install a Xtra for Shockwave

C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras

Virtualization (3, Insightful)

pipatron (966506) | more than 5 years ago | (#25720205)

Do the install in a virtual machine like VirtualBox or similar. Then you can do as many snapshots you like directly.

Duh! (0)

Anonymous Coward | more than 5 years ago | (#25720209)

Live Linux CD + dd + sdiff

How tough was that?

Re:Duh! (4, Insightful)

L4t3r4lu5 (1216702) | more than 5 years ago | (#25721139)

1. Download Linux Live CD (700mb).
2. Boot to Linux Live CD. Find out your hardware isn't supported as MoBo is new.
3. Download different Live CD.
4. Repeat 2 and 3.
5. Find Live CD which allows you to boot X. You're not a console monkey, so you need a GUI.
6a. Wireless network doesn't work "out of the box." Find / make 30m patch lead to go from back of PC downstairs to your router. Download NDISWrapper and firmware. Configure wireless networking. Alternatively;
6b. Look online for help using dd and sdiff, as you've never, ever heard of these applications.
7. Read three different forums full of "OMG go bk 2 winbl0wz, n00b!11" posts regarding the same issue until you find one person who has managed to pry the information you need out of somebody with a small sense of community.
8. Take image of Windows partition. Make coffee while you wait.

Total time to complete, with downloading images: 9 hours 40 minutes.

Total time to reinstall Windows XP, patch, and install games: 5 hours.

THAT'S how tough it is. We're not all Linux users.

A good one pre-installed with windows... (3, Funny)

Auroch (1403671) | more than 5 years ago | (#25720225)

Well, I havn't read the article, but just hit prt-scr! Although, some computers require you too hit function+prt scr. Of course, linux and OSX have better screen shot tools built in. Linux also has GIMP, which does shots! Yup, clearly the answer is 'switch to linux'!

Seriously, do we even need an article on this?

... I wonder how important the article is after all, but I'm too lazy to read it ... *sigh*

Re:A good one pre-installed with windows... (1)

cosmocain (1060326) | more than 5 years ago | (#25720495)

you know, there's just one word to describe that answer:

ERM?!

Re:A good one pre-installed with windows... (1)

cosmocain (1060326) | more than 5 years ago | (#25720581)

okay, it might be "DUH!" as well...

i knew i would end up talking to myself - but i didn't see it coming that fast.

Re:A good one pre-installed with windows... (0)

Anonymous Coward | more than 5 years ago | (#25720535)

try reading the summary at least ;)

Linux live cd (2, Funny)

Judinous (1093945) | more than 5 years ago | (#25720239)

1. Install program on Windows 2. Boot to linux live cd of your choice 3. cat inputdevice > outputdevice 4. Repeat steps 1-3 as needed 5. diff 6. ????? 7. NDA'd

I'd use xVM (3, Insightful)

florin (2243) | more than 5 years ago | (#25720267)

You might of course just use any hard drive imaging tool, but this is rather slow and clumsy, and it will use a lot of disk space (which isn't necessarily a problem if you really wanna burn a DVD every time). It might be easier and quicker to use one that supports incremental backups. I like Acronis True Image a lot but it is not free.

If you mainly want to document changes done to a running system over time, virtualisation products might fit your purposes well. Most of them have some sort of ability to make snapshots. The popular free VMware Server only allows a single snapshot, but Sun's xVM is every bit as good and does multiple snapshots easily [techtarget.com] .

Re:I'd use xVM (1, Informative)

Anonymous Coward | more than 5 years ago | (#25720383)

Ditto. In my opinion, your methodology is insane and unlikely to produce anything of value -- Windows really is huge, and much of the data you're interested is locked away past the filesystem level of abstraction -- but doing it with a VM makes a lot more sense than doing it on actual hardware. You can switch between states easily. You can retain easily-bootable, read-only copies of previous states (say, if you want to dump the registry). In any event, you don't tie up an entire computer for this project, and you don't rely on booting the target computer to fish information out of it.

Seriously, virtualize.

Partimage (2, Informative)

horatio (127595) | more than 5 years ago | (#25720275)

I was looking into taking a snapshot of a fresh+patched windows install because I was tired of reformatting and then spending hours reinstalling+patching.

I checked out http://www.partimage.org/ [partimage.org] which seems to be the tool targeting what you're trying to do.

For me, it didn't work out because the only apparent way to burn an image to disc is to have DVD+RW media [sysresccd.org] and I didn't have the patience to wait until I could get to the store to buy the rewritables.

Re:Partimage (1)

dfdashh (1060546) | more than 5 years ago | (#25722021)

While partimage is excellent software for cloning/backing partitions at a high level, it does have its drawbacks. Specifically, it can't restore to a larger partition directly [partimage.org] - you'd first have to restore to the same size partition and resize it (while not a big problem, it is still a hindrance for me at least). This makes it a little tricky for when your old disk fails and you want to upgrade capacity when you restore.

Take a look at DAR [linux.free.fr] for your purposes.

DD (1)

jgtg32a (1173373) | more than 5 years ago | (#25720295)

Just use DD it's easy

http://www.ss64.com/bash/dd.html [ss64.com]

Re:DD (1)

ratboy666 (104074) | more than 5 years ago | (#25720931)

Sure, I'll "second" that.

Make sure the disk is zeroed prior to installing anything (dd if=/dev/zero of=/dev/sdb -- replacing sdb with whatever the drive actually is).

The partition the drive and install your software.

To capture -- dd if=/dev/sdb | bzip2 >image.bz2

I would use bzip2 instead of gzip for the slightly better compression. It would be possible to "delta" two images, but you didn't ask about it.

This presumes unix (linux), possibly as a "live cd"; it may be workable with "cygwin".

It is ALSO possible to capture just a single partition. Indeed, I would recommend this approach. Assuming you are using the first partition, partition the drive first. dd if=/dev/zero of=/dev/sdb1 to zero the drive. Install into that partition, and then dd if=dev/sdb1 | bzip2 >image.bz2 to capture.

MAKE SURE THE RECEIVING FILE SYSTEM IS NOT FAT32! You need something that will allow large files. ntfs or ext2/3 or something like that will work.

The image.bz2 file can be decompressed and used with (say) VMware directly, or it can be mounted (mount -t ntfs -o loop image /mnt would work under linux).

Linux LiveCD (1)

Lord Byron II (671689) | more than 5 years ago | (#25720313)

Get a Linux live CD and an external USB drive. Use rsync on the virgin installation and then you can use rsync to only archive the changes from that point on. If you are really stuck on having DVDs at the end of this, you can then merge the two rsyncs (the original with the changes) and burn that to disk.

Horribly Inefficient (5, Informative)

Ralish (775196) | more than 5 years ago | (#25720321)

What you're aiming to do is perfectly valid but the method you describe in order to achieve your goal is horribly inefficient; I'd be hard pushed to think of a more time-consuming and difficult way to achieve your goal. My tip:

This sounds like an absolutely ideal scenario where you could benefit from virtualisation technology. Install the system you wish to "monitor" in a virtual machine. I come from the VMware world, and I can say that the snapshots feature of VMware Workstation would do exactly what it sounds like you want. Whenever you wish to capture an image of the present state of the machine, take a snapshot. Further, you can take as many snapshots as you please, these snapshots can be built on previous snapshots, and you can even have branching snapshots. Icing on the cake: only the differences since the last snapshot will be saved, so you'll save a huge amount of data versus burning complete snapshots to DVD.

What next? Simple, mount the snapshots as a drive on the host machine and diff them using the tool of your choice. I use WinDiff for basic directory/file comparison, but there's a multitude of options out there. The only problem I can imagine would be you probably can't mount multiple snapshots simultaneously from the same virtual disk, but you could get around this by just making a copy of the VHD on your HD and mounting the second snapshot off that.

By the way, there's likely other virtualisation products out there (e.g. VirtualBox) that can achieve what I described above, I'm purely using VMware Workstation as an example as it's my virtualiser of choice. Further, VMware Workstation is not free, VBox is.

Re:Horribly Inefficient (1)

orabidoo (9806) | more than 5 years ago | (#25721233)

confirmed. VirtualBox does a great job and is freeware (there's even a GPL version).

even better, run VirtualBox on linux and create windows instances, then you have the best of both worlds: linux stability and security, and access to windows applications.

Re:Horribly Inefficient (1)

hAckz0r (989977) | more than 5 years ago | (#25721309)

I have to agree about the VirtualBox as a solution. If he makes a snapshot and restarts from that snapshot each time he could save a lot of time, and a separate snapshot OS/image could even be used for actually performing the delta imaging and comparison. The WinDiff on the other hand may be under powered depending on his actual purpose. If he is examining malware code he will need some more powerful tools to see what was actually changed, such as hidden NTFS data streams, raw disk sectors, etc. In that case some forensic tools might be a better bet in looking for that hidden information.

Forensic Toolkit could help there

http://www.foundstone.com/us/resources/proddesc/forensictoolkit.htm [foundstone.com]
http://www.foundstone.com/us/resources-free-tools.asp [foundstone.com]

There are lots of other Open Source forensic tools as well but this may get them started.

Re:Horribly Inefficient (1)

HTH NE1 (675604) | more than 5 years ago | (#25721633)

Also, unless you're only ever installing on the system and no one ever actually uses it, you'll probably want to take snapshots immediately before installation as well as immediately after. Things change just from day-to-day use. You wouldn't want a restore after a bad install to lose all your work since the previous install.

That's a lot of work just to keep windows working. (0)

Anonymous Coward | more than 5 years ago | (#25720325)

Consider that when you think about the additional cost of a MAC or the learning curve of Linux....

liveCD (1)

Fanro (130986) | more than 5 years ago | (#25720329)

Just boot from a liveCD, then clone the drive?

That would make sure that your clone is consistent, and since you cannot continue working with the pc while the cloning is in progress (that would certainly make it inconsistent), there is not much disadvantage in rebooting.

If you want to get fancy, install a second OS, and make a script that upon booting that OS automatically clones the first OS and then reboots. Any linux can do this easily.

Since you also have a second drive, the burning to dvd can happen later.

Already free and included in Vista (1, Informative)

Anonymous Coward | more than 5 years ago | (#25720359)

It is called the Shadow Copy. It will give you snapshots of the drive state periodically and all the changes (this is not Restore Points). More info can be found here...

http://sansforensics.wordpress.com/2008/10/10/shadow-forensics/

Re:Already free and included in Vista (1)

fiordhraoi (1097731) | more than 5 years ago | (#25720671)

It is called the Shadow Copy. It will give you snapshots of the drive state periodically and all the changes (this is not Restore Points). More info can be found here...

http://sansforensics.wordpress.com/2008/10/10/shadow-forensics/

Shadow copies do NOT track system changes. They track file changes only. Also, they would be unreliable for this sort of thing as the length of file retention is inherently unstable - the oldest shadow files are constantly being overwritten with the newest.

mtree (0)

Anonymous Coward | more than 5 years ago | (#25720361)

http://blogs.techrepublic.com.com/security/?p=283

Clonezilla (0)

Anonymous Coward | more than 5 years ago | (#25720389)

Clonezilla works well to take snapshots. http://www.clonezilla.org It's written around ntfsclone.

If you are just doing one machine, the Live CD works fairly well. Otherwise, FOG is a prettier server environment.

Installrite (0)

Anonymous Coward | more than 5 years ago | (#25720399)

http://www.epsilonsquared.com/

It will log and report all changes installs make.

i use becose of family (children f* evithin up in) (2, Informative)

Hugorm (990626) | more than 5 years ago | (#25720401)

i Use http://www.clonezilla.org/ [clonezilla.org] to backup the HD. nomaly i only backup the patision were the system is on, a 100GB HD i take 20 GB for the backup then it don't take me 3-10h to install windows + programmers + setup then it only take 10 mins. to get back on and the children can play agen. fist time i say to my border nothing can go rung it took him 10 mins to fuck windows up :) he was 6 at that time

So sorry, (0)

Anonymous Coward | more than 5 years ago | (#25720429)

I've already patented that.

Love,

Bill G.

Novell Zenworks for Desktops Snapshot Utility (0)

Anonymous Coward | more than 5 years ago | (#25720433)

www.novell.com

Wise Package Studio (0)

Anonymous Coward | more than 5 years ago | (#25720439)

Wise Package Studio will let you install apps watching exactly what changes are made to the system - also, you can repackage the app installer pretty much automagically to then remove exactly what was installed - effectively rolling the system back to it's pre-app-install state. Comes w/ a 30 day free trial and there's plenty of documentation/guides/tutorials if you look.

Macrium Reflect (2, Informative)

Darksun (97127) | more than 5 years ago | (#25720475)

Is free for personal use, makes images, creates a boot cd for recovery. very slick program.

Personal Research + Confidentiality Req. = ?!?! (0)

Anonymous Coward | more than 5 years ago | (#25720477)

What did you do? Sign an NDA with yourself?

Microsoft BDD (1)

Taywen (1404799) | more than 5 years ago | (#25720589)

Check out the Microsoft Business Desktop Deployment software. Free and pretty easy to setup and use.

sysprep (1)

Junta (36770) | more than 5 years ago | (#25720615)

Is there a reason why sysprep wouldn't work? It's already on your system I would wager.

PING (Partimage is not Ghost) (0)

Anonymous Coward | more than 5 years ago | (#25720629)

http://ping.windowsdream.com/
Can backup/restore partitions over a network or to a CD/DVD, maybe it's what you need.

Full Drive Image (1, Informative)

Anonymous Coward | more than 5 years ago | (#25720631)

Try http://www.feyrer.de/g4u/ It does full drive imaging at block level, and is free. It gzips the image, but you can unzip them and do a binary compare against them. Though storing complete drive images like this is going to be awfully painful, especially if you plan to burn them off to DVD.. As for the compare, there are a few free tools around there.

g4l (2, Informative)

digitalhermit (113459) | more than 5 years ago | (#25720659)

There's a tool called Ghost 4 Linux that might do what you need. You boot with the g4l disk on your backup target. You can then specify a remote server or a local storage device to create the image backup. It doesn't matter what OS is being stored as it's a physical image.

Files can be very large because it copies sectors, not files, so even deleted files can take space. To minimize this there are some disk zero utilities that will zero out the unused space on your drive.

I use it often for backing up my Windows laptops.

Sounds like you need a packaging solution? (1)

miffo.swe (547642) | more than 5 years ago | (#25720737)

From what i can understand what you really want to do is compare the differences between the installations of different apps? If thats the case any old MSI packaging solution will do the trick much better and with much greater detail. They almost all have a very handy function for tracking every single thing an application does on your computer. Some, like Emcos, are very easy to use and have a very clear and consistend interface for displaying the changes made. I assume youre not after what Windows XP does but rather what installations does.

For example, buy Emco Package Manager, install it on your pristine XP install. Start Emco and put it in recording mode. Do an installation / alteration / run your evil application of choice and stop the recording. Then you have all the alterations on screen easily readable.

Acronis TrueImage (1)

jrronimo (978486) | more than 5 years ago | (#25720753)

My weapon of choice is Acronis TrueImage [acronis.com] . Allows for complete drive imaging over a network, etc. They offer BartPE files so you can make a boot disc, though.

I use the boot CD all the time for rescue and recovery.

Re:Acronis TrueImage (1)

maxume (22995) | more than 5 years ago | (#25720885)

My retail box come with a boot cd.

I'm supposed to download the update and make my own though (but I haven't had any problems, so I haven't done it).

Freeware (1)

SteveHencye (1400473) | more than 5 years ago | (#25720767)

I would try something on download.com or just try a good google search. Seems like an interesting project. Good luck. -Steve

Two suggestions (1)

bhoar (1226184) | more than 5 years ago | (#25720829)

I don't have any free tools to recommend. With that in mind...

1. Many of VMWare's commercial tools have built in capabilities for storing multiple revisions of a computer configuration in as little space as possible - each different install can be a change set keyed off a previous install. Of course, you have to stick to virtual machines for this to work.

2. For my day to day personal Windows hardware I use DriveSnapshot ( http://www.drivesnapshot.de/en/home.htm [drivesnapshot.de] ). It can perform image backups of the running system (even the boot disk). In addition, it gives you the ability to perform Differential backups which store only the changes from the root backup. It also is able to reduce IO on the differential backup by a) only reading allocated space on the source drive and b) storing a hash file for each root backup so that you don't need to perform as much IO on the backup target volume.

You can download a 30-day-ish trial for free. After 30 days, you can still restore from those backups, but if you want to continue to back up, you need to buy it.

It has some super sneaky hackerish administrator-friendly capabilities. e.g. the same executable runs in both windows as a GUI and DOS (even a DOS floppy) as a command line, you can create network boot disks for network restores from a samba share, etc.

And lastly, the author (Tom) is good at responding to email.

-brendan

some sticky points (1)

BillAtHRST (848238) | more than 5 years ago | (#25720847)

While there are a number of ways to capture and diff information (VM's probably being the best), the diff's may be a bit hard to interpret, depending on what you're trying to identify -- otherwise diff's will just show you that two files have different bit patterns, but what do those bits mean?
Two areas immediately spring to mind:

- the registry is probably the most important object you want to monitor, so you'll need to somehow export the registry into a diff-able format.

- windows also uses "structured storage" (basically a filesystem in a file) for a lot of things -- you'll also need to be able to export those somehow?

Easier approach? (0)

Anonymous Coward | more than 5 years ago | (#25720887)

Get Process Monitor from Microsoft; it monitors files, registry and process/thread activity (the last of these not so interesting to you for this). There's filters you can apply so you don't have to see all the failed attempts to read registry keys.

It won't help you if your program does stuff at shutdown/startup though.

Several Options (0)

Anonymous Coward | more than 5 years ago | (#25720909)

* DriveImage XML is free for personal use

* Archos True Image is not free ($50) but does support incremental image backups (which would be very useful for your needs.)

* If you have a Seagate Drive, you can use DiskWizard from Seagate (which is a version of Archos True Image.)

ZFS (1)

DiSKiLLeR (17651) | more than 5 years ago | (#25720971)

If only Windows ran on ZFS :(

Us Solaris peeps do *exactly* this. Take a snapshot immediately after install, take another snapshot after configuring the system, take any additional snapshots later...

I would post an output from zfs list showing all the snapshots taken on the root filesystem, but unfortunately slashdot's lameness filter REFUSES to cooperate telling me to use fewer junk characters :(

FreeBSD http://wiki.freebsd.org/ZFS [freebsd.org] and MacOSX http://www.apple.com/macosx/snowleopard/ [apple.com] will soon have proper ZFS with boot support.... and Linux's ZFS-Fuse Implementation is great. Hell, it won't be long before Windows will be the only (worthwhile) OS that will be without ZFS soon.... maybe Microsoft should abandon WinFS (oh yeah, they did) and just port ZFS over.

Re:ZFS (1)

Fweeky (41046) | more than 5 years ago | (#25721367)

FreeBSD's UFS2 supports snapshots too, though they're not as effecient as you might like.

I'm pretty sure NTFS supports snapshots in the form of the volume shadow copy service, but they're not as clearly exposed to the user.

Re:ZFS on FUSE (1)

danpritts (54685) | more than 5 years ago | (#25721843)

So you say "ZFS-Fuse is great".

You're the first person i've heard say that; everywhere else i see "horribly slow" and similar comments.

I take it you've actually used ZFS under FUSE on linux?

This isn't exactly free... (0)

Anonymous Coward | more than 5 years ago | (#25720977)

...but it seems like everyone else is out of ideas.

www.martau.com - Total Uninstall

There's a free trial, though. It lets you launch an installer inside of itself and records every registry, file, etc that is changed, added or removed by the installer (can have other uses besides installers of course).

Confidentiality agreement for personal project? (0)

Anonymous Coward | more than 5 years ago | (#25721093)

You know that the American legal system has gotten out of hand when one has to worry about breaching a confidentiality agreement for personal research.

WDS - ImageX - Mount WIMs and compare files (1)

Marble68 (746305) | more than 5 years ago | (#25721193)

Have you tried the free partition imaging tool from Microsoft, WDS? Build a server with DHCP, install WDS and configure PXE boot. Then, after each step, you can boot off the network and create a WIM file. The nice thing is you can mount the WIm files on "mount points" which appear as folders. This is very handy as you can then do deep analysis of the files at a bit level. You could literally compare two folders and all contents and tag only the files that have changed. of note: WDS and ImageX only capture the files. If you are doing rootkit or virus research, some of these may do some funky stuff with the file system which may not be picked up by ImageX. But Otherwise; this is a free solution with the added benefit of using the same tool (imagex) to allow you to "mount" a WIM file for analysis. HTH! Marble68

Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#25721355)

SpyMe tools: http://www.lcibrossolutions.com/spyme_tools.htm

rdiff-backup (0)

Anonymous Coward | more than 5 years ago | (#25721465)

use rdiff-backup for windows

only stores the diffs

makes full reports of the files that have changed each time!

macrium reflect (0)

Anonymous Coward | more than 5 years ago | (#25721495)

I'm using macrium reflect for a similar purpose

Why did this even get posted? (0)

Anonymous Coward | more than 5 years ago | (#25721549)

dd, partimage, ntbackup, mkisofs, etc. There are dozens of free options to take incremental backups or snapshots of your system.

partimage seems like it might be what you're looking for specifically. I like to use the system rescue cd (http://www.sysresccd.org/), which has partimage, for this sort of thing.

Imgdeploy and ImageX are free (1)

jwillis84 (1404829) | more than 5 years ago | (#25721559)

Microsoft one upon a time used a version of Powerquest Deploycenter or something like it.

They bundled a tiny copy in ADS 1.0(Active Deployment Services or something like that) as imgdeploy, at 512 KB its likely to be the smallest utility you can find for free (as in cost not code) from a commercial software company that can do basically anything ghost can do. It's block based so it should fairly flexible operating system wise. The only difficult thing is downloading the large wrapper that is ADS 1.0 and sifting through it just to get the imgdeploy.exe. The same binary does capture and deploy.

If you have a mini-me operating system like the winpe, bart or something you could wrap a .hta application to give it a smiley interface, otherwise you can figure out how to use it from the cmd prompt usage message. You don't really have to read the docs.

In ADS 1.1 I believe they replaced this with ImageX which is a small utility for creating wimages.. think swim-sandwiches.. and you'll get the pronounciation. Wimages based on the .wim (no I'm not kidding ;-) whimsical isn't it?) are file based and go hand in hand with Vista installations. They might be more to your liking if your thinking incrementals since they are file based.

There is a tar like utility for windows called str or something that is very tiny and does the streaming archive thing.

There are a bazillion answers to this.. but those should get you started.. and don't forget Bacula if you have a fast gig switch.. you probably need to get the images off and on your hard disk fairly fast.

Regsnap will get your registry changes. (2, Interesting)

Airioch (716068) | more than 5 years ago | (#25721561)

Regsnap from LastBit Software will snapshot the entire registry and system file
lists (if you want it to) and save it out to a file. Once you make your changes
or installations you can snapshot it again and then directly compare the two files
and generate a difference file of all the changes to the system. It's a fairly
useful utility for capturing what installers/applications do to windows based
systems. Unfortunately it's not free.

Microsoft provides imagex to do the job - FREE! (0)

Anonymous Coward | more than 5 years ago | (#25721841)

I know everyone hate Microsoft, but they actually provide a free imaging tool which includes the ability to edit those images.

http://technet.microsoft.com/en-us/library/cc722145.aspx

Microsoft provides even more tools, all free.

Anonymous Coward (0)

Anonymous Coward | more than 5 years ago | (#25721861)

You don't need any of those crap programs. www.epsilonsquared.com
get intallrite

It's free.

takes a snapshot of registry, ini files, file system etc... you install everything u want. (you can do every step after the bare xp install if you want, although i recommend after drivers are in properly.

it makes a single self exe file, click and you're done. Office 2003 for example took like 1 min to install tops.

want to deploy across the network? just make an oldschool batchfile and use PSEXEC from the microsoft PSTOOLS suite. (glad they bought out a good company :) )

IstallWatch is another useful one, when you want to see what those pesky setup files are up to in case you want to make some "adjustment's" later ;)

This wouldn't happen to do with... (0)

Anonymous Coward | more than 5 years ago | (#25721965)

Securom or anti-piracy measures would it?

imagex? (0)

Anonymous Coward | more than 5 years ago | (#25722035)

Microsoft has a tool like this called imagex, which is a free download. AFAIK you can even use Windows Setup from Vista to install said snapshot. And yes I believe it can install XP images too.

if people are going to put up not free options (1)

Anarke_Incarnate (733529) | more than 5 years ago | (#25722065)

then you have to look at drivesnapshot. Drivesnapshot.de is the website, it isnt "cheap" but not expensive and worth EVERY penny. This plus the software at runtime.org for data recovery and you are set for $200

I wish I could remember what it was called! (0)

Anonymous Coward | more than 5 years ago | (#25722089)

I used to work for a company in the UK and we did something very similar.
There was very old little app we ran on a VM install of XP (native company wide OS).
You'd use it to snapshot the system, then install the program, do anotehr snapshot and compare.
It would show you all the registry changes, LL's, system writes, and application files.

Using that info we'd create cumstom packages to allow AD to roll them out to machines as requested over the network.

The software was hideously old. Garrish GFX and for the life of me I cannot remmebr what it was called.
The IT dept there has been outsource to IBM now and no one remains else I'd ask them and still be using it to this day!!

Damn annoying when you know the tool exists, but google is no help :o/

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...