It has been a long time since Microsoft came out with this nifty little tool that could help you find what has changed on a system. It allows you to take snapshots and compare them before and after taking the snapshot. The basic functionality of the System State Analyzer tool is to allow you to compare two snapshots taken at different points in time. This allows you to compare the state of a machine both before and after an application install or probably you could use it in your VM as a first step in malware analysis or reverse engineering.
A typical screen of the Windows System State Analyzer:
The Hacker News

As you can see, the interface is divided into two panes, each of which is for a separate snapshot that you wish to compare. An amazing feature about this tool is that you can choose what you wish to include in the snapshot for comparison. You can compare drives, registry keys, services or drivers. This is how it looks:
The Hacker News

It allows you store detailed reports in simple .html files too! The Detailed Report displays the change summary and details filtered based on file extension and various other file properties. This is how a sample report looks like:
The Hacker News

This tool is a part of the Windows 2008 R2 Logo Software Certification and Windows 2008 R2 Logo Program Software Certification toolkits. Hence you will need to download the toolkits to get the System State Analyzer tool.
Download the Server Logo Program Software Certification Tool
(x86): here and (x64): here
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.