TIP: Config Baseline/Snapshot with WhatChanged

When something goes wrong or when you suspect that something is wrong, it is very difficult to pinpoint exactly what it is. Even for a seasoned system administrator, this situation can happen. Usually a scientific method followed for troubleshooting is in play but usually this method or procedure is very broad.

It is critical to establish a baseline or snapshot to compare with. And it is best to take a snapshot while the system is still healthy. One tool that can help in this is WhatChanged.

WhatChanged can take a list of files of your Windows drive and can also be configured to take a snapshot of every branch of the registry. If you suspect there is something wrong, or you got hit by a virus, compare the current state with the baseline previously taken with WhatChanged. This step can save you from a lot of time in troubleshooting what the probable cause can be. Whatever the purpose, whatchanged will list the files and registry entries that changed.

You can download WhatChanged from MajorGeeks.com or the author's website, vtaskstudio.com. It is amazing what a 96kb software can do.

WhatChanged is a system utility that scans for modified files and registry entries. It is useful for checking program installations. There are two steps for using WhatChanged:
1) First, take a snapshot to get the current state of the computer; 2) Second, run it again to check the differences since the previous snapshot.

Program interface look and feel is below.

Config Baseline/Snapshot with WhatChanged

To use it, just enumerate the drives you wish to monitor. It is recommended to put the drive where Windows is installed (usually C:). For multiple drives, just separate each drive letter with a space (e.g. C: D:). Then, tick the branches of the registry you wish to take a snapshot for baseline. For a thorough sample, tick all of the branches of the registry.

The software will then create files in the same path it resides. So make sure that the executable is stored in its own folder.

Config Baseline/Snapshot with WhatChanged

After taking a snapshot or baseline, you can backup the executable and the files it created to a USB drive or on another computer. If in the future you suspect something is wrong, just run whatchanged.exe and compare the results with the previous snapshot. More or less it should give you an idea where the problem lies or a clue where not to look (at the very least).

You might also be interested in:


We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This