Find files created or modified by an installer

First-timer will hardly find such files as they cannot be easily distinguished among other system files. There are two solutions: take advantage of the tool that tracks all changes in the system like Find Any File, or use a soft that finds files by analyzing dates of creation and installation.

Logging tools

This technique is a bit complicated. However, it is quite efficient: record framework logging tool can show all changes in the register of files within the chosen period of time. The main issue of this approach is that you will see much more information than you actually need. That is why such tools are more appropriate for advanced users: they have the knowledge of the intended use of different file extensions, how such files work and how they may affect the system.

Good examples of tools that work the way described above are fs_usage and fslogger. There are plenty of explanatory materials concerning these two. Another popular tool is fseventer, but it could actually be considered a utility to fslogger. All in all, all these apps offer too much information that an ordinary user would hardly need.

Do next steps:

  1. Start the tool;
  2. Force the name of a program to the application;
  3. Stop the tool after certain period of time;
  4. Look through the report for changes.

The concept of Find Any File app

This app helps to discover all changes that have been made to the system. FAF is a logger. However, it is easier to use in comparison with other loggers because it provides levels of data and organizes data in such a way that it helps to identify changes and show what program did it.

How it works

  1. Note the time when you begin the installation of the new app;
  2. After the installation, run FAF and select the Modification Date – the amount of time it took for the app to be installed;
  3. Select the necessary catch mode to Find All by holding down the Option key. The program will relaunch in root mode (that may require an administrative password) and start searching for all changes to the hard drive;
  4. Click on Command-2 to see the progressive view – thus, it will be easier to track changes;
  5. You can also scan the documents according to their Creation Date.

Of course, there are many other apps that work as Find Any File. Yet, still, it is more efficient due to the fact that this tool can also search within the documents that are usually not covered by other clients.

Bring into notice that such searches should not be neglected in case you install the app that requires your administrative password: God only knows what changes it can make in the register. Some installers can reset creation dates of the files, so they are more challenging to find. That’s another reason why loggers are more efficient that inquiry tools.

The perfect way to explore every change to the app is to create a new application that uses all the benefits of fslogger or fs_usage and puts emphasis to the adjustments made by an installer or the application itself.

 

Leave a Reply

Your email address will not be published. Required fields are marked *