Not sure if this question belongs to here, because it has some relations with 'serverfault' (system backups) and 'stackoverflow' (software analysis).

I'm looking for a solution to monitor disk changes on a Windows system and selectively revert them.

• It should be able to handle live files like registry parts, so may need to be an offline backup software.

• It shouldn't silently pass over files which the current admin user doesn't have permissions on (files with no permission entries or owned by the 'system' user)

• Registry change tracking would be a bonus but is not a requirement

I use virtual machines for malware analysis, there is even no solution to list file changes in disk snapshot files (delta VMDK).

I currently use Ashampoo for monitoring changes. Though it's the best one between similars, it's not a good software and hasn't really evolved in many 'platinum', 'deluxe' versions released in the last 10 years (it even used non-resizable windows until the latest version). The real problem is it misses some disk / registry changes. Perhaps it only compares modification dates and doesn't catch a change if the dates are preserved.

So, I think the solution should compare files using hashes, or file sizes at least. There are numerous backup software out there and I'm sure one can handle this, offline or online.