Using the Registry Watcher module, you can easily track what changes are made in the Registry and which process is doing them. Click on the Registry Watcher button in the lower part of the Command Panel to activate the module. The screen of the module is separated into four main parts. On the top left is the Registry tree where you can navigate to find the key you are interested in. To start monitoring a key you need to select it and press the arrow button that is in the panel on the right of the Registry tree. That moves the selected key to the top right pane where you see the keys that you have already added for monitoring. In the top center panel, there is also a Pause/Start monitoring button and a Delete button that affect the keys in the list of monitored items.
After a key is added for tracking, its monitoring starts immediately. To pause it you can select it from the top right panel and press the Pause button, transforming it into a Start button, in case you want to resume the monitoring again. If you do not want to monitor a key anymore you can delete it from the list with the Delete button.
In the lower part of the screen on the module is the Result Pane with Filter options Its content is updated in real-time showing data captured for the currently selected tracked key with many properties like Time of modification, Process Name, PID (Process ID), Registry Operation, Registry Key, Registry Value, Value New Data, Value Old Data, Value Data type.
In the upper part of the pane is the Filter section, which can be used to be filtered based on almost all tracked parameters. Also, from the Highlight field some text of interest may be highlighted. Monitored data for the chosen Registry key can be exported using the context menu command “Export List to File“. Supported formats are TXT, CSV, and XLSX.
Also from the context menu currently shown captured data can be cleared with the context menu command “Clean” and any Registry key can be opened in the Windows Registry Editor using the command “Open in the Registry Editor…”
All the captured data for all monitored keys may be exported using the button from the command panel – Export All. Supported formats are TXT, CSV, and XLSX.