Found this one on securitytube
http://www.securitytube.net/Reverse-E...
Most of us install software downloaded both known and unknown sources. Sometimes, we might have a reason to suspect that the software in question may be doing some malicious activity on our PC - such as modifying a registry key, overwriting an important system DLL etc. In this video we will look at how to reverse engineer a software install process by using InstallWatch.
InstallWatch is a great piece of software which creates a snapshot of your system both before and after you install the suspicious piece of software. Then it creates the "diff" and tells you what are the new / modified / deleted files, registry entries, folders, INI files etc. This allows you to immediately check if something bad has happened to your system in the course of installing the said software. The software however, does not have an "uninstall" or "revert to original snapshot" option.
It is important to note that what we have done here is a kind of "installation forensics". In later videos we will look at more advanced techniques such as memory dumping and analysis, imaging a live operating system etc.
On this page of the site you can watch the video online Reverse Engineering a Software Install Process with a duration of hours minute second in good quality, which was uploaded by the user Christiaan008 18 June 2009, share the link with friends and acquaintances, this video has already been watched 18,654 times on youtube and it was liked by 42 viewers. Enjoy your viewing!