Tuesday, April 04, 2006

SysAdmin Utilities on a USB-Stick List

First things first....a brief disclaimer:

There are quite a few "The Best of" lists on the Net for software including best freeware and Open Source offerings. Time and time again the list makers usually share a good number of items common to all. I guess if software really is "The Best" it will invariably show up. This isn't a "Best of" list. I'm not that clever or smart.

But even though I am a bit jaded, I do like to click through these "Best of" lists anyway and check them out. I have sometimes been rewarded and found a few hidden gems that way had I not walked though someone else's zen-garden.

So I've decided to audit my USB stick and list my "must-carry" applications. Although I sincerely hope any visitors might find some "gems" of their own here, the purpose is also for me to have the download links handy for quick version updating and recovery--if it ever gets lost/destroyed.

A brief introduction:

I've listed (almost) all the contents of my USB stick. It is a 512MB flash-stick. I really could use a 1GB or 2GB USB stick, but this is good enough--so everything listed should fit (with maybe the exception of the both sets of unpacked Microsoft Windows Support tools. I just keep the W2K ones on, but have the XP ones handy on my laptop if I need to trade them out.

All of the application listed can (some--with a little tweaking) run directly off the USB stick on most all XP/W2K systems; without installing them on the host system. That is an important criteria to me as I am often going from pc-to-pc and I can't take the time to install/uninstall them each time. One or two applications require some specific .dll or .com files and if you figure out what they are, just copy them into the application folder on the USB stick and you are good to go. (I'll expand on this in a later post...)

The applications I have may not be the "Best" in your opinion. In some cases I would fully agree with you. Honestly, they aren't the "Best" in my opinion, either. HOWEVER!--I've chosen to use them because they are either 1) very small on file-size, 2) very specific to the task I need to use them for, 3) are free/Open Source/(un)limited trial, 4) licensing restrictions prevent me from using my first pick or, 5) I really didn't know a better one existed!

Also, these are applications I depend on for my sysadmin work. So no "games" or "media-players" although I know there are quite a few nice "standalone" ones out there. I use many of those on my desktop at home--but that's another post as well. No drivers, either. I generally don't carry "setup/installation" software on my USB stick. I can snag stuff of the network/Internet if I need to. I do quite a bunch of malware cleaning so there is a heavy emphasis on that here. And though I may not use all the tools listed here every time, I like to have them handy when I need them.

Some tools listed are very similar or even identical in function, but because of the different interfaces/GUI/options/etc. between them, I like to carry several.

Warning: A few of the applications listed here may/might/will set off your Anti-Virus sensors. TVNC for example allows you to remote-control another pc--so some AV vendors flag the files as "trojan." Well, in the strictest sense, it is. Also some of the OS product key finders get flagged as well--because they could be used to steal your product key. I need them to be sure to get the system key before I do a system reload of some pc's at work. Also, for some reason ; ) the IP/port scanning tools sometimes set off alarm bells as well...go figure. Because I'm not a programmer, I can't examine the coding on all these, so I have to use them with a bit of trust after doing research and getting referrals from other sysadmin's I trust. Don't take my word for them. Check them out first--that's why I'm giving you direct links to the software developers where-ever possible.

Folders are listed in brackets "[application name]" while applications that don't really need their own folders are listed without brackets under the [Folder Name]. This is just how I organize my USB drive.

Finally, be sure you follow the software developer's license requirements. Just because stuff is "free/Open Source" doesn't necessarily mean you can use it with impunity at work/etc. Respect the developers rights. Support them and their software both with your respect and your $$$. Be kind.

And so,

Claus Valca's SysAdmin Utilities on a USB-Stick List.

USB Root:

copy of my bookmarks.html file from my desktop pc Firefox profile (handy as most all browsers can open the file/links)

[Remora USB Quick Launch] (launcher is on the root of the USB Drive)


BHODemon - Browser Helper Object (BHO) managment/info tool.
BHOList - List of many known BHO's for quick research.
Start_ups - List of many known system startup files and if they are good/bad.
StartupInfo - Provides list of apps that run at startup
Start Up List 2.0 - Merijn's application to check system files that execute at startup.
CopyLock (prior version--I like to keep it around) - delete locked files.
LockFileWizard (current version) - delete locked files.
DeleteLater (DiamondCS-command line tool to delete file at reboot)
HJTHotkey web-lookup tool for HJT findings
LavaSoft's Ad-Aware-SE Personal - malware scanner (personal use only folks!)
[Rootkit Tools]
RootkitRevealer (SysInternals) - Scans for rootkits - newly updated!
RunAlyzer (Safer-networking Beta "autostart and configuration manager" tool from SpyBot folks Description here.)
CompatAlyzer - (Safer-Networking "Windows PE file" analyzer tool --Beta!)
SpyBotSD (version 1.4) - malware scanning tool.
Spywareblaster - prevents malware installations for IE and Firefox.
Unlocker - delete locked files utility.
WhoLockMe - locked files windows shell extension.
a-squared HiJackFree - very neat multi-purpose system investigator.
bugOff - tool to disable some very specific browser hijackers--almost never used.
CoolWWWSearch.SmartKiller - CWS anti-malware tool.
CWS Shredder - Trend Micro's CoolWebSearch browser hijacker cleaner.
ForceDelete - another locked-file deletion utility.
HBUninst - Hotbar's own utility to force uninstall their application.
HijackThis - current version 1.99.1. My all-time heavy-duty anti-malware utility tool. Very full featured--not for noobies!
Hijack This - prior version 1.98.2 (kept around just in case!)
IBProcMan - standalone process manager--bundled in HiJackThis v 1.99.1
Kill2Me - removes the Look2Me malware.
LSPFix - utility to repair malware damaged Layered Service Provider settings.
RemoveDomains.reg - deletes IE browser zone hijacks from registry. Go to the website copy the correct text listed into "notepad" and save as the filename listed. Execute the file to update/clear the impacted registry.
ToolbarCop - helps clean up malware imacted IE browser "add-ons"
WinsockxpFix - another LSP cleanup tool to fix internet connections after bad malware hijack.
wntipcfg.exe - MS GUI based IP setting utility. You need to get it from the Microsoft W2K Resource kit

[ClamWin] - USB AV - standalone style!
Stinger - McAfee's AVERT standalone AV scanner tool (updated often).

[AOPR] - Advanced Office Password Recovery--when users forget their own passwords!)
[Eraser] - Secure file deletion
[BLOWFISH ADVANCED CS] - another sercure file deletion and encryption tool
[ERUNT & NTREGOPT] - Lars Hederer's collection of registry optimizers and backup tools.
[FastStone Image Viewer] - image viewer, thumbnailer and basic manipulator
[FlpImager] - create and write images of floppy disks. More useful than one would think.
[KeePass] - Open Source encrypted password manager utility.
[PSPad] - text and HTML (and other stuff too) editor
msconfig - get the actual file from an XP system, that one will work on W2K systems.

misc documents I need or sync

[Microsoft Support Tools]
Windows XP Service Pack 2 Support Tools (unpacked)
Windows 2000 SP4 Support Tools (unpacked)

[Downloads] Note: used as landing zone for setup files I download.
TIGHTVNC remote desktop control software. (zipped until I need it.)

[Notepad2] (my text editor of choice)

[Portable Firefox] - Get all the files needed to run directly off a USB stick!

[Portable Thunderbird] - Get all the files needed to run directly off a USB stick!

[7zip] - compressed file manager (i.e. ZIP,CAB, etc...)
[a43] - file manager
[Add Remove Pro] - cleans up Add/Remove Program List
[Advanced IP Address Calculator] - calculate IP information
[Advanced IP Scanner] - scan for active/dead IP's on a network
[Advanced Port Scanner] - scan for active/dead ports on a network
PacketMon - IP packet sniffing tool (very small and light!)
SuperShredder - secure file deletion tool
[apt] - (Advanced Process Termination) - kill running processes using 9 different methods.
[bst5] - (Bart's Stuff Test) - hard-drive stress tester.
[DataRecovery] - deleted file recovery tool.
[Disk Investigator] - read raw drive sectors, clusters, etc.
[Easy Cleaner] - multi-talented Windows registry cleanup tool.
[FileAlyzer] - basic file analysis tool.
[folder2Iso] - create an ISO image of any folder/subfolders.
[FolderSize] - nice GUI tool to see size of drives, folders, etc.
[freeCommander] - my favorite alternative Windows file manager utility. Lots of features.
[HDTune] - hard drive information and status utility
[HoverIP] - multi-use IP tool
[i.Ftp] - GUI based File Transfer Protocol utility. Handy.
[ImgBurn] - burn ISO images to CD/DVD (and more)
[IndextDatSpy] - view the contents of Windows index.dat files
[InstallWatch Pro] - monitors your pc to find out what gets installed and where.
[ISOBuster] - extract individual files from ISO images.
[killbox] - handy Tool to kill files locked up in use by malware/system.
[LCISOCreator] - make ISO files from disk media
[Off By One] - light web browser
[PCIFileRec v4] - data recovery application. Very good.
[Process Viewer for Windows] - another Windows process viewer utility.
[PrintKey2000] - screen capture utility
[RegClean] - registry cleaner for Windows (except XP) Read carefully before using!
[RegistrarLite] - registry Editor (enhanced)
[RegSeeker] - registry tweaking/cleanup tool.
[Safarp] - quick Add/Remove program utility
[Widget Print Directory] - utility to print directory listings.
[xpy] - very handy XP system tweaker to combat some malware threats.
Autoruns - what programs are set to run at system startup?
BinText - file text extractor
CurrPorts - what TCP/IP and UDP ports are open on your PC?
FileMon - what files are being opened/closed/accessed on your system?
IPNetInfo - IP lookup tool
JDirPrinter - Another directory printer. I think this download location is legit. Google for others...
Keyfinder - (Magical Jelly Bean Software) - finds Windows System Product Keys
MD5 Hash - use to verify files are exactly the same (well, not technically perfect but good enough for most folks!)
Process Explorer - my second-favorite system utility of all-time from the SysInternals Mojo Masters.
regedit - copied from a Windows pc.
Regmon - SysInternals tool to monitor registry calls on a system.
RockXP 3.0 - find more product keys.
Startup Control Panel - another system startup utility application
System Info for Windows - get a major listing of everything about your system.
ReSysInfo System Information Viewer - another program for system information auditing.
Tcpvcon, TCPView - view network stuff.
TDIMon - another network tool
Trout - IP Trace Route tool
WhatChanged - pre/post installation / setup monitor and comparison tool


The following are additional items I would install if my USB disk was a bit larger:

[Portable Open Office] - An office suite on your USB - Get all the files to install here.
[AnalogX] - has a generous heaping of handy tools and applications.
[Foundstone] - has a comprehensive collection of forensic, instrusion detection and penetration testing tools. Wow! Decisions decisions!

Not entirely USB related but good to keep alongside your USB:

Bart's PE Builder - Make a "Live CD" XP boot disk. Kinda technical to do, but cool.
Damn Small Linux or Knoppix Live Linux Boot CD, every SysAdmin should have at least one Linux Live CD distribution!
How to Run Linux on a USB Drive - If you got the space, why not!
Ultimate Boot CD - Lots of good emergency utilities.
Darik's Boot and Nuke - secure HDD wipe boot disk (cd or floppy)

Hope you enjoyed the list.

If you have any suggestions to make or additional applications that you think I would be interested in trying...leave a comment!

Aways keep your tools handy!


DjLizard said...

I enjoyed your list a lot, and I'm going to post a few suggestions (tech to tech) that might save you/your clients time/money. Some of this stuff I've made myself.

If you don't already know about this, you might want to save the "printer friendly" version of the following page to your USB drive for reference: http://wiki.DjLizard.net/SVI
I have used this procedure a million times and it has saved a lot of people time and money. You might be surprised at how easy it is to identify where a registry roll-back would fix the problem, and how many times it actually does fix the problem.

Re: Linux
You might want to check out RIPLinux - it has exactly what you need and nothing more. You can do the best tasks from console, so you don't really even need the X version. If you don't get the X version, you could actually partition a larger USB drive to contain the stuff on your list in one partition and RIPLinux for USB drives in the other.

Use 'fdisk -l' to identify the detected drives/partitions
Use 'badblocks -sv /dev/hda' to scan a drive for bad sectors. Replace /dev/hda with the actual device you want to scan (which can be any kind of device, not just hard drives or their partitions). If you include the number then you are scanning just that partition. When using -sv as the parameters, badblocks will sit on one line printing the current sector / the last sector until it hits a bad block, at which point it will print the bad block # and print a carriage return. If you see that, Control+C and...
Use 'ddrescue' to clone a failing drive (or to be more accurate, a failing device) to a known-good device.

Syntax: ddrescue source destination logfile
Example: ddrescue /dev/hda /dev/hdb /hda.log
To clone native IDE drive #1 to native IDE drive #2. SATA drives usually show up as /dev/sda (or b, c, etc). You can clone anything to anywhere else (including an image file of the device, which you could then bzip2). I've recovered data from horribly scratched CD-ROMs, USB drives that were shorting out, hard drives (SATA, SCSI, and IDE), floppies, memory cards, and zero-filled writeable devices by using /dev/zero as the source. Pro-tip: use /dev/urandom as the source to do a security random-fill wipe. Don't believe the hype, you only need one wipe.

Anyway, I hope some of the above helps, and I am planning on writing more about using RIPLinux (and Linux in general) to fix Windows PCs / perform data recovery in an upcoming wiki article.

I hope the formatting of this comment isn't horrible - it's hard to write in this crampled little box. :)

Claus said...

thanks a ton, DjLizard.

The link has a whole lot of great info. I will have to print it out to digest it all.

I do carry some different "Live CDs" with me, a customized Bart's PE and some Linux distros as well.

I look forward to seeing some more tips on "command-line" Linux tips.

Any helpful GUI-based disk repair/recovery utilities as well?

Any particular Linux "live cd's" you find more helpful than most for rescue and recovery to recommend?


Arregorn said...

Bart PE has saved my life on several occasions! I love it.

OH, another one that I have found VERY useful is the boot sector repair abilities embedded in Norton Ghost 10. This has been my saviour on several occasions and has yet to let me down.

Although, I hate the fact that Norton Ghost 10 does not allow you to create an image outside of the Windows environment. Oh, and USB drive support is highly limited. I have yet to find a USB drive that Norton Ghost 10 will load.

But, repairing the boot sector is soooooo very easy with Norton Ghost 10.

Anonymous said...

this is a very nice article. many helpful links to a lot of good software. i was a little sceptical but then noticed some programs i use and my scepticism vanished.
also thanks to DjLizard.