Sunday, March 22, 2009

A “Suddenly it’s Sunday” Linkfest

Been a chill weekend.

Lavie has been lovingly concerned that I’ve been burning the candle at both ends at work this past week.  She’s pretty correct on that front.

So this weekend I was told in no uncertain terms that I had better relax.  So, uncharacteristically, Saturday found me in my jammies all day long, and mostly in bed; cranking out the past two blog posts and Jonesing on Turner Classic Movies.


Today I paid the price a bit having more catch-up work on the regular household chores, but even Alvis said she hadn’t seen me acting so embarrassing for a long time. (That’s a good thing for me, a bad thing for her.)

So as the girls close out the night (and Spring break) with a round of Jeff Dunham on Comedy Central (they haven’t stopped laughing yet)…I’ve got one more post of assorted links culled from the past two weeks.


  • Springboard Series Virtual Roundtable: Windows 7 - To the Beta and Beyond – Microsoft hosts a Q&A session with a number of their pros, including Mark Russinovich.  If you don’t have time to spare, read this abbreviated transcript that covers all the major points of the Windows 7 discourse.

  • Engineering Windows 7 : Designing Aero Snap – I found this Microsoft post fascinating as it showed the degree of research and design in conceptualizing and working to delivery of this feature.  Neat stuff and really hard to ‘get right’.

  • Network Monitor 3.3 Beta Available – New version (beta) has been released of Microsoft’s network capture and monitoring tool. Jump the link to get the details on the improvements. While it isn’t near the top of my network capture tool list, I still keep it installed in case I need a “second opinion” on captures.

  • NetworkMiner follow up « SANS Computer Forensics, Investigation, and Response – I do like NetworkMiner for capture analysis and this post highlights an odd (but logical) issue; that sometimes network captures could be filtered by your A/V product and provide an incomplete picture of what is going on.  It’s good to know your tools and what to expect them to provide. This way you can spot when something deviates and needs to be examined more closely.

  • 4sysops - Windows 7 multiple active firewall profiles – Michael drops a great find: Windows 7 firewall brings more granularity to rules.  Specifically he has found that you can assign a different firewall rule to each NIC device on a system.

  • A sneak peek at the Windows 7 Release Candidate | Ed Bott’s Windows Expertise – More Windows 7 feature and screen-shot p0rn.

  • Windows 7 to officially support logon UI background customization - Within Windows – Finally, (almost) native support for changing the Logon background graphics.  Yes you can already do this with Vista and XP but you have to go on the down-low to pull it off.  Windows 7 looks to be much easier to do this.  Prepare for corporate logos on Windows 7 business deployments!

  • Sysinternals Site Discussion : Updates: Process Monitor v2.04, TCPView v2.54, VMMap v1.02, Testlimit v5.01, and Notmyfault – Updates, get ur updates! My picks below:

      Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows.

      TCPView v2.54: Fixes bugs that prevented the display of IPv6 TCP endpoints and the correct display of IPv6 UDP endpoints

      VMMap v1.02: Now shows all image subsections, even if they reside within the same allocation region. It also fixes a bug in image name sorting and makes the UAC elevation smoother on 64-bit Windows.

  • I don’t know what I would do without Nir Sofer and his wonderfully targeted utilities.  He has been hard at work updating oldies-n-goodies, as well has delivered a new tool that has now created a load of reorganizing work on my business system.

  • NirBlog: Utilities updates for this week

    • RegDllView, InstalledCodec, IECacheView: Added 'Explorer Copy' option - Allows you to copy the selected files and then paste them into a folder in Explorer.
    • FileTypesMan: Added support for creating and deleting file extensions.
    • WirelessKeyView: New and safer method to extract the wireless keys of the local machine. Starting from this version, WirelessKeyView uses a new method that extract the wireless keys without any code injection. and Fixed bug - In Vista, if WPA-PSK key contained 32 characters, the key was not displayed in Ascii form.

  • NirBlog: Latest utilities updates in NirSoft

    • AlternateStreamView and ResourcesExtract: Added support for choosing SubFolders depth in scanning.
    • SearchMyFiles:
      • Fixed bug: Base folder combo-box limited the number of characters that you could type.
      • Added option to save/load all search option to .cfg file.
      • Added 'Explorer Copy' option - Allows you to copy the selected files and then paste them inside a folder of Windows Explorer.
      • Added 'Open With' option.
      • Added option to choose the subfolders depth to scan.

  • NirBlog: Extracting multiple attachments from Outlook with OutlookAttachView

    • OutlookAttachView utility can help you do that. It displays the list of attached files in your Outlook's mailbox, and allows you to easily select all attachments that you need, and then extract them into a folder that you choose.  A fast update brought with it a bug fix “that caused OutlookAttachView to fail on scanning sub-folders under main Outlook folders.
      Also added 'Folder Path' column that displays the full path of the folder (For example: Personal Folders\Inbox\Bug Reports).

When I ran the last tool, Outlook Attach View against my Outlook PST file, it found over 6,000 attachments embedded in there.  Despite my efforts over the past two years to strip out all attachments and file them in “real” system folders, there obviously were lots that pre-dated that period.  It works fantastically. Nir has outdone himself with this one!  In addition, Nir has fixed some key bugs in his Outlook .NK2 viewer to now properly handle some unusual field populations.

  • Mark Minasi’s Newsletter #76:  Solving Windows "driver is not signed" problems – Mark outlines how to “sign your own drivers” for Windows 64-bit OS systems.

  • FizzBin - The Technical Support Secret Handshake - Scott Hanselman’s Computer Zen – Scott ponders a “secret codeword” that lets on-line tech support staff know you are a member of the professional IT geek society and can dispense with the “noobie” level of conversation.  The comments are almost better than the post.  Just last week we had a tanked wireless card.  We had troubleshooted it on the user’s system, on a “clean” test-bed system, and then finally repeated on both systems (successfully) with a “known-good-device” that worked perfectly on both systems.  The trouble followed the card.  When we finally got to the company’s tech-support, they wanted to follow the flowchart all over again from square one.  We wasted almost an hour patiently re-working our days of efforts.  Eventually he decided the card must be bad and then authorized a RMA.  Sheesh.

  • On my XP systems I swear by the file-copy performance Supercopier brings.  It lets me jockey files all over the place with speed much higher than Windows offers natively.  However it doesn’t seem to work on my Vista systems.  So I have been playing with TeraCopy and FastCopy. While neither one seems to offer the integration I get from Supercopier in XP systems, they both seem moderately better than Vista’s file-movement native speeds.  Anybody have any other recommendations for a replacement high-speed file copy/move tool on Vista?

  • 300447 Computer Forensics Workshop - Media Preparation And Copying ... (PDF) – Great lecture presentation from a Down Under Aussie Derek Bem on computer forensics.  I found this while digging up tips on using dd for an earlier post.  It’s great stuff and provides a very good overview of tools and techniques specifically in dealing with media.  Download and file this gem away after reading it carefully. Plan to spend some time poking around the Computer Forensics page for the University of Western Sydney that hosts this material. Of particular note are the Interesting Links page and the Online Materials.  Both are chock full of wonderful material.  I so wish my university had offered a degree plan like the one offered there.  Oh how things could have been different…   See also: Lecture 01-Computer-Forensics 30047 notes.  Additional lecture notes can be found here.

  • Forensic Investigation, Analysis, Documentation, and Law – (PDF) - Great SANS paper that covers more ground in the forensics field.  Again, probably nothing that forensics specialists don’t already know for good stuff for sysadmins who need to interface with them. 

  • Microsoft PowerPoint - DD in Windows Forensic - (PowerPoint) – Another good source of material I found while working on my “dd” usage.  Download this one and tuck it away! I also found more useful material on this firewall forensics.pdf page.

This should keep you busy for a bit!


Claus V.


JMisner said...

Hi Claus,

I've searched in the past for software similar to TeraCopy that has a license that allows commercial freeware use as well, and haven't been able to find any. FastCopy didn't impress me too much when I've tried that. Never tried Supercopier, but I had the same problems installing it on Win7 beta; it works stand-alone, but not as a shell file copy replacement.

Whenever I have to copy a lot of files, I use Roadkil's Unstoppable Copier which you've probably run into in the past. It bypasses all the nags Windows would give you during a file copy. It's not a shell file copy replacement, but it's somewhat geared towards data recovery and works pretty fast...although if I needed to recover data from a failing disk, I'd use GNU ddrescue on any flavor of *nix (by far, the best freeware solution of raw data recovery).

JMisner said...

...and speak of the devil, this just came over the wire from Lifehacker.

New (to the public apparently) freeware app from Microsoft called RichCopy seems like it has LOTS of promise. The interface feels much better than Robocopy GUI with the same power. Multithreaded file copies that you can pause in mid-transmission, which forgives WAN hiccups in network transfers. No shell integration, but that doesn't bother me at all.

The help file still reads "This is Microsoft Internal Tool. It is not allowed to use this tool outside of Microsoft Corporate network without following appropriate process." Guess they should remove that after posting it on their public blog...

The program seems fairly portable as well. After extracting the setup files from the download, I was able to crack open RichCopySetup.msi with Universal Extractor, which reveals both a 32 bit and 64 bit version of the app. Process Monitor shows it storing it's settings in the registry, but there are ways to save config profiles for file copy options for use later.

BTW, sorry for any double posts, comment form was acting up a bit.