Economic Stimulus Package Linkfest

Lots of links. Just spreading the wealth around…

• Tenable Network Security: Root Is Just A Few Clicks Away – Reminder on why I prefer to pave systems (and OEM partitions) and build a system OS load from scratch.

• Comodo EasyVPN Software Download for Free VPN Network Encryption – I didn’t know that Comodo provides a free turnkey VPN solution. They do. Sure it is closed-source, but for non-technical folks who are looking for a simple and free solution and don’t want to configure one of the many Open Source VPN solutions out there, this might be worth looking into.

• hype-free: How does the Panda USB vaccination work? – Ooooh! Really great and well done analysis on the behind-the-curtain mechanics of this tool. Well worth reading before using.

• How To Change Windows 7 Logon Screen Easily [Without Using Hacks & Tools] | Into Windows – Because you know you want to scratch that itch.

• Virtual PC Guy’s WebLog : Quick Fixed VHD Creation Tool – Pretty clever little tool. Of course, turns out Windows 7’s DISKPART Tool can do a similar trick via CLI.

• VHD tool – Home - (see above). Main tool source if you are in a hurry to create your own VHD’s

• Copy Multiple Files On Your Computer With RichCopy (Windows) | MakeUseOf.com – I’ve downloaded it and installed it. I’ve played with it very little so far. Lack of shell integration is the biggest drawback.

• Keith Combs’ Blahg : RichCopy bulk file copy tool released – get it here - (see above). Main tool source if you are in a hurry and want a bit more background information.

• Drive Tools for Windows – lots of niche CLI tools for drive work. See also the AutoRun Settings tool on that page. Nice GUI based tool that lets you manipulate many autorun configuration elements.

• TinyApps.Org Blog : A better NOD32? – Great find and perspective of a new micro-scan tool. I say “micro-scan” as this A/V-A/M tool uses a single EXE file that is remarkably small to get the entire job done. Only “drawback” is that the DAT files are pulled down “real-time” so you must have a live network connection to make it work effectively. Pretty refreshing approach after many of the other bloated applications with file counts running into the hundreds or more.

• Prevx Edge - (see above). Main tool source if you are in a hurry to get on with it.

• Eraser – Freeware secure erasing tool has gotten a radical site update.

• Eraser 6-rc4 released! – Amazing new and fresh GUI to Eraser. Still has some bugs to be worked out. Looks like it will be a great update when finally released. Not sure if it will survive in a “portable” mode release as I think .NET will be required moving forward.

• InstallingBetas – Eraser – Read this page as well as you need to download a signed security certificate to install the latest Eraser beta versions. Not that big a deal, but a bit of work.

• Disk Redactor – New free disk freespace wiping tool (portable) that I found this week. I like the interface and it seems to run very fast.

Side note: Is it just me or do none of these freespace wiping program tools seem to work under Vista very well. I think I’m missing something here. I’ve been playing with them and I can run DiskDigger and find a large number of deleted (but recoverable) files. Then I do a freespace wipe (as admin level) using either of these tools. Then I rerun DiskDigger and the files are still all there and recoverable. Surely I’m doing something wrong? It’s not just the “names” but the actual files themselves as I can preview most of them just fine in the clear. Thoughts?

Update -- Turns out this issue looks like a "Doh!"moment. I went back and re-read the DiskDigger product info and on the page (linked above) found this tidbit: "Because DiskDigger bypasses the file system of the device being read, it will detect files that haven’t been deleted in addition to files that have. This means that you might have to sift through files that still “exist” in the file system before you find a file that’s actually been deleted. However, the Preview feature makes this process quick and painless."

Looks like the freespace was probably getting wiped effectively after all. DiskDigger is just displaying all files it finds. I'm going to have to retest with Recuva as I believe it only reports truly "deleted" files. That and do some sector-based testing as well (create file, observe sector location, delete file, wipe freespace, go back with sector viewer tool and see if now gone).

• HelixCE Community Edition - Download HelixCE200401brc1.iso RC1!!! – The community edition of Helix looks to be near relase. For some reason the ISO link isn’t working at the moment. Maybe it will be up early this week? Looking forward to seeing how the efforts are playing out here.

• DEFT Extra (Windows Forensics GUI 1.0) and DEFT v4.2 DEFT Linux - Computer Forensics live cd – The DEFT crew is getting ready to release what looks to be a bang-up version this week. Looks to have an exciting “run-on-Windows” launching tool like CAINE or HELIX3 both have.

• Ophcrack – New version with some new features is released.

• Offline NT Password & Registry Editor – If you can’t crack it, reset it. I somehow missed that an updated version of this Windows 2000/XP/Vista/(Windows 7?) tool got released in August 08. Had to snag this newer version.

• Offline-Update 5.2 with Internet Explorer 8 – New version now supports IE8 deployments (or not). Arguably one of the two or three best off-line Windows system updating and patching tools out there. If you are a sysadmin, you had better be familiar with this tool. If you are the family-IT support guy or gal, it is well recommended to keep an updated and packed version handy on your USB stick or CD before you go visiting.

• PDFiD « Didier Stevens – Neat free tool to look for exploits in PDF files. Cool!

See ya!

--Claus