CC attribution: "Chain links" by HowardLake on flickr.
Time to unload them…
- Windows 8 Forensics - A First Look - YouTube video from ForensicFocus presented by Josh Brunty. appx 40 min.
- Digital Forensics Stream: VSC Toolset - GUI tool for executing batch files against a volume shadow copy. More details on the latest version in this VSC Toolset Update: File Recovery blog post.
- Windows Incident Response: Forensic Scanner - Windows Incident Response blog - Harlan has recently released a super assessment tool to get a fast big-picture view report of a system being examined. It is very simple to use and provides great data for figuring out if there are any important indicators to spend more time in a closer examination of the system. Download available at forensicscanner - ASI Forensic Scanner via Google Project Hosting
- Network Artifacts found in the Registry - Windows Incident Response blog - This is a RegRipper focused post but the previously mentioned Forensic Scanner also provides some network information; the WiFi info is quite useful on laptops to see where they have been traveling and connecting to.
- From Malware Analysis to Portable Clam AV - Journey Into Incident Response - Corey Harrell has a fun post read on identifying a malware binary and then creating a custom AV signature in ClamAV.
- New Archive of RegRipper Plugins - RegRipper has a new collection of current/updated plugins available if you haven’t snagged them recently.
- Live forensics: prefetch and powershell - 8 bits blog - using PowerShell in incident response.
- CAINE Live CD - computer forensics digital forensics - Release version 3.0 “QUASAR” is out with some updates and application additions.
Adobe Reader XI (11)
- Announcing Adobe Reader XI - New version of Adobe Reader is out…just when you were probably getting your apps finally coded to interact with Adobe X (10).
- Adobe Reader XI Deployment - Stealthpuppy’s Aaron Parker has some excellent as always tips on deploying it; including some customizations.
- How to configure Group Policy for Adobe Reader XI - Group Policy Central - Not to be outdone by Aaron, Alan Burchill also has some tips for using it with GP.
- Meet the successor to Microsoft Network Monitor! - MessageAnalyzer - TechNet Blogs. The successor to Microsoft’s NetMon packet trace tool is out in beta. I believe it is only supported on Win7/8. I’ve played with it a bit and NetMon users should quickly feed comfortable in it, although the GUI is significantly different in many ways. Testing captures on a Win8 RC virtual machine have gone pretty well. I’ve had a few crashes so more work does need to be done before final release in mid-2013. Definitely worth checking out though not likely to replace Wireshark or your other favorite network packet capture tools quite yet.
- New Release: Cisco Discovery for Windows v1.3 -What the.....? blog. - I’ve posted before of various ways you can trace down what switch port is connected to, all usually multi-stepped. If you have a Cisco based switched network, this new-to-me tool in a single executable might save a whole lot of frustration if kept handy on a USB stick. Run it, pick your interface, get your CDP data…switch/port will be magically revealed. Sweet! Get the WinCDP tool here.
- WinsockServicesView - NirSoft - is a New utility to view, disable, and enable the installed Winsock service providers. Nir does it again with a super easy-to-use and helpful tool to catalog Winsock service providers on a system.
- Install NetworkMiner with apt-get - NETRESEC Blog. Yeah. It’s now that easy. Not like before in a previous GSD post: Network Miner Updating on Ubuntu 12.04
- Wireshark Tutorial Series. Tips and tricks used by insiders and veterans - Sniff free or die blog details a new Hands on with Wireshark YouTube video (11 min) by RiverbedTechnology that covers some basic usage tips.
For the SysAdmins
- How to find latest Microsoft Knowledge Base articles for Windows 8 and Server 2012 - Anything about IT
- FREE: Group Policy Search – Find Group Policy settings - 4sysops - Via this MSDN site: Group Policy Search
- DOWNLOAD: Group Policy Settings Reference for Windows (8) and Windows Server (2012) - Kurt Shintaku's Blog - See also: Group Policy Settings Reference Spreadsheet - Group Policy Team Blog
- Crash Course in Active Directory Organizational Unit Design - Windows Networking site.
- Case of the Domain Join Failure followed by Case of the Domain Join Failure II–Object Already Exists - chentiangemalc
- Enterprise Wireless Security – An overview - 4sysops
- Get Files Out of a Running Virtual Machine - Ben Armstrong Virtual PC Guy Blog
- How to diagnose Windows sleep problems - Tenniswood Blog
- 7 Cool Useful Command Prompt Tips You May Not Know - Windows7hacker
- Beyond good ol’ Run key, Part 2 - Hexacorn blog
- Windows PowerShell 3.0 download - Bink.nu summary of the new features in PS 3.0
- Download: WMF 3.0 - Microsoft Download Center
- PowerShell 3.0 - 4sysops - Krishna Kumar offers a overview of some of those newest features.
- PowerShell 3.0 overview – Part 2 - 4sysops - the review continues….
- Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11 - Sysinternals Site blog
- Process Explorer v15.23 - Sysinternals
- PsPing - Sysinternals new CLI tool to measure network performance including bandwidth available between systems. Also can generate histograms of results.
- Rapid Environment Editor - Most folks won’t have any need to ever edit their Windows environment variables. But if you are a tweaker or geek or sysadmin, you might need to. This looks to be the tool for you! in addition it provides Error checking to highlight any problems with the entries. I had two “abandoned” items in my system I cleaned up with it. Really a nice portable tool to keep handy.
- MetroTextual 1.1 - SingularLabs - Minor update to a Win8’ish style notepad tool. I posted quite a bit about it earlier MetroTextual - Spirit of the notepad known as Bend... This new version has some fixes and feature enhancements. However I noticed on my Win7 x64 system that while v1.0 seemed OK, version 1.1 garbles selected text. I like the newest feature adds but it remains a work in progress…which raises the same question Scott Hanselman of ComputerZen pondered: A Bug Report is a Gift. What is the best way to report it to the developers…from within the app?
before text selection…
after text selection…
- HexDive 0.5 – Adding a bit of a context… & HexDive 0.6 – new strings and more -Context… - Hexacorn continues to make great leaps of improvement in the free and super-useful HexDive tool to look for interesting string patterns in files. Check it out!
- PeStudio 4.10 - Winitor - Speaking of binary analysis, PeStudio is a new-to-me tool to aid in application binary analysis. Cool!
New “Defrag” Tools Videos (and others also)
Microsoft/Sysinternals and their Channel9 team have really scored a home-run with their “Defrag Tools” video series. Each week (or sooner) a new quality video comes out..with clear file download links/formats…that reviews or expands an in-depth review of Sysinternals tools and usage. I’ve already posted links for Episodes 1-6 and now we have 7-12 out. I download these at home and tuck them away for replay on rainy days or presidential debates. Even when I consider myself very comfortable using a particular Sysinternals utility, walkthroughs such as these always leave me with a new tip/trick/configuration tweak that I didn’t have before.
- Defrag Tools: #7 - VMMap
- Defrag Tools: #8 - Mark Russinovich
- Defrag Tools: #9 - ProcDump
- Defrag Tools: #10 - ProcDump - Triggers
- Defrag Tools: #11 - ProcDump - Windows 8 & Process Monitor
- Defrag Tools: #12 - TaskMgr and ResMon
A great supplemental Channel 9 is The Defrag Show
See also this WEBCAST: Maximizing Windows 7 Performance: Troubleshooting Tips (1hr 1min) as found by Kurt Shintaku and add it to your video bag as well.
Font geek? Me too!
I frequently hit the following sites looking for new and impactful free-use fonts for maximum impact on presentations and documents where having just the right font can add a punch of enhancement.
So I got really excited when I found that Google has a web font collection (500+) under the Open Font License.
- Google Web Fonts - Google
- Google Fonts directory - Google
- Download and Install Google Fonts on your Computer - Digital Inspiration
- Download Reference Posters for Google Web Fonts- Digital Inspiration
Now this is really cool!.