Pile ‘o Linkage

CC attribution: "Chain links" by HowardLake on flickr.

Time to unload them…

Forensics

• Windows 8 Forensics - A First Look - YouTube video from ForensicFocus presented by Josh Brunty. appx 40 min.
• Digital Forensics Stream: VSC Toolset - GUI tool for executing batch files against a volume shadow copy. More details on the latest version in this VSC Toolset Update: File Recovery blog post.
• Windows Incident Response: Forensic Scanner - Windows Incident Response blog - Harlan has recently released a super assessment tool to get a fast big-picture view report of a system being examined. It is very simple to use and provides great data for figuring out if there are any important indicators to spend more time in a closer examination of the system. Download available at forensicscanner - ASI Forensic Scanner via Google Project Hosting
• Network Artifacts found in the Registry - Windows Incident Response blog - This is a RegRipper focused post but the previously mentioned Forensic Scanner also provides some network information; the WiFi info is quite useful on laptops to see where they have been traveling and connecting to.
• From Malware Analysis to Portable Clam AV - Journey Into Incident Response - Corey Harrell has a fun post read on identifying a malware binary and then creating a custom AV signature in ClamAV.
• New Archive of RegRipper Plugins - RegRipper has a new collection of current/updated plugins available if you haven’t snagged them recently.
• Live forensics: prefetch and powershell - 8 bits blog - using PowerShell in incident response.
• CAINE Live CD - computer forensics digital forensics - Release version 3.0 “QUASAR” is out with some updates and application additions.

Adobe Reader XI (11)

• Announcing Adobe Reader XI - New version of Adobe Reader is out…just when you were probably getting your apps finally coded to interact with Adobe X (10).
• Adobe Reader XI Deployment - Stealthpuppy’s Aaron Parker has some excellent as always tips on deploying it; including some customizations.
• How to configure Group Policy for Adobe Reader XI - Group Policy Central - Not to be outdone by Aaron, Alan Burchill also has some tips for using it with GP.

Network Bits

• Meet the successor to Microsoft Network Monitor! - MessageAnalyzer - TechNet Blogs. The successor to Microsoft’s NetMon packet trace tool is out in beta. I believe it is only supported on Win7/8. I’ve played with it a bit and NetMon users should quickly feed comfortable in it, although the GUI is significantly different in many ways. Testing captures on a Win8 RC virtual machine have gone pretty well. I’ve had a few crashes so more work does need to be done before final release in mid-2013. Definitely worth checking out though not likely to replace Wireshark or your other favorite network packet capture tools quite yet.
• New Release: Cisco Discovery for Windows v1.3 -What the.....? blog. - I’ve posted before of various ways you can trace down what switch port is connected to, all usually multi-stepped. If you have a Cisco based switched network, this new-to-me tool in a single executable might save a whole lot of frustration if kept handy on a USB stick.  Run it, pick your interface, get your CDP data…switch/port will be magically revealed. Sweet! Get the WinCDP tool here.
• WinsockServicesView - NirSoft - is a New utility to view, disable, and enable the installed Winsock service providers. Nir does it again with a super easy-to-use and helpful tool to catalog Winsock service providers on a system.
• Install NetworkMiner with apt-get - NETRESEC Blog. Yeah. It’s now that easy. Not like before in a previous GSD post: Network Miner Updating on Ubuntu 12.04
• Wireshark Tutorial Series. Tips and tricks used by insiders and veterans - Sniff free or die blog details a new Hands on with Wireshark YouTube video (11 min) by RiverbedTechnology that covers some basic usage tips.

For the SysAdmins

• How to find latest Microsoft Knowledge Base articles for Windows 8 and Server 2012 - Anything about IT
• FREE: Group Policy Search – Find Group Policy settings - 4sysops - Via this MSDN site: Group Policy Search
• DOWNLOAD: Group Policy Settings Reference for Windows (8) and Windows Server (2012) - Kurt Shintaku's Blog - See also: Group Policy Settings Reference Spreadsheet - Group Policy Team Blog
• Crash Course in Active Directory Organizational Unit Design - Windows Networking site.
• Case of the Domain Join Failure followed by Case of the Domain Join Failure II–Object Already Exists - chentiangemalc
• Enterprise Wireless Security – An overview - 4sysops
• Get Files Out of a Running Virtual Machine - Ben Armstrong Virtual PC Guy Blog
• How to diagnose Windows sleep problems - Tenniswood Blog
• 7 Cool Useful Command Prompt Tips You May Not Know - Windows7hacker
• Beyond good ol’ Run key, Part 2 - Hexacorn blog
• Windows PowerShell 3.0 download - Bink.nu summary of the new features in PS 3.0
• Download: WMF 3.0 - Microsoft Download Center
• PowerShell 3.0 - 4sysops - Krishna Kumar offers a overview of some of those newest features.
• PowerShell 3.0 overview – Part 2 - 4sysops - the review continues….

Utilities

• Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11 - Sysinternals Site blog
• Process Explorer v15.23 - Sysinternals
• PsPing - Sysinternals new CLI tool to measure network performance including bandwidth available between systems. Also can generate histograms of results.
• Rapid Environment Editor - Most folks won’t have any need to ever edit their Windows environment variables. But if you are a tweaker or geek or sysadmin, you might need to. This looks to be the tool for you! in addition it provides Error checking to highlight any problems with the entries. I had two “abandoned” items in my system I cleaned up with it. Really a nice portable tool to keep handy.
• MetroTextual 1.1 - SingularLabs - Minor update to a Win8’ish style notepad tool. I posted quite a bit about it earlier MetroTextual - Spirit of the notepad known as Bend...  This new version has some fixes and feature enhancements. However I noticed on my Win7 x64 system that while v1.0 seemed OK, version 1.1 garbles selected text. I like the newest feature adds but it remains a work in progress…which raises the same question Scott Hanselman of ComputerZen pondered: A Bug Report is a Gift.  What is the best way to report it to the developers…from within the app?
  
  before text selection…
  
  
  after text selection…
  Curious…
  
• HexDive 0.5 – Adding a bit of a context… & HexDive 0.6 – new strings and more -Context… - Hexacorn continues to make great leaps of improvement in the free and super-useful HexDive tool to look for interesting string patterns in files. Check it out!
• PeStudio 4.10 - Winitor - Speaking of binary analysis, PeStudio is a new-to-me tool to aid in application binary analysis. Cool!

New “Defrag” Tools Videos (and others also)

Microsoft/Sysinternals and their Channel9 team have really scored a home-run with their “Defrag Tools” video series. Each week (or sooner) a new quality video comes out..with clear file download links/formats…that reviews or expands an in-depth review of Sysinternals tools and usage.  I’ve already posted links for Episodes 1-6 and now we have 7-12 out.  I download these at home and tuck them away for replay on rainy days or presidential debates. Even when I consider myself very comfortable using a particular Sysinternals utility, walkthroughs such as these always leave me with a new tip/trick/configuration tweak that I didn’t have before.

• Defrag Tools: #7 - VMMap
• Defrag Tools: #8 - Mark Russinovich
• Defrag Tools: #9 - ProcDump
• Defrag Tools: #10 - ProcDump - Triggers
• Defrag Tools: #11 - ProcDump - Windows 8 & Process Monitor
• Defrag Tools: #12 - TaskMgr and ResMon

A great supplemental Channel 9 is The Defrag Show

See also this WEBCAST: Maximizing Windows 7 Performance: Troubleshooting Tips (1hr 1min) as found by Kurt Shintaku and add it to your video bag as well.

Google Fonts

Font geek? Me too!

I frequently hit the following sites looking for new and impactful free-use fonts for maximum impact on presentations and documents where having just the right font can add a punch of enhancement.

• 1001 Free Fonts
• Font Squirrel
• dafont.com
• Font Freak

So I got really excited when I found that Google has a web font collection (500+) under the Open Font License.

• Google Web Fonts - Google
• Google Fonts directory - Google
• Download and Install Google Fonts on your Computer - Digital Inspiration
• Download Reference Posters for Google Web Fonts- Digital Inspiration

Now this is really cool!.

Cheers!

--Claus V.