Saturday, December 31, 2011

Free Wipies

New Year’s Eve is almost upon us.  Figured I close out 2011 with one final post.

Out of a recent post on drive wiping I followed a white-rabbit and ended up on this Disk Wiping with dcfldd at the Anti-Forensics blog.

I’m always on the lookout for tips and techniques when it comes to secure-wiping drives and the post was full of great info regarding use of the dcfldd tool.

When it comes to secure drive (whole-disk) wiping, I’ve still tended to rely on two tools in particular for their ease-of-use and convenience.

The first is Microsoft Windows DISKPART command “Clean all” which “specifies that each and every sector on the disk is zeroed, which completely deletes all data contained on the disk.”

The pro is that the command is very simple to remember and use, and when coupled with a WinPE disk, is dead-simple to effectively wipe out most all drives I encounter.

The second one I love is the CLI tool “wipe.exe” as found in the Forensic Acquisition Utilities set by George M. Garner.

The pro about this one is that it actually includes a progress indicator so you have some degree of feedback on how far you’ve wiped.

I always verify my zero-out wipes when done. For that I prefer to use the sector-viewer tool HxD to scan through the post-wiped drive to ensure it all come up clean; Frhed - Free hex editor is another nice alternative.

I also keep a collection of secure file-wipe tools handy as well.  These are useful for when I have a personal document with sensitive info that is no longer needed, or at work where I have successfully recovered a customer’s data from a seriously crashed drive and the files were successfully restored; don’t need to keep those around on the workbench PC.

EraserDrop Portable - is an easy to use and easy-to-configure tool I find useful to manage large volumes of files/folders needing secure deletion. It is based on Eraser.

Eraser Portable - - Portable software for USB, portable and cloud drives is the portable version of that tool. It is very flexible and powerful, though the interface and job/task “scheduling” might be off-putting to less advanced users. Besides handing wiping of files/folders, it also can wipe free-space on a drive.

WipeFile over at Gaijin is a simple and basic file-wipe tool with lots of options. Just launch, set your wipe-preferences, and drag-n-drop your files for wiping.  See the related Gaijin tool WipeDisk as well.

File Shredder is a “new-to-me” secure-wipe tool. It is quite small and consists of two files; the main exe and a dll helper.  The interface is nice and it also includes wiping of free-space.

ultrashredder is even smaller. Basically just drag-n-drop. While you can set the number of over-writes, you can’t set the pattern.

DPWipe 1.1 by Dirk Paehl is similar to Ultrashredder in the GUI layout, however it does allow selection of the wipe method.

Blowfish Advanced CS. This is an oldie-but-a-goodie which was the very first secure wipe (file and freespace) tool I started using back in my Win98 days. It probably has been passed on by other tools here but I still keep it around for fond-memories.

SDelete is Microsoft Sysinternal’s CLI tool to wipe files as well as zero-out free-space.  I like it particularly well for that second task.

Disk Redactor also handles wiping of all free space on a drive very nicely with a helpful GUI interface.

These are all specialized secure-wipe tools and are pretty easy and convenient to use; a few even have options to integrate into the Windows context-menu shell.  However if you frequently use an alternative Windows file manager (like I prefer to do), there are more than one which include a hand-dandy “secure-file-wipe” option baked right in!

FreeCommander remains my #1 all-time favorite “multi-pass” tool for Windows file management. it includes a secure wipe action that performs a multi-step wipe of the selected item(s). You can set how many passes you want that routine to run.

Explorer++ also includes a “destroy” option (1 or 3-pass choice) to secure delete selected files/folders.

A43 likewise includes a basic secure-destroy option.

NexusFile has a “shred and delete” feature.

My Commander reminds me in many ways of FreeCommander, and it does have a secure delete action.

Happy New Year!

Claus V.

Sunday, December 04, 2011

Mostly for Sysadmins and Windows Tweakers

One last linkfest dump before I turn my attention back to a freshly arrived hardback copy of George R. R. Martin’s A Game of Thrones to close out this dark, drizzly and fast-chilling night here on the Gulf Coast. My brother is deep into the book/HBO series and I think he runs an underground distributed book club network of sorts on it. Hence his gifting me this newfound wonder.

This linkfest is a collection of stuff mostly of interest to system administrators and Windows tweakers…your interest level may vary.

Looking at page hits (which I rarely do) it seems that the following posts remain all-time GSD favorites for some reason.

Blocking IE 8 "InPrivate" Mode

Blocking IE 8 "InPrivate" Mode – Updated

Some folks had issues following the steps to make their own REG files to enable/disable “InPrivate” mode on their own system, so I did some and posted the download linkage in the comments section.

I've created the registry keys myself and uploaded them to a shared folder on

Click that link (or copy/paste it into your browser address bar) then download the "IE8InPrivateMode-Disabled.reg" file directly to your PC.

Depending on your anti-virus application it may complain as .reg files could be malicious. If you want to check, simply open it in Notepad to see that it matches what I have listed on my blog post.

Once you have it download it, right-click on the file and select the "Merge" option.
Depending on your version of Windows and the user-rights of your profile, you may have to confirm some warnings. If all goes well it should be added to the registry and when you re-launch IE8, you should see the option grayed out.

The other registry key in that folder re-enables the option. Follow the same steps and it will allow InPrivate Mode option to work again, unless blocked differently by one of Microsoft's Family Safety programs...

They work on both IE 8 and IE 9 by the way despite the posts being IE 8 centric at the time.

Anyway, the other day I noted this post Internet Explorer InPrivate Browsing Enable or Disable - Windows 7 Forums.  In it, “Brink” also offered some download REG files for merging into the registry.  Out of curiosity I compared them and they were pretty much the same except where my REG files just cover the HKEY_LOCAL_MACHINE key location, Brinks keys have that as well as one for the HKEY_CURRENT_USER key location as well. So basically with Brink’s you get a two-fer deal.

Mine or Brinks…take your pick.

How to REALLY hurt yourself with PSEXEC - Deleting the Undeletable Registry Key and More - Scott Hanselman Computer Zen- Scott’s battle with a “undeletable” registry key makes for a fun read. That said, while his PsExec method worked, I’ve had fantastic success when I’ve run into similar keys on malware-infected systems by using Malwarebytes : RegASSASSIN. I don’t know for sure if it would have helped in Scott’s issue, but I would try that first via the GUI it offers before dropping to the PsExec CLI work (though it is really cool). Related for difficult to delete files: Malwarebytes : FileASSASSIN.

It has been over 4 years now since I set Dad up on his Vista system at his house. In that process I ran into a challenge; how to get his and his wife’s profiles to display at different screen resolutions? She liked a relatively low resolution to see things larger, while dad liked the highest resolution to get the best screen display quality.  In my post of my fix Vista/XP Quick Screen Resolution Toggle Tip I used ResSwitch & ResCopy to create custom desktop icons that lets them just click-to-set the display level at their preference rather than digging into the properties each time.  So when I read this post at Windowshacker How To Set Different Screen Resolution for Individual User in Windows 7, I was curious.  Turns out there is a neat freeware product called Carroll that almost automagically can set individual screen resolution for every user when they log in.  No more clicking desktop icons. And it only took 4 years to get here!

Just in case it keeps you up at night fretting about the text for your Windows desktop icons being underneath them, the Windows Club offers a tip on D-Color which can Display Desktop icons text on the side in Windows 7. Now you can sleep easier.

Decoding Intel’s Laptop Processor List [Technology Explained] - MakeUseOf blog.  Nice explanation.

Dynamic Computer Naming in ZTI Deployments - The Deployment Guys - For you Zero Touch Installation (ZZTI) fans with that issue and need.

Any tech mystery that can combine low-level Windows troubleshooting and analysis with Hello Kitty makes it a Must Read in my book!  Submitted for your education--seriously.

Need more standard low-level troubleshooting tips? How about this exercise.

I’m not yet a Hyper-V guy, but I think it is really cool stuff and read up when I can.  I found this Series: Hyper-V upgrade posts at 4sysops to be helpful stuff.

Tenniswood Blog serves up some awesome remote access card P0rn with a nice Review: HP Microserver Remote Access Card.

Create internet bookmarks as browser-independent files on your desktop with HTMtied - Freewaregenius.  I’ve always found it frustrating that I can’t do this as easily as it seems it should be. Turns out the free tool HTMtied can assist with that process and make it a bit more bearable to do.

How to fix incorrect logon information for Windows XP mode - Virtual PC Guy's Blog - Ben’s solution is pretty easy to follow and will get you running again in no time.

Windows 7 Background Customization - The Deployment Guys blog. There are a number of ways to change the background image in Windows 7, doing so is a “signature tweak” I like to perform on all the systems I am asked to help set up for friends and family members; leaving them with an image that reflects their home/personality is a nice touch.  This post is a bit more technical and geared for pushing such changes for enterprise branding and such. Still good stuff.  I personally prefer to use Julien Manici’s free Windows 7 Logon Background Changer but there is also the Logon Changer for Microsoft Windows 7 and the Windows 7 Logon Screen Tweaker 1.5. Many Windows7 tweaking suites also include this feature in them.

FREE Download Preassembled Windows 7, Vista, and XP VPC Images From Microsoft - Windows7hacker. I try to always keep the latest versions of these handy for ad-hoc testing in Virtual PC. Although at home we now exclusively run WIndows 7, there may be times when I want to trial something in XP or Vista. Rather than dual-booting or keeping another physical test-bed around, I just fire up one of these in a virtual session and away we go! They do have some operational limits baked in, but nothing that should be too much of a headache if you use em regularly.

FREE: Delprof2 – Reliably delete a user profile - As reviewed by 4sysops.  Seriously, if you ever deal with Windows user profiles and occasionally deleting them, you really need to refresh yourself on this post as well as the great freeware tool Delprof2.  While you are there, check out some of the other cool Free Tools from Helge Klein such as DiskLED and ListRegistryLinks which could be handy when doing some incident response work.

MoonPoint Support Weblog - List Installed Programs - This post tips us to a Bill James VBScript script, InstalledPrograms.vbs which when run from the command line prompts for a IP or PC name to remotely check for installed software (or leave blank to check your own). Save the resulting text file for review.  There are a number of “system audit” programs that can do something similar for local systems, but this is the first I’ve seen quite like this.  For generating a list of installed Windows programs on a local machine for reporting purposes and review, I prefer Nir Sofer’s MyUninstaller which seems to be significantly faster than Add/Remove Programs (XP) or Programs and Features (Win7) anyway for adding and removing programs. With MyUninstaller, after running I just select all and save the file in whatever supported format I prefer (usually tab-delimited).


--Claus V.

Check Carefully before Surfing (for safest performance)


cc image credit: flickr image by surfcrs

Been a lot of moving's in the browser plugin world lately.

Based on the number of home-user systems I’ve had the “pleasure” of cleaning recently, it seems that an overwhelming vector for infection is out-dated and vulnerable browser plugins. Nothing like an older version of Flash or Java to bring the sweet stench of PC decay and meltdown to a system.

Need more reading?

Linkz 4 Exploits to Malware - Journey Into Incident Response. Cory writes in that post…

Over the past year I’ve been conducting research to document attack vector artifacts. Vulnerabilities and the exploits that target them are one component to an attack vector. Some may have noticed I initially focused most of my efforts on vulnerabilities present in Adobe Reader and Java. I didn’t pick those applications by flipping a coin or doing “eeny, meeny, miny, moe”. It is not a coincidence I’m seeing exploit artifacts left on systems that target those applications. This has occurred because I pick vulnerabilities based on the exploits contained in exploit packs.

Exploit packs are toolkits that automate the exploitation of client-side vulnerabilities such as browsers, Adobe Reader, and Java. Mila Parkour over at Contagio maintains an excellent spreadsheet outlining the exploits available in different exploit packs on the market. The reference by itself is really informative.

Java is the largest malware target according to Microsoft - The H Security: News and Features

…it is not only exploits of old vulnerabilities that should concern Java users. As has been pointed out on Krebs on Security, a new exploit has emerged that is being built into automated attack tools. The critical vulnerability that this attacks has been addressed in an update, but only the very latest versions of Java are safe from this new exploit. If users are being slow at updating, very large numbers of them are likely to be at risk from this exploit.

Millions of Java Exploit Attempts: The Importance of Keeping All Software Up To Date - Microsoft Security Blog. Tim Rains comments…

Many of the more commonly exploited Java vulnerabilities are several years old, and have had security updates available for them for years. This illustrates that once attackers develop or buy the capability to exploit a vulnerability, they continue to use the exploit for years, presumably because they continue to get a positive return on investment.

While the latest versions of Flash and Java do seem to offer self-update checking ability, it has been my experience that those auto-updaters don’t always check as frequently as they should, or may not even offer an update as soon as it is available.  Don’t even get me started on Adobe Reader.  These features are improvements, but even when they do work, they still require the user to notice the update offer and respond correctly to get the version bump.

At the bare minimum it is good practice to regularly hop over to Secunia and run their free, web-based Secunia Online Software Inspector (OSI).  Hit the page, hit the green “Start” button, let Java do its thing and scan your system for insecure versions of software.

If you or a user can’t remember to regularly do that, Secunia also offers a more robust, installable version of their free Personal Software Inspector (PSI). This one will run as a service on your system constantly checking for and offering recommendations on fixing critical insecure applications.

For my own personal updating check-ins I regularly check in at the Plugins Downloads site.  It’s just easier that way. (If you do RSS they also have a Browser Plug-ins Category Updates Feed). Please be aware that they will often include and/or only offer the very latest versions of these plugins, which may be in “beta” or non-mainstream channel release. Update accordingly to your comfort level.

In particular, some of the latest Flash 11 versions tagged “Beta” may result in moderately obtrusive “watermarking” of its beta/incubator status in certain Flash windows displays (most notably to me, YouTube windows). Not necessarily a deal-breaker but FYI if you run into it.

For “official source only” path, then here you go.

For information on the next levels of Java and Flash you may want to check out these links:

More stuff:

Looking for older Java 6.0.x or Flash 10.3.x series downloads from FileHippo? Can be an issue as they only seem to be offering the latest Java 7.0x and Flash 11.x (betas) from their pages.

The trick is to just hop to one of these older pages and check the right-sidebar which will list the ones for older versions you are looking for.

Just like a surfer maintains their board with wax to keep it protected and performing well before hitting the waves, a responsible web-surfer needs to keep their browser plugins patched and fresh before hitting the Web.

--Claus V.

Quick Malware Notes, Incident Response, and 00-outs

A while back after dealing with some heavily malware-infected systems, I wrote a followup post Anti-Malware Tools of Note.

Since that time, a few other bits and bytes have come across my desk so I thought I would supplement it slightly.

TinyApps bloggist brings our attention to and a recommendation for a “new” Free standalone and bootable antimalware that has ranked very high on Virus Bulletin’s VB100 comparative tests.

That tool is eScanAV Anti-Virus Toolkit (MWAV) which is also available in a standalone eScan Rescue Disk format as well.  Registration is requested to access the download link, however the tools are free.

It is similar in many ways to Microsoft Safety Scanner which I previously wrote about:

Being a “standalone” tool of sorts, it can be run in the WinPE environment or on the “live” system.  The trick in WinPE is to make sure your WinPE build has a large scratch-space value.  Check out this 4sysops post Offline Antivirus – How to run Microsoft Safety Scanner on Windows PE 3.0 for more details.

I do understand that for some folks, the thought of making a custom-spun WinPE boot tool could be quite intimidating.  With that in mind, you will want to keep a copy of the Microsoft Standalone System Sweeper Beta handy.  Of course you will need an uninfected “host” system to create the tool. Download the “builder” utility in either x32 or x64 flavor depending on your hardware and choose a blank CD, DVD, or USB drive with at least 250 MB of space. Execute the tool and build-away.

Of course, you may want to do more with this plain-Jane WinPE build that it lets you.  And you can if you know the tricks our dear TinyApps bloggist posts in his Extending Microsoft Standalone System Sweeper tips.

Michael Pietroforte has some more related details of his on in his 4Sysops post FREE: Microsoft Standalone System Sweeper – Standalone antivirus software

Back in my “younger” days of malware response, tool sets were pretty limited and there seemed to be just a few strong "antimalware” package tools available. One of those I depended on was Spybot-Search & Destroy.  As my skills got sharper and my toolsets became more focused due to the advances in malware, I gradually drifted away from using it regularly.  I was pleased recently to find that they are still kicking strong and have recently made available Spybot Search & Destroy 2.0 Beta 4 for public download and testing.  This version offers “Live Protection” by default, performance improvements, and Explorer shell integration.  Check it out!

The ISC Diary handler Chris Mohan posted Safer Windows Incident Response with a reminder of the dangers of incident-response handler’s cross contamination when working on a potentially compromised system.

Windows Incident Response bloggist Keydet89 has some good tips, and touches on incident response items in his New Stuff post from a just a few days ago.

Specifically he calls out to Corey Harrell’s Journey Into Incident Response blog post Linkz 4 Exploits to Malware. In it, Cory gives some perspectives on Harlan’s Malware Detection Checklist.  Checklists like this are a great starting point for incident response.  Granted, every situation is different, and the hardware, software, and network topology that you operate in may require much fine-tuning to dial-it-in for the best signal to noise ratio. But that’s the point, take the time to develop a structured incident response plan/checklist and the investment will pay off when the stress in on…helping guide you and ensuring no stone gets left unturned.

Cory goes on to address alternatives at finding malware, mentioning Mark Morgan over at My Stupid Forensic Blog discussing How to Identify Malware Behavior.  He then leads over to touch on malware analysis via The Hexacorn blogs post Automation vs. In-depth Malware Analysis.

Both Cory’s post and the referenced links reminded me of Mark Russinovich’s most excellent material recently posted at the Sysinternals Site Discussion pages:

Zero Day Malware Cleaning with the Sysinternals Tools (link to PDF): Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.

The team at Mandiant really lead the way in the IR community as well. Not only is their business based on incident response, they continue to offer great MANDIANT: Free Software to the IR community. Those tools aid in detection, analysis, and reporting of all kinds of bad-things. 

TZWorks also offers a great selection of specialized (and free) Prototype Downloads for Forensic tools covering areas such as Artifact Analysis, Registry/Event Analysis, NTFS Analysis, Network Utilities, and PE Utilities. And they come in both 32 and 64-bit flavors!

To borrow a concept from the PDCA process, incident response needs to be seen as a continual process; plan for incident detection, do the incident response, check & study your response and findings, and act on that knowledge to improve your future responses.  All of the items mentioned in the links above can contribute to that process.

For a good read, take a look at F-Secure’s post How we found the file that was used to Hack RSA. This is a fantastic example of not being satisfied with the initial response and mitigation, but going the extra mile to hunt down the actual file used in the RSA attack.  In doing so, they discover that while the attack plan may have been quite specialized, the actual attack vector wasn’t so much.

TinyApps bloggist pulls some most excellent fresh finds in considering the question Is it possible to recover data from a drive overwritten with zeros once?  The conclusion of all the linkage sources provided still seems to be pretty much “Nope!”. From the post:

Daniel Feenberg's Can Intelligence Agencies Read Overwritten Data? and Craig Wright's Overwriting Hard Drive Data are. For those who are still confused (or are just fond of pictures), see Disk Wiping - One Pass is Enough - Part 2 (this time with screenshots).

(Note: that last post link as well as an unreferenced Part I post: Disk Wiping – One Pass is Enough both are from the Anti-Forensics blog.)

I’ve also touched on the subject of secure-disk wiping here at GSD in series of posts:

It was in that last post that I mentioned the following:

I read with curiosity the following posts:

With the exception of the Data Sanitization Tutorial (PDF-link) written by the University of California at San Diego Center for Magnetic Recording Research, I haven’t seen very many other official-grade research papers that detail just how effective a single-pass bit-wipe of a drive is in comparison to a 3-pass or even a 35-pass wipe.  Now there’s a new research paper on the block Overwriting Hard Drive Data: The Great Wiping Controversy that seeks to dispel the mythos surrounding multi-pass wipes.

From the heise Security link:

    • Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy).
    • They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely.

The actual paper itself must be accessed for $ or bought via a book, however the author kindly repackaged the research paper in a recent post at SANS Computer Forensics blog.  The details there should be sufficient for most mortals.

Overwriting Hard Drive Data – Dr. Craig Wright, SANS Computer Forensics, Investigation, and Response blog


--Claus V.

Saturday, December 03, 2011

Network Tool Notes

Here is a brief collection of network-related tools and utilities that have been gathered in this past week.

Nmap Security Scanner for Linux/MAC/UNIX or Windows - latest stable version now at 5.51 and development version at 5.61. Changelog

PuTTY: a free telnet/ssh client - version 0.61 released a few months ago and 0.62 “pre-release” build also now available with some bug fixes. Spotted via ISC Diary post. 4 years is a long wait for a bump…

How to connect to a Wireless WIFI Network from the Command line in Windows 7 - Scott Hanselman - just because mixing WiFi and CLI is cool.  See also Scott’s Updated for 2011 - McDonald's WiFi Guide with updates for Mac OS X Lion and Windows 7

Wireless Profile Samples - MSDN WiFi XML profile samples and info on the Netsh Commands for Wireless Local Area Network (wlan).

Wireless Network Profile - Backup and Restore - Windows 7 Forums - Tips on backing up restoring your WiFi profiles on Win7.

Wifi Network Backup Manager Utility - Shai Raiten - Small and easy tool to assist with the above processes if helps you a bit.

Network Stuff - A ton on specialized network tools bundled up in a single free utility.  Spotted in this BetaNetws post: Network Stuff: More Internet tools than you'll likely ever use.  The developer offers a number of other interesting tools as well worth looking into - Dev Stuff

NorthWest Performance Software, Inc. - Network Freeware Tools - This company provides quite a collection of free network tools such as the following:

  • NetScanTools® Basic Edition - DNS Tools, Ping, Graphical Ping, Traceroute, Ping Scanner, Whois
  • IPv6ScopeFinder - Displays ScopeID, status, Interface Type, IPv6 & IPv4 addresses, Interface Name.
  • IPtoMAC - can find the MAC Address of any IPv4 device on the local network.
  • ENUMresolver - “A freeware program designed to query your default DNS for the ENUM NAPTR mapping between a telephone number and a SIP, H323, IAX2 or other URI. Use with VOIP systems to check your e.164 or freenum or other mappings. This program queries each default DNS assigned to your system using the or other root tree for the corresponding NAPTR records and displays them.” That’s pretty cool.

Peter Kostov's software for networkers - amazing freeware collection.

ostinato - Packet/Traffic Generator and Analyzer - Google Project Hosting - from the cross-platform project page “Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. … Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.“

Fluke Networks Freeware

Fluke Networks has a couple of freeware tools worth looking into. You need to register to download, however for two of the three of them I was able to find a direct download link with a little bit of extra Google searching. I think you can find them on some download hosting sites as well.

Fluke Networks - IP Inspector - free - Run a scan to find IPv4 and IPv6 devices and open TCP app ports on your network. Also reports hostnames and MACS for discovered devices. Exportable results and IP state changes can be monitored over time.  Found via this LoveMyTool blog post Free New IP Tool - The IP Inspector by Dan Klimke.

Fluke Networks - Switch Port Monitor - free - This tool lets you connect to and monitor network switches to pull and display switch statistics and performance. Aids in switch documentation and troubleshooting efforts.

Fluke Networks - Service Availability Tool - free - Verify service port status for servers, measure response times, run TCP trace routes, save for documentation.

Web-based Network Performance Testing Tools

Could have sworn I had recently made a post of a number of websites that can test network speed and quality. Guess I didn’t.

From the Mandiant Labs

Mandiant Research Tool Release: ApateDNS - Just recently learned about this new Mandiant tool to help with malware analysis from a network angle. From the description:

It is a simple tool that acts as a phony DNS server that can log or manipulate DNS requests being made to it. Malware analysts typically use this to redirect beacon traffic from a guest virtual machine to the host system (or another virtual machine) to monitor beacon and/or communication channels using Netcat or a custom written C2 script. Forensic analysts typically use this tool to quickly extract DNS names from malware samples.

ApateDNS automatically sets up your Windows network configurations by attempting to determine the default route or current DNS settings. This is most useful when in a guest virtual machine since the default route is typically the host machine. As shown in the figure below, ApateDNS has found the default route in my virtual machine ( and uses this IP address for any DNS request on my virtual host. The user may override this by specifying an IP address for DNS Reply IP.

MANDIANT ApateDNS Download Link

Now go get connected!

--Claus V.

Curse You Scott and your Amazing Lists!

I love finding, collecting and using specialized utilities.  It’s as much passion as compulsion.

And though I can go mad-crazy with my linkfest posts running down tool after tool, developing a comprehensive list of my favs and frolics remains a dream for a month-long sabbatical sometime in the future.

So it is with admiration and respect that I found Scott Hanselman of Computer ZEN fame has recently posted his annual “Best of” software tools and software list.

Scott Hanselman's 2011 Ultimate Developer and Power Users Tool List for Windows

It is an amazing collection.

Scott has done some great organizational work in the post, such as highlighting the new items in Green.  Old favorites that have new back-links have been updated.

Categories include:

  • “The Big Ten Life and Work-Changing Utilities”
  • “Rocking Sweet Windows 7 Specific Stuff”
  • “A (.NET) Developer’s Life”
  • “The Angle Bracket Tax (XML/HTML Stuff)”
  • “Visual Studio Add-Ins”
  • “Regular Expressions”
  • “Launchers”
  • “Stuff I Just Dig”
  • “Low-Level Utilities”
  • “Websites and Bookmarklets”
  • “Tools for Bloggers and Those Who Read Blogs”
  • “Browser Add-Ins/Extensions”
  • “Things Windows Forgot”
  • “Outlook AddIns and Life Organizers”

I’m familiar with many of these tools, but as always, there were some great new discoveries for me in his lists.

Granted, many of the items lean to the programmer (since that is what Scott does) but even if you are not a coder by heart, there are lots of great finds here to pick through.

Most are free however there are some apps listed that are not ($).

Permalink: Hanselman Ultimate Tools List

Bonus Linkage:

obinshah / TED Talks Downloader - freeware - I’m a big fan of stretching my brain-cells and trying to take in new concepts in a wide range of fields and fauna. TED: Ideas worth spreading is a site that provides great (and sometimes provocative) conversations from some of the most interesting people today. Normally I just keep an eye on their site and view a particular video discussion as it calls me.  However, sometimes I want to keep one local for future reference or to view on the road.

TED Talks Downloader is a single EXE that offers a way to grab the list of TED Talks available and then after selection, lets you download them directly to your system in several different quality levels. Super great for when the road calls and you don’t have access to a network connection.  Spotted and described on this addictivetips blog post Batch Download All TED Videos With A Single Click via TED Downloader.

Gow – The lightweight alternative to Cygwin - GitHub - an alternative package to Cygwin. It uses an installer to deliver the goods (~130 UNIX CLI apps) to your system.  Adds a Windows Explore shell window to open a CMD window from a folder, easy install/remove, apps get included in your system’s PATH for easy access.  Not too shabby.


--Claus V.

Friday, December 02, 2011

Reflections on the Toys that Remain…

As Alvis grows older and prepares to fledge one of the unexpected things that has challenged me is coming to terms with her childhood toys.

Now, as an only child, Alvis has probably received an above average lavishment of toys and gifts and meaningful-things from us and her extended family. That said, while not “minimalists” we have always strived to resist consumerism-overload and been fairly selective of the volume of “things” she has accumulated.

At least once a year either on her own or in a combined attack on her room, Alvis and I either toss out some toys (cheap disposable/broken ones) or fill a bag or two to be offered for the church garage sale or mission project.

Sometimes she even will allow some of the special kids she babysits from time to time in our home to “adopt” one of her toys they take a bonding to (although never the giraffes, which are sacred).

That has generally worked well to keep the Things Of Alvis managed over the past years, but as she has gotten older fewer and few new “toys” find their way into her room while the art-supplies, books and electronica seem to litter her desk and multiply monthly.

The winnowing process has become even more challenging now as most of the remaining items in her closet, under her bed, and on her shelves have survived for so long due to sentimental value to her (or truth be told, us).  Does Alvis still really want that bobble-head Kim Possible cheerleader figure? Probably not but then that was her idol at the time of purchase and darn-it we all thought it was so cute..just like her at that period.

One day soon she will move on, taking a selected collection of cherished touchstones, leaving the rest for us to hold onto and/or take responsibility of getting rid of on our own if we have the courage to.

All this comes to mind as today I found a summary of an archaeological site dig in Florida a few years ago. The 7000 year old site and follow-on discoveries made a great read for this anthropology-studies minor but the intro text made my heart melt. Quoting Joseph L. Richardson’s words from that Windover Bog People Archaeological Dig - Titusville Florida web page:

“When the 3-year-old died, her parents placed her favorite toys in her arms, wrapped her in fabric woven from fibers of native plants, and buried her body in the soft, muck bottom of a small pond. Some 7,000 years later, when a young archaeologist uncovered her tiny remains, the toys--a wooden pestle-shaped object and the carapace of a small turtle--were still cradled in her arms.”

This boggles my modern mind and my parental heart.  I can see the child’s joy playing with her simple toys and the sadness as her family lays her to rest accompanied by these same cherished objects.  And then I consider all the “toys” Alvis still has in her room and the special meanings they also represent.

Lest we think that our technology and modern toy development (and American marketing ingenuity) has left such simple things behind, I submit to you the following “GeekDad” posts by Jonathan Liu for reflection. You may be surprised by what makes the list.

The 5 Best Toys of All Time - GeekDad |

Get a Kid the 6th Best Toy of All Time - GeekDad |

So as we face yet another season of the Christmas season marketing madness, and the prospect of a grown woman’s silent childhood room in the very near future with the objects that remain, I pause for a moment of the melancholies and “mono no aware”, of what "toys” really are, both in form and function, and what they whisper when they remain after the owner has moved on.

Inspired by the lists above I’m seriously thinking about getting Alvis a custom Transmogrifier shaped in the form of a large rectangular clothing basket with sturdy handles for Christmas; one in Tardis Blue. She had one before as a child and used it with great passion and pleasure often paring it with a magical blanket of great mystery, comfort and invisibility and disappearing in the middle of the living-room for hours on end with nothing but giggles coming from the space they previously occupied. 

I think it might just be perfect as when she tires of jetting around both Time and Space for old-time-sake (although she would probably leave the brake on like a certain Time Lord) she could use it to carry her own laundry to the Laundromat.


Claus V.

T-Bird Note to Self

Just a note about Mozilla Thunderbird in case I forget.

I use Microsoft Outlook at work as my email client. I have Microsoft Office 2010 at home available to be used as my email client but that seems like overkill for managing my personal email accounts.

For most all my extended family (except Dad who prefers using Outlook both for work and home) I recommend Windows Live Mail 2011 since it has a very clean interface and the Ribbon and tabs and pretty (intuitive) icons seem to make this email-client a breeze for family members to use (and me to guide them through tasks).

All that said I continue to find Mozilla Thunderbird the perfect fit for my personal email needs.

In fact, it works so well, I have only four Add-On items that I run on it now:

Office Black :: Add-ons for Thunderbird - I really have grown to like this theme after having rotated through quite number of great themes over the years. The icons work nicely and are of a pleasant size. And the muted color palate seems relaxing.

Color Folders :: Add-ons for Thunderbird - Unlike the extensive and deep folder structure I have in Outlook at work, my folder structure here at home is much more simple and shallow. That said, I find myself manually moving items out of my Inbox mostly into a few regular folders.  While the text in the Office Black theme and settings isn’t bad, sometimes I have a hard time just dragging/dropping the message into the correct one.  Color Folders allowed me to colorize selected key folders to set them off from the rest.  Now if only Outlook had this ability…

Extra Folder Columns :: Add-ons for Thunderbird - This Add-On allows you to add additional columns to the Folders sidebar for size, unread # items, and total # items.   If you select the unread items column, then it removes the (#) item that Thunderbird puts on the folder name line to avoid redundancy. Suggestions for improvement? I wish that the “size” field displayed would be a little more sophisticated with the count.  Example: you have one main folder with three sub-folders. The columns for counts seem only to apply to the individual folder, meaning that the main-folder # only displays the number of items in the folder itself and doesn’t include sub-folder item counts. Collapse that folder tree and it still shows the number of items in the main folder and doesn’t aggregate the total to reflect all messages in that and the subfolders combined. Another minor quibble; the size-on-disk of each folder displayed uses both MB and KB values. 1MB or more and the size is displayed in MB while < 1MB and you get a KB value. I get the logic but you have to look carefully to understand what it is reporting to you.

Lightning :: Add-ons for Thunderbird - calendaring, scheduling, and to-doing made simple and right. Enough said.

For backing up/migrating my T-bird profile I rely on MozBackup. It’s never failed me. 

As a multi email client backup/restoration tool there is also KLS Mail Backup (free for personal use) which in addition to T-bird can also back up WIndows Mail and Windows Contacts, Windows Live Mail and Contacts, Outlook Express profiles and contacts, IE Favorites, Firefox profiles, Postbox profiles, Opera profiles, The Bat! profiles and IncrediMail profiles.

Moving on…

Claus V.

Sunday, November 27, 2011

Microsoft Tools and Software Stuff

Fear not, I’ve got a real deep pile of linkage for all kinds of tools, utilities, and software/freeware fun.

Got to start digging somewhere so today’s post will be Microsoft centric.

Updates: release of The Windows Sysinternals Administrator's Reference, Process Explorer v15, Listdlls v3.1, new utility Findlinks v1, and Mark to Speak at Black Hat US 2011 - Sysinternals Site Discussion

Process Explorer v15: This major update to Process Explorer, a powerful tool for inspecting and controlling processes, threads, loaded DLLs, and more, adds GPU utilization and memory monitoring on Vista and higher. It also adds the ability to restart services, has a smaller memory footprint, and has visually cleaner performance graphs.

Process Explorer 15 adds GPU monitoring - BetaNews - Good overview of some of the changes in the latest iteration of Process Explorer. One of the biggest complaints for the original version was that when minimized to the system tray, the graph-on-grey standard color was horrible to see and a backlash resulted in the forums.

Updates: Process Explorer v15.01 and TCPView v3.05 - Sysinternals Site Discussion - Fortunately Mark Russinovich heard the pleas and quickly came out with an incremental update that allows for custom setting of the graph colors.

Troubleshooting with the New Sysinternals Administrator’s Reference - Mark's Blog. hard to believe but until this release there hasn’t been an “official” MS guidebook to the Sysinternals tools. That oversight is now resolved.

ProcDump v4.0: This update for ProcDump, a trigger-based process dump capture utility, enables you to control the contents of the dump with your own minidump callback DLL and adds a new switch, -w, that has ProcDump wait for a specified process to start.

Process Monitor v2.96: This release changes the appearance of its tooltips to the default theme, fixes a drawing bug in the treeview, and updates the graphs to match the style introduced in Process Explorer v15.

Mark’s Blog: The Case of the Hung Game Launcher: Read Mark’s latest blog post where he uses the Sysinternals utilities to solve a problem he ran into one Sunday morning when trying to play a computer game.

Zero Day Malware Cleaning with the Sysinternals Tools (link to PDF): Mark has posted the slides from the highly-attended and well received Blackhat 2011 Workshop he delivered last week, Zero Day Malware Cleaning with the Sysinternals Tools, which demonstrates how to use the Sysinternals tools to hunt down and eliminate malware.

Coreinfo v3: Coreinfo is a command-line utility that reports detailed information about processor cores and topology, including cache sizes, core-to-socket mappings and NUMA memory latencies.  It now shows the processor features supported by the system’s processors. For example, Coreinfo will show if the processor supports hardware-assisted virtualization and advanced virtualization features like Second Level Address Translation.

SDelete v1.6: SDelete, a command-line utility for securely deleting files and zeroing volume free space, fixes a bug that prevented it from accessing some files on 64-bit Windows and swaps the zero-free-space and clean-free-space arguments to make them more intuitive.

Process Explorer v15.04: This release fixes several minor bugs, including a tooltip display bug and one that could result in a miscalculation of CPU usage on Windows 7 in the refresh immediately following the termination of a CPU-intensive process

Autoruns v11: This update to Autoruns, a GUI and command-line tool that lists executables configured to run when you boot, logon or run common applications, adds a “jump to folder” command and several additional autostart locations. The command-line version, Autorunsc, adds a new switch to show file hashes and an option to display the autostart entries for all user accounts registered on a system.

Coming Soon: PST Capture Tool - Exchange Team Blog

This new tool, PST Capture, will be downloadable and free, and will enable you to discover .pst files on your network and then import them into both Exchange Online (in Office 365) and Exchange Server 2010 on-premises. PST Capture will be available later this year. It doesn’t replace the New-MailboxImportRequest cmdlet that exists already for importing known .pst files into Exchange Server, but instead works in parallel to enable you to embark on a systematic search and destroy mission to rid yourself of the dreaded .pst scourge <*pirate growl*>.

PST Viewer - Free tool to open and view content of PST files without MS Outlook - Kernel Data Recovery - I had the opportunity to try out this awesome tool recently. A user’s NTFS HDD had borked out. While I was able to successfully recover all of their personal file data off the drive, their PST file appeared to have Microsoft Camera Codec Pack offers RAW support in Windows | HD Viewbeen lost.  I was able to use TestDisk - CGSecurity on a filtered PST file carving of the drive to locate and save more than a few PST files. PST Viewer allowed me to quickly assess the contents of each one until I was certain I had the correct ones needed and could ignore the others, all without having to go through the process of attaching each one to a running Outlook client as a data-file. It was a major time-saver.  More in this post Gave up Microsoft Outlook but need your PST file? There's an app for that - BetaNews.

Bit of old new now, but RAW file support now available in Photo Gallery and Windows 7.

Microsoft Live Essentials got some more updates quite a while ago:

Microsoft updates Windows Live Essentials 2011 -- get it now! - BetaNews

Coming this week: an update to Windows Live Essentials 2011 - Inside Windows Live

In addition to changes that improve performance and quality of service, the update also includes full support for SSL in Windows Live Mail, and the latest Bing bar. Here are a few of things we think you’ll find the most interesting:

  • Mail: We fixed a sorting issue in the Sent items folder and improved the upload reliability and instrumentation in Photo mail.
  • Messenger: We fixed a couple of stability issues and made various changes for improved voice and video quality. We fixed an issue that was causing sound to be lost after upgrading, and we improved performance when displaying the MSN Today page in the main window.
  • Photo Gallery: We implemented various bug fixes for crashes related to launching Photo Gallery through Autoplay and facial recognition.
  • And more: We made many other usability, performance, and stability improvements across the suite of Windows Live Essentials apps.

While I find that the stock calculator in Windows 7 does pretty well for my needs, I prefer using SpeedCrunch Portable ( for rechecking my calculation jobs (which really aren’t that sophisticated), particularly with it’s input history feature.

I was excited then when I found a CyberNet News review post pointing out the availability of the free Microsoft Mathematics 4.0 application.  Turns out this baby can not only handle complex math functions, it also includes a graphing calculator, triangle solver, unit conversion tool, as well as an extensive formulas and equations library.  Really cool stuff.

Related alternatives:

RedCrab - The Calculator - freeware - super-featured and intuitive complex scientific calculator program. Portable.

Converber Portable - - Freeware super-featured unit converter application.


--Claus V.

Saturday, November 26, 2011

Just Pondering because I’ve probably eaten too much turkey…

We use iTunes in our home. Yes, I’ve considered other options for both iTunes-like song managers/players as well as pay-for-media sources. All have their pro and con.  In the end it just seems to be the best solution for us.  Relatives can pick up iTunes gift cards for the girl, there is a wide selection of tune-age and videos, and it generally works fine.  Not to mention support for all the iPod devices we seem to have collected over the years.

However this post really isn’t about that, more about some issues folks have been encountering regarding their iTunes accounts.

Since we use iTunes gift cards as our music tender, it isn’t really a high $ target to watch for. Generally the card gets redeemed and spent almost immediately with a $1 or less balance left on the account at any given time.

I do keep a sensitive ear on the webs for security related matters and when this post showed up many months ago I did pay attention:

I got hacked on iTunes -- Ed Oswald - BetaNews.

Long post shortened, Ed discovered someone, somehow, had managed to raid his Pay Pal and iTunes accounts with some fraudulent charges.  Ed insisted he maintained good protection on his accounts.

That post was followed up by iTunes hack widespread, and Apple appears to know about it also by Ed.

More feedback was that others were also encountering this problem, including those with with a gift-card balance on their account.  Meet three people ripped off by iTunes fraud ring - Ed Oswald

After that brief flurry of posts and coverage, the issue seems to have spun-down. Either the problem was resolved or the web’s attention moved on to other things.

That probably would have been the end of things, with these posts getting filed into my bookmark cellar and a lesson learned to watch both my email and the sub $1 gift card balance on our iTunes store account (so far no issues), except this post showed up a few months later from Scott Hanselman.

Welcome to the Cloud - "Your Apple ID has been disabled."  - Scott Hanselman’s Computer Zen

I found this notable for two reasons, first it came on the heels (related or not) to the prior issues Ed Oswald had posted on, and secondly, Scott is one of those Windows guru’s who “gets it” and according to his post, he seemed to have not left himself in a position for this to easily been a victim of.

And then Scott does a follow-up post that made keeping this on my radar worthwhile:

A suggested improved customer interaction with the Apple Store (and Cloud Services in general) - Scott Hanselman’s Computer Zen

Rather than just dwelling on the attack vector, consequence, and complaining in general, Scott one-ups the situation by taking a thoughtful look on how iTunes notified him of the issue, and suggestions for notification improvement.  Quoting Scott from that post…

I expect my cloud services to let me know in a way that escalates appropriately with the threat when something that doesn't' match my patterns happens.

The meta-points are
  • The Cloud(s) and all its services are protected only by our passwords and the most basic of fraud systems.
  • Cloud services are totally centralized, which makes them a big target, but they have activity information about what we're doing online that isn't being utilized to keep us safe.
  • We, the Users, need to demand better, more secure interactions from the cloud vendors that we put our trust in.
  • It sucks to lose access to your cloud data.

Well said.

Scott is still soliciting feedback from others with the Apple account issue at "My Apple ID has been Disabled" on Tumblr but it doesn’t look like it has been very active for a number of months.

I haven’t been able to find if these Apple account hack events were isolated or if there was some root-cause that was discovered and resolved.  We may never know.

On a probably only tangentially-related note, I was discussing with Dad how we rely on on-line bill-paying for most of our bill payments, banking, and insurance account management. Heck, even at work most all of our HR interaction is done “on-line”. I don’t believe we have had a “brick-n-mortar” HR department for many years.  Dad is “old-school” and while quite comfortable with on-line computing, still refuses to do on-line banking/bill-pay.  The USPS loves him.

I’ve noticed that for every on-line account service we interact with, they all seem to have large splash-screens at log-on requesting “paperless billing” enrollment.  Probably saves on a ton of costs and is marketed as being more convenient and more secure (avoid id theft from sticky fingers pulling bill/account info out of the mailbox).

At the same time, I noticed this USPS add running the past few weeks:

In it the USPS describes the security benefits of the mail system to communicate with customers and how its inherently safer than the Internet with statements such as

  • “A refrigerator has never been hacked,”
  • “An online virus has never attacked a corkboard.”
  • “Give your customers the added feeling of security a printed statement or receipt provides. It’s good for your business. And even better for your customers.”

I’m all for the USPS and their dedicated carriers, and overall it’s a good communication medium.  And yes, they have some revenue challenges as the Net continues to be relied on more by subsequent generations of communicators.  At the same time, we use a locked postal box and have two shredders in the house to deal with secure-shredding as those items go from the secure “refrigerator and corkboard” to the trash system.

Point is, it seems to be that either in the “cloud” or via the “snail” system data/account information has its own attack vectors and neither is inherently any more safer than the other. Hackers can break into corporate systems and accounts can be compromised with poor IT security and end-user account safeguards, regardless if the billing “method” is paperless in the cloud or papered through the USPS.  Likewise, business and users can lock down on-line accounts for customers who can secure them with rock-solid safeguards, but someone can still steal a periodic paper communications from a mailbox (or trashcan) and walk out the door and commit theft (if it even makes it to the mailbox).

Neither is a solution in-of-itself.

Probably the best protection? As Mad Eye would say, “Constant Vigilance!”

And the battle for cost cutting and revenue generation wages on…with security as the forefront selling point.

…like I said..just pondering.

Claus V.

Quick Web Screen Grabs

One of the processes we have in the shop is to archive a series of network graphs for various URL locations that are created in a specialized MRTG - Multi Router Traffic Grapher deployment.

Once the web-page screen shots with the graphs are each captured, they are combined into a single Word document for that day which is then archived for historical reference and distribution to management.

The result is the daily tasking of an analyst for about an hour clicking through a large Excel table that contains each of the URL links, grabbing a screen shot, pasting it into the Word document, then moving on to the next URL.

This has been going on for some time and unfortunately, the madness of my other projects has kept me from turning my attention onto addressing it for a more efficient process.

Last week was a bit lighter at my workbench so I could consider the issue for a few minutes.

It took me about five minutes to come locate the free command-line tool IECapt - A Internet Explorer Web Page Rendering Capture Utility coded by Björn Höhrmann.

It’s just 102 kB unpacked and though it requires the gdiplus.dll, I had no problem finding that file already present on our XP Pro systems (and about fifteen others in various portable utility program folders on my own system).

My solution for this daily task was very simple.

I created a folder “C:\graphdumps” and copied both the IECapt.exe and (for good measure a gdiplus.dll I had on my system) into it.

I then created a batch file that had a line for each of the separate MRTG page URL’s we need to access.  In my case I had approximately 50 or so URLS each on their own line.

As an example, each line in the batch file has something along the following (all on a single line):

IECapt --url= --out=GoCougs.jpg --min-width=800 --delay=5 --silent

I also choose an simple output filename for each URL line that was clearly indicative of the logical location each URL represented.

For now, I’m outputting as a jpg file format for maximum compatibility with the folks who would receive the final file, however IECapt supports a number of output formats such as .png, bmp, jpeg, emf, and probably a few other formats not listed in the help.  I like the idea of using a PNG format instead and may do some comparisons between the two formats moving forward.

I did have one “gotcha” I had to overcome first.

Every time I ran the batch file, I would get an output error unable to generate the thumbnail image.

I checked around and found this forum post IECapt does not work when --url contains a query string which did seem to confirm the issue was that the URL’s I was using in my batch file contained query strings.  I didn’t really like the options (recode the program or use a url-shorting service).  On a hunch I wondered what would happen if I encapsulated the URL parameter in double-quotes.

It worked perfectly.  So for example, each line in my batch file was now changed to add the “  “ accordingly.  It now looked more like the following on a single line.

IECapt --url=”” --out=radar.jpg --min-width=800 --delay=5 --silent

My test run of the batch-file took just under 1.5 minutes to complete the pulling and saving of all the pages.  I then opened up a blank Word document, selected all the output jpg files that had just been generated in my folder, and dragged/dropped them into the Word doc.  I then saved it with the daily file name and was done. From about 60 minutes of dreary click-saving URLs to under 2 minutes of mostly-automated grabbing and pasting. Sweet.

Now if I could just find a way to automatically import these images into a templated Word/RTF format document (with images embedded not linked) I will be set.  I’ve looked at “mail-merging images” into Word but I’m not sold yet on the process. There should be an easier way to just pipe the output into an RTF “word pad” document but I haven’t figured that out yet.  This way alone is a big improvement so for now a little drag/drop into Word isn’t a deal-breaker.  Thoughts/suggestions?

Additional notes:

I considered using the robust freeware tool SiteShoter by Nir Sofer.  It supports both a GUI and a CLI mode and is pretty sophisticated. However, for this application, IECapt worked perfectly and is dead-trim. SiteShoter can read out URL’s from a text file to act on, so SiteShoter is a different technique that could be better in some circumstances.

How to automatically capture images of a series of web sites and create thumbnails of the resulting image files. - Post by Paul Bradley that put me onto IECapt and how easy the CLI is to use.

Remembering to actually stop what we are in the middle of doing (especially annoying in the middle of a meeting) when the established URL capture hour comes around is quite challenging as well. More than a few days the designated team-member has forgotten and had to run the captures a few hours later.  Because this process uses a batch-file, one can easily set the batch-file to execute as a scheduled task automatically when the capture-hour occurs.  Then (as long as the system is running) we can come back later that afternoon and assemble the archive document from the jpg’s that were automatically generated. Super-sweet.


Claus V.

Saturday, November 12, 2011

Mostly ISO burning

This week I had a comment left on an older post requesting assistance with burning an ISO using Windows XP.

I guess I just take ISO burning (and other ISO actions) as such a simple a task that I don’t even give it any thought.

I also take it for granted that I can reach into my 7.5 GB deep collection of tools and utilities and always count on finding the right tool for the task at hand.

It has been quite a while since my last ISO-burning specific post, so I thought I would revisit things and warm up my blogging skills which have been quite rusty of late.

I went though that post and my collection of semi-dedicated ISO burning tools and pending bookmarks to come up with a few new lists.

Below is a collection of free software tools that are primarily very ISO burning centric. Some can do some other things as well but they all are pretty much “select your ISO file, select your hardware burner, burn it.”  These are perfect for the occasion quick “one-off” ISO burn duty. I believe they are all (well except for the first one) “portable” in operation assuming the system you are running them on supports any dependencies (ie. .NET).

  • Burn ISO Images Natively in Windows 7 - Got Windows 7? Then you have ISO burning support baked in!
  • BurnCDCC - This TeraByte Unlimited tool is my #1 go-to tool for one-off burns of CD/DVD ISO files. Period.  It is that simple and that good.  Single 144 kB exe file.
  • BURNISO - from Dirk Paehl is a nice a direct ISO burning tool.
  • Free ISO Burner - Another nice ISO-burning centric tool. I like this one in that it is a single exe file (802 kB).
  • Active ISO Burner - This tool has a few additional tricks up its sleeve so if you need a bit more control for burning options, you may want to take a look at this one; write ISO image to CD,DVD,CD-RW,CDR,DVD-RW.
  • 7Burn - tool gets a bit more “complicated” again in that it not only easily allows you to burn an ISO to a disk, but also files/folders and limited audio disk support. It also supports burning to Blu-ray media. It does require .NET be present. While it is a single exe file, the size on this one is a heavier 3.67 MB.
  • Free DVD ISO Burner - Minidvdsoft product. Similar to others here.
  • ISOBURN - another, simpler ISO burning tool from Dirk Paehl.
  • Astroburn Lite - Free (non-commercial use only) tool to burn CD/DVDs. (I see this one recommended often in comments for other CD/ISO burning posts so I’m sharing it here. I haven’t used it yet. YMMV)

These next free tools are much more comprehensive in disk burning options. Yes, they can still handle ISO burning, but have a lot more bells and whistles.  While they can handle one-off ISO burns, they are probably better suited for heavier ISO building/burning duties.

  • The Official ImgBurn Website - Love this tool!  It does all my heavier lifting for ISO burning (when I am burning multiple copies) as well as building ISO files from files/folders/optical media disks. Super awesome and updated often.
  • StarBurn Free - This is a very full featured burning tool that comes in both free, $, and portable (I recommend that one) versions. The interface is a bit more “geeky” and if you don’t work too much with burning actions and options,you might get lost. However if you do, you will appreciate the way the actions have been arranged. The built in themes and skins help give it a polished and system-integrated look as well.
  • InfraRecorder - Another popular burning system that comes in portable versions for both x32 and x64 versions.
  • DeepBurner Free Portable - While lacking some of the advance features of the “Pro” ($) version, it is a dependable and well-featured program.
  • AmoK CD/DVD Burning 1.10 - Dirk Paehl’s name arises again in this multi-feature CD/DVD burning tool.  Supports skins so you can create a burner with attitude if that is your thing.
  • CDBurnerXP - I used to use this burning suite on my home XP systems but since ImgBurn, I haven’t looked back. That said it remains popular with many users. I go with the “portable version” on the download page.  FWIW: be aware that the third-party advertising app “OpenCandy” does come bundled with some download versions of this program (CDBurnerXP • View topic - New version: 4.3.7 and OpenCandy). Check out the Downloads page carefully and you can find/select a installer version without OpenCandy if  you want.  I went with the x64 portable version and didn’t have any OC issues.  See this Gizmo's Freeware Review post for more info on OC if you are interested.
  • Hamster Free Burning Studio - I’ve not personally tried this product but it seems to get positive feedback and has a very friendly GUI. Here is review I found if you are interested from the Addictive Tips blog post: Burn BluRay, DVD, CD Disks With Hamster Free Burning Studio, Better Than NeroBurn Lite

While not really and “ISO-burner”, I really love IsoBuster for extraction of files out of an ISO file as well as looking at the file structure of the ISO itself. Not free ($) but with limited (and quite feature rich) free functionality option available.

Want to mount that ISO file to inspect it, or extract files from it?  Then you need some freeware software to mount it as a virtual drive.

  • Windows 8 will natively support mounting of ISO files (finally). Accessing data in ISO and VHD files - Building Windows 8 blog (and) Windows 8 Will Support Native ISO Image Mounting - How-To Geek blog
  • Pismo File Mount Audit Package - I always find myself installing this tool on my systems. It supports virtual mounting of ISO files (and a few others) as well as having great explorer shell integration.
  • ImDisk Virtual Disk Driver - Olof Lagerkvist continues to keep this super-awesome tool updated. I’m crazy but install it concurrently with Pismo just because it is that good. Just updated again in October to version 1.5.2.
  • SlySoft Virtual CloneDrive - My top pick for “slick and polished” virtual drive mounting for non-techies. What’s intimidating when you have these cute sheep icons representing your virtual drives. Can set up to 8 virtual drives to be available at once. Super simple and rock-solid. (Confession…crazy as it seems it also is installed along with Pismo and ImDisk on my home system I like it that much.)
  • MagicISO - This freeware tool supports an curiously large number of image formats. So if you work with image formats frequently, you will probably want to include this on your system to be ready to mount and explore the image file.
  • Gizmo Drive - This is kind of like a swiss-army-knife of virtual drive mounting. Not only does it handle ISO/BIN/CUE/IMG file images, but it can mount VHD files as well. Additionally, it offers command line and Windows Shell mounting support. It’s pretty clever and updated pretty often.
  • DAEMON Tools Lite - Way back in my early tech days, DAEMON tools was one of the few virtual drive tools there was. I found it to be a solid tool that had some driver hooks that sometimes caused BSOD issues on some systems (never had issues myself). I’ve not returned to it since then, but they are still offering a “lite” version that can be used free (at home personally and not for commercial purposes).
  • Alcohol Soft (120% and 52%) - This was the other major player along with DAEMON tools back in the day. Alcohol continues to offer a free version in their “52%” version that does get bundled with a "toolbar” with feature sets you may or may not care for depending on how you are using the application.  I believe it may be uninstalled or opt-out if you wish.  YMMV.

Additional material:

Here are some nice guides/how-to’s with screen shots to cover some of the software and actions mentioned here in this post if you are a visual learner.


--Claus V.