Sunday, July 08, 2012

GSD Linkfest - a little bit of everything today

Quick collection of links gathered in this week.

  • Data recovery tutorial - As discovered and described by Very nice guide covering a number of Linux-based tools and techniques. DataRecovery - Community Ubuntu Documentation
  • Copy files from failing devices - Another great tippage from TinyApps bloggist. Check out safecopy
  • Create a system recovery partition - Great finds from TinyApps must come in “threes” as a link to Steve Si’s Create a system recovery partition post is found. It’s a detailed walkthough on setting up a Windows system-restore partition…just in case bad things ever strike.
  • Add to the file carving kit - TinyApps bonus links to POC for “Smart Carving” methods. Drop into the project’s SourceForge Documentation page to get the details.
  • FreeRecover - Free file recovery app for NTFS drives. It’s pretty fast. You can select options to get file paths as well as check “file integrity” to evaluate recovery value.  At this moment you cannot seem to sort results by column headings. It’s a good start.
  • Redo Backup and Recovery - BootCD format ISO file to handle system backups, recovery, partition editing, file recovery, and may more additional tools.
  • | Free Security & Utilities software downloads at
  • The Case of the Veeerrry Slow Logons - Mark's Blog - Great post by the Windows Master Mark Russinovich. Covers a number of angles as well as the Windows login process in detail (and how it can be hampered). Good reading.
  • Google Chrome Bookmarks Menu Extension - CybernetNews found a really refined and polished  Google Chrome Bookmarks Menu Extension. I had been using Atomic Bookmarks but this one is much better IMHO.
  • Ads Are Coming to Google Chrome Extensions - TheNextWeb blog. Choose your extensions wisely now, my friends…
  • Release: NewsFox - My favorite in-Firefox RSS feed add-on has a new release. newsfox: NEWEST
  • Filelist Creator - Free mini-app to create great lists of files/directories for indexing documentation. I have a few of these and this one is very, very nicely done. It’s been added to my carry-list.  Spotted and reviewed over at this Create Detailed File Lists In Various Formats With Filelist Creator AddictiveTips post.  Check out the big collection of other great utilities over at Stefan Trost Media. I grabbed more than a few!
  • TED V3.0 : The TEDinator - New update to the super-duper “TED Downloaded”.  I really appreciate the detail and help this tools brings in allowing me to download a local file of favorite “TED” talks. See also the new TED Radio Hour : NPR.
  • HexDive 0.3 - Hexacorn has just released a new version of HexDive which helps look for key strings in possible malware and other executable files. It’s CLI so it is really fast.
  • Forensic Artifacts blog has been releasing a large list of posts detailing forensic-worthy artifact bits left over from many applications. I found the PsTools Artifacts post extra interesting since it is used by a lot of us SysAdmins.
  • NTFS Tools collection - Joakim Schicht has just announced an updated collection of NTFS tools he has been grinding away on.  After you read the overview on the first link, hop over to his Google Project hosting page mft2csv to check out:
    • NTFS File Extractor which extracts systemfiles (metafiles) off an NTFS volume.
    • mft2csv which takes a $MFT file and rip info from all the records and dump to CSV file.
    • MFTRCRD is a cli file dumper to pull all info mft2csv can decode. can also dump the $MFT record of a specific file to console and detailed run information.
    • SetMACE which is a timestamp fiddling tool.

      Note, Joakim doesn’t have them all bundled up in a single archive package so look at the Downloads page carefully to pick out the most recent versions of each of them. It isn’t hard but does take a moment to make sure you are grabbing the right file. Also be aware that these are compiled in “AutoIt” script. It’s very flexible and powerful but some AV apps might complain…  Joakim has done a great job with his documentation on each tool. Check out the Wiki for more details on each one.

Have fun!

--Claus V.

Saturday, July 07, 2012

Greased Monkey Business

It’s no secret that one of the major ways I manage to keep up with “goings-on” in the world of Technology and culture is with the use of a RSS feed reader.

Generally it goes something like this:

  • Launch Feed reader (Newsfox or Omea Reader),
  • Pull down article feeds,
  • Read, review and analyze,
  • Open feeds to be saved for later processing in web-browser, and
  • Bookmark article/link.

Later I might do some sorting of the saved bookmarks by subject or category or blog-post idea.

When it comes time to actually compose a post, I will open up Windows Live Writer on one side of my screen and my web-browser in the other.

Then I do a combo of composing the text body as well as some drag/drop action from the saved bookmark links.

That’s all well and good except for a tiny gotcha I figured out about a year ago.

See, many (but not all) of my RSS feeds actual open up to a page link that was seeded with some extra feed-tracking data code.

For instance:

This article appeared in my RSS feed list, was interesting, so I launched the full article in my browser and bookmarked it: Design and create with nanoCAD, a totally free CAD solution - freewaregenius.

However if you take a look at the actual URL provided by the RSS feed link in the browser was:

…rather than the direct URL of:

I added emphasis in the first link to show the extra sauce the RSS link path adds.

That’s not really a problem, but adds a bunch of extra code (and tracking data) that doesn’t really need need to be present in the blog links that everybody jumps from. I’m all for fair tracking and they get my “ding” when I view the full page the first time within my RSS feed reader.

So what I had been doing is cleaning up the link first in the bookmark properties before adding it to a post.

Only sometimes I forget.

Well, actually, many times I forget and it can be a lot of work cleaning them up.

Too bad I couldn’t automate cleaning up the bookmarks somehow.

Although I couldn’t figure a easy way to do that, I did eventually find a brilliant Greasemonkey script that did one better.

It actually intercepts the RSS feed-load in Firefox and cleans it up before loading in the tab. Sweet!

Removing UTM data from URLs automatically for cleaner bookmarks -Christian Heilmann. From his post page:

“I’ve come across lots of delicious bookmarks that still have all that campaign monitoring stuff in them, which is annoying. To work around that I’ve just written myself a tiny GreaseMonkey script:

Install un-UTM for GreaseMonkey

“If the browser now opens a link that has UTM data in it, it removes the information and reloads the page without it to make for a cleaner URL.”

Christian is clearly brilliant and his solution works perfectly. No more tracking data appending of URL’s to my saved bookmarks!


Mischief managed.

--Claus V.

T-Bird Development Slows…and some options

Just in case you missed it, the Mozilla Thunderbird development team recently announced that they will be scaling back development on new features to this fan-favorite email client and primarily focus on stability and security work.

It some circles it might be called “hitting a plateau.”

So what does that mean if you use Thunderbird as your email client?  Well. Probably not very much.

Thunderbird is a very mature email client and already packs almost all the primary features that one could need into it already.  Toss on the Lightning calendaring plugin and you have a full-featured email and activity duo. There are more than many Add-ons for Thunderbird.  Myself--aside from Lightning--I only use the following additional extensions; Color Folders, Attachment Tree, Extra Folder Columns, and AttachmentExtractor. That’s it.

So I don’t really have any concerns or cares at the present moment regarding T-Birds slow-simmering.

However, just in case that ever does become an issue with me--or maybe you are looking for some new email client platform--I did some looking around and found the following free email clients that are in active development and could be considered worthy replacements for Thunderbird. I tossed them all on my Windows 8 system and took them for a whirl. Here’s my alternative preferences.

Windows Live Mail - Microsoft. Who knows what Redmond will call it next year as they kill off the “Windows Live” branding and repackage it as something Win8’ish. Doesn’t matter. This email application is the very first one I recommend to most all family and friends. It has a dead-simple interface. It has decent email message handling security and rules/filter capabilities. And setup of a new email account (or multiple ones) is a breeze.  There isn’t much not to like with this one.

eM Client Email Client - eM Client. I would be lying to say that I had heard of this email client before yesterday’s search. I had not. However the reviews and comment'-feedback were ridiculously good so I had to check it out. I am amazed. A review of the Features left me highly impressed.  It supports both web-based email servers as well as the more traditional email server connections. It contains a full-featured calendar along with event management, task lists, and contacts.  Yes, you can import those items from most all other email clients. They have a free edition (registration required) along with a more featured ($) version. Installation was a breeze and setup was a piece of cake. The interface is really, really well designed and (hard-to-admit) outshines Thunderbird. I had no problems getting it going and feeling instantly at home. If T-Bird ever gets its goose burnt, eM Client will probably be my replacement choice, hands-down. Check it out!

DreamMail Europe Community - This free email client was also very easy to get going and set up. Like eM Client the user GUI is very approachable. All the major features you would want in an email client are present.

Pegasus Mail - David Harris. - This is a free email client that is much more advanced. It doesn’t have the same degree of “wizard support” like Windows Live Mail, eM Client, or DreamMail to get your web-based email accounts going. You will need to know in advance some of the more technical bits of your email system such as the POP3 and STMP server names as well as any special ports and security settings connections to them require. The user interface is more detailed than the previous clients mentioned. All this to day it is a more technically advanced email client than average users would probably want or need. However if you want a lot of control regarding your email client and accounts, and the advanced configurations don’t concern you, it is worth checking out.

Sylpheed - Like Pegasus Mail, this email client requires a bit of detailed work getting things going.  The interface is more simple to navigate than Pegasus, but you will need to feed it some more technical details to get it configured. Once running, it is very direct to use and is something most average users shouldn’t have any issues with.

i.Scribe - Has a very nice and basic interface. Configuration will require the POP3 and STMP sever details of your host. However I did find it very easy to navigate around in and find all the critical things needed to get it up and going.  There are message filters and advanced security setting options. All in all a nice little application.

Microsoft Outlook 2010 - Microsoft - Yeah, I know, it is neither free nor a very “light” email client. That said, if you have it as part of an already installed MS Office suite load, it might be worthwhile to give it another look. I know many folks who are so used to using MS Office at work that they feel right at home running and using it for their personal email client needs at home.

This isn’t a list of the “only” email clients for Windows out there. There are more, many smaller and many “portable”.  However these were the ones I considered myself most likely to use after downloading, configuring to a POP3 “web-mail” account, and running on Windows 8.


Claus V.

Sunday, July 01, 2012

Material Roundup: Linkfest

Been a semi-relaxing weekend.

Read with interest this TaoSecurity blog post Bejtlich's Thoughts on "Why Our Best Officers Are Leaving" as well as this one Whither United States Air Force Academy? both by Richard Bejtlich. I also noted that the USAFA was evacuated this week as cadets were heading in due to the area fires. These things still catch my attention as I had started the process to become a USAFA candidate my senior year of high-school before removing myself from the process for family reasons (my choice…no excuses). Still, I will always wonder about the path not taken.

Also, while IANAL, I was left scratching my head and heartbroken just a bit by the recent SCOTUS decision. The USNI blog had a post that resonated with my own feelings: The U.S. Supreme Court just diminished the significances of Military Valor [opinion].

Little bro was in town so he brought some pizza’s over, I grabbed some super-good local micro-brewed root beers and we had a party catching up, comparing life notes, and watching Act of Valor on this pre-July 4th weekend.

I wrapped things up yesterday with a viewing of Cave of Forgotten Dreams (Wikipedia) which covers the Chauvet Cave (Wikipedia). Very interesting and well filmed documentary. The cave-art is really fascinating…I just wish we could have learned more about the people behind it.

I guess if there was a theme it was reflecting on the importance of what remains of us, of our efforts, of the world around us.

Back to the shallows…

Sometimes I feel a bit guilty just dumping a super-post like this that is heavy-laden with linkage.

Some weeks are busier than others, however, and while I have more than a few posts still pending in the hopper that are deeper collections of “how-to”, personal reviews, or troubleshooting sessions, I hope that some find value in these “linkfests”.  Primarily they serve to help me quickly search and find material, tools, and techniques that I believe will either be useful, or are useful, when I am away from my desk and my USB dongle is at home rather than in hand. It’s challenging finding that right software or tip and maybe something here will be useful to others or pique their interest and send them in the right direction.

Security Bits

For Sec News

Network Resources

Tools and Utilities of Note

  • Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02 - Sysinternals. Stop, Drop, and Download now; the holy trinity of software tools just got updated again!
  • Monitor Any Folder Or Disk Drive For Changes In Real-Time, Even Across Networks - AddictiveTips blog post review of new NirSoft tool.
  • FolderChangesView - Monitor folder/drive changes - NirSoft
  • ExtremeCopy: Probably The Fastest File/Folder Move & Copy Utility - AddictiveTips blog review.
  • ExtremeCopy - Easersoft. I’m a dedicated TeraCopy fan but this one sounds intriguing. Will need to put it through the paces soon.
  • Remove Items from the Windows Explorer and IE Context Menus - CyberNet News.
  • MenuMaid - SD Software - software utility link
  • 4 Better Windows Console Tools Alternatives to Windows Built In Command Prompt -Windows7hacker - Kent has a really nice roundup. While the good-ole cmd.exe will do the job, I must say these “replacements” are quite nice. I’ve used “Console2” quite a bit and like the tab format and transparency/font/color tweaking options. PowerCMD surprised me with its feature set and I really can see myself using it more regularly. Check out the others as well.
  • GetFoldersize - Michael Thummerer Software Design - Super nice freeware tool to locate and understand just what is taking up space on your hard-drive. Was recently updated to version 2.5.10. I really like this tool.
  • SizeOnDisk Folder Size - new to me freeware tool found on CodePlex.  Another nice tool to find file/folder size hogs.
  • Folder Size - another freeware file/folder size tool.
  • SpaceSniffer - Uderzo Software - freeware tool that is amazingly fast and amazingly fun to use. While the previously mentioned tools excel at a tabular report, this one provides a super easy visual layout presentation of your space usage. You can drill down very easily. It gives you a easy-to-grasp picture on what is using up your hard-drive space..
  • SequoiaView - I keep this one around just because it is so beautiful. It does a great job even though it hasn’t been updated in quite a long time. It may have been one of the first to present space on disk usage in a “squarified” treemap format.
  • FolderSize - tiny little app (174 kb) from developer Jan Horn that is standalone and gives you a basic what-you-need-to-know report on drive/folder space usage.
  • DirectorySlicer - With giant (and cheap) USB sticks and network connections aplenty, splitting files and folders to specific sizes is become a rarified task. That said this CodePlex project is worth snagging in that it splits files of a folder into partitions of a specified size. So that super-folder you are trying to burn to CD doesn’t fit? Directory Slicer takes the work out of guessing by allowing you to set the size (or use a preset) then it divvies it up accordingly! Clever.
  • Unlock & Delete Empty Folders via Wildcard-Based Rules - AddictiveTips post review of…
  • Empty Folder Cleaner - 4dots Software
  • Reminded me of a previously GSD mentioned Empty Folder Nuker by Simon Wai.

For the Admins: Mostly from Microsoft

Cheers and happy pre-July 4th State-side well wishes to all.

Claus V.