A “Suddenly it’s Sunday” Linkfest

Been a chill weekend.

Lavie has been lovingly concerned that I’ve been burning the candle at both ends at work this past week.  She’s pretty correct on that front.

So this weekend I was told in no uncertain terms that I had better relax.  So, uncharacteristically, Saturday found me in my jammies all day long, and mostly in bed; cranking out the past two blog posts and Jonesing on Turner Classic Movies.

Sweet.

Today I paid the price a bit having more catch-up work on the regular household chores, but even Alvis said she hadn’t seen me acting so embarrassing for a long time. (That’s a good thing for me, a bad thing for her.)

So as the girls close out the night (and Spring break) with a round of Jeff Dunham on Comedy Central (they haven’t stopped laughing yet)…I’ve got one more post of assorted links culled from the past two weeks.

Enjoy:

• Springboard Series Virtual Roundtable: Windows 7 - To the Beta and Beyond – Microsoft hosts a Q&A session with a number of their pros, including Mark Russinovich.  If you don’t have time to spare, read this abbreviated transcript that covers all the major points of the Windows 7 discourse.

• Engineering Windows 7 : Designing Aero Snap – I found this Microsoft post fascinating as it showed the degree of research and design in conceptualizing and working to delivery of this feature.  Neat stuff and really hard to ‘get right’.

• Network Monitor 3.3 Beta Available – New version (beta) has been released of Microsoft’s network capture and monitoring tool. Jump the link to get the details on the improvements. While it isn’t near the top of my network capture tool list, I still keep it installed in case I need a “second opinion” on captures.

• NetworkMiner follow up « SANS Computer Forensics, Investigation, and Response – I do like NetworkMiner for capture analysis and this post highlights an odd (but logical) issue; that sometimes network captures could be filtered by your A/V product and provide an incomplete picture of what is going on.  It’s good to know your tools and what to expect them to provide. This way you can spot when something deviates and needs to be examined more closely.

• 4sysops - Windows 7 multiple active firewall profiles – Michael drops a great find: Windows 7 firewall brings more granularity to rules.  Specifically he has found that you can assign a different firewall rule to each NIC device on a system.

• A sneak peek at the Windows 7 Release Candidate | Ed Bott’s Windows Expertise – More Windows 7 feature and screen-shot p0rn.

• Windows 7 to officially support logon UI background customization - Within Windows – Finally, (almost) native support for changing the Logon background graphics.  Yes you can already do this with Vista and XP but you have to go on the down-low to pull it off.  Windows 7 looks to be much easier to do this.  Prepare for corporate logos on Windows 7 business deployments!

• Sysinternals Site Discussion : Updates: Process Monitor v2.04, TCPView v2.54, VMMap v1.02, Testlimit v5.01, and Notmyfault – Updates, get ur updates! My picks below:

  Process Monitor v2.04: This update shows file mapping operations in basic mode, adds more translations of error numbers to text, fixes a bug that limited support for more boot log files larger than 4GB, and displays version numbers using the same formatting as Windows.

  TCPView v2.54: Fixes bugs that prevented the display of IPv6 TCP endpoints and the correct display of IPv6 UDP endpoints

  VMMap v1.02: Now shows all image subsections, even if they reside within the same allocation region. It also fixes a bug in image name sorting and makes the UAC elevation smoother on 64-bit Windows.

• I don’t know what I would do without Nir Sofer and his wonderfully targeted utilities.  He has been hard at work updating oldies-n-goodies, as well has delivered a new tool that has now created a load of reorganizing work on my business system.

• NirBlog: Utilities updates for this week
  • RegDllView, InstalledCodec, IECacheView: Added 'Explorer Copy' option - Allows you to copy the selected files and then paste them into a folder in Explorer.
  • FileTypesMan: Added support for creating and deleting file extensions.
  • WirelessKeyView: New and safer method to extract the wireless keys of the local machine. Starting from this version, WirelessKeyView uses a new method that extract the wireless keys without any code injection. and Fixed bug - In Vista, if WPA-PSK key contained 32 characters, the key was not displayed in Ascii form.

• NirBlog: Latest utilities updates in NirSoft
  • AlternateStreamView and ResourcesExtract: Added support for choosing SubFolders depth in scanning.
  • SearchMyFiles:
    • Fixed bug: Base folder combo-box limited the number of characters that you could type.
    • Added option to save/load all search option to .cfg file.
    • Added 'Explorer Copy' option - Allows you to copy the selected files and then paste them inside a folder of Windows Explorer.
    • Added 'Open With' option.
    • Added option to choose the subfolders depth to scan.

• NirBlog: Extracting multiple attachments from Outlook with OutlookAttachView
  • OutlookAttachView utility can help you do that. It displays the list of attached files in your Outlook's mailbox, and allows you to easily select all attachments that you need, and then extract them into a folder that you choose.  A fast update brought with it a bug fix “that caused OutlookAttachView to fail on scanning sub-folders under main Outlook folders.
    Also added 'Folder Path' column that displays the full path of the folder (For example: Personal Folders\Inbox\Bug Reports).

When I ran the last tool, Outlook Attach View against my Outlook PST file, it found over 6,000 attachments embedded in there.  Despite my efforts over the past two years to strip out all attachments and file them in “real” system folders, there obviously were lots that pre-dated that period.  It works fantastically. Nir has outdone himself with this one!  In addition, Nir has fixed some key bugs in his Outlook .NK2 viewer to now properly handle some unusual field populations.

• Mark Minasi’s Newsletter #76:  Solving Windows "driver is not signed" problems – Mark outlines how to “sign your own drivers” for Windows 64-bit OS systems.

• FizzBin - The Technical Support Secret Handshake - Scott Hanselman’s Computer Zen – Scott ponders a “secret codeword” that lets on-line tech support staff know you are a member of the professional IT geek society and can dispense with the “noobie” level of conversation.  The comments are almost better than the post.  Just last week we had a tanked wireless card.  We had troubleshooted it on the user’s system, on a “clean” test-bed system, and then finally repeated on both systems (successfully) with a “known-good-device” that worked perfectly on both systems.  The trouble followed the card.  When we finally got to the company’s tech-support, they wanted to follow the flowchart all over again from square one.  We wasted almost an hour patiently re-working our days of efforts.  Eventually he decided the card must be bad and then authorized a RMA.  Sheesh.

• On my XP systems I swear by the file-copy performance Supercopier brings.  It lets me jockey files all over the place with speed much higher than Windows offers natively.  However it doesn’t seem to work on my Vista systems.  So I have been playing with TeraCopy and FastCopy. While neither one seems to offer the integration I get from Supercopier in XP systems, they both seem moderately better than Vista’s file-movement native speeds.  Anybody have any other recommendations for a replacement high-speed file copy/move tool on Vista?

• 300447 Computer Forensics Workshop - Media Preparation And Copying ... (PDF) – Great lecture presentation from a Down Under Aussie Derek Bem on computer forensics.  I found this while digging up tips on using dd for an earlier post.  It’s great stuff and provides a very good overview of tools and techniques specifically in dealing with media.  Download and file this gem away after reading it carefully. Plan to spend some time poking around the Computer Forensics page for the University of Western Sydney that hosts this material. Of particular note are the Interesting Links page and the Online Materials.  Both are chock full of wonderful material.  I so wish my university had offered a degree plan like the one offered there.  Oh how things could have been different…   See also: Lecture 01-Computer-Forensics 30047 notes.  Additional lecture notes can be found here.

• Forensic Investigation, Analysis, Documentation, and Law – (PDF) - Great SANS paper that covers more ground in the forensics field.  Again, probably nothing that forensics specialists don’t already know for good stuff for sysadmins who need to interface with them. 

• Microsoft PowerPoint - DD in Windows Forensic - (PowerPoint) – Another good source of material I found while working on my “dd” usage.  Download this one and tuck it away! I also found more useful material on this firewall forensics.pdf page.

This should keep you busy for a bit!

Cheers!

Claus V.