Sysinternals Suite
http://technet.microsoft.com/en-gb/sysinternals/bb842062
Segno alcune utility interessanti si Sysinternal:
Disk2vhd
http://technet.microsoft.com/en-gb/sysinternals/bb842062
Segno alcune utility interessanti si Sysinternal:
Disk2vhd
Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).
MoveFile
Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files.
PageDefrag
Defragment your paging files and Registry hives!
ShareEnum
Scan file shares on your network and view their security settings to close security holes.
AdRestoreUndelete Server 2003 Active Directory objects.
PsTools
The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.
TCPView
Active socket command-line viewer.
Active socket command-line viewer.
Whois
See who owns an Internet address.
AutorunsSee who owns an Internet address.
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
ShellRunas
Launch programs as a different user via a convenient shell context-menu entry.
PsGetSid
Displays the SID of a computer or a user.
Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.
Autologon
Bypass password screen during logon.
RootkitRevealer
Scan your system for rootkit-based malware
Desktops
This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.
Hex2dec
Convert hex numbers to decimal and vice versa.
trings
Search for ANSI and UNICODE strings in binary images.
Sysinternal Live
Nonostante si possano lanciare direttamente da rete senza doverli
scaricaricare, ad esempio il programma Autoruns.exe può essere lanciato
con il comando:
a volte può essere utile avere una copia in locale di tutti i programmi e poterla sincronizzare a intervalli regolari.
Per far questo possiamo usare il programma Robocopy e un piccolo file batch
Iniziamo creando una directory che conterrà tutti i programmmi, ad esempio:
c:\Program Files (x86)\Sysinternals Suite
dopodichè apriamo il notepad e inseriamo queste righe:
@echo off
set path=c:\Program Files (x86)\Sysinternals Suite
%windir%\system32\robocopy \\live.sysinternals.com\Tools "%path%" /w:0 /r:0 /log+:"%path%\Update.log"
infine salviamo il file come Update.cmd nella directory appena creata.
Possiamo
provare anche a lanciarlo e dopo qualche secondo dovremmo vedere i
files che vengono scaricati e alla fine un log dell’operazione del file Update.log.