1. Microsoft Fix It Solution Center

The Microsoft Fix It Solution Center is an online tool that helps you to quickly find and fix common system issues. Once you’ve entered the symptoms, you can either download an executable to automatically fix the issue or be directed to a relevant Microsoft Knowledgebase Article that explains what the cause and recommend workaround is.

To use the Microsoft Fix It Solution Center, simply open http://support.microsoft.com/fixit/ in a web browser, select a problem area from “Step 1”, choose what type of problem you are trying to fix from the list in “Step 2” and then choose which solution you’d like to execute or learn more about from “Step 3”.

2. Problem Steps Recorder

Hidden away in Windows 7 / Windows 2008 and above is a neat little utility called Problem Steps Recorder (psr.exe). The Problem Steps Recorder will record the step-by-step interactions that occur while the user replicates the problem, taking screenshots of every action. It then bundles all this into a report with detailed information and any relevant error logs.

This tool is great if you have a user in your environment who is experiencing an issue that you want to gain more information about and the steps they took to reproduce the problem, or if you want to create a report to send to a third party vendor as part of a support case.

To launch the Problem Steps Recorder, go to the Start menu and type “psr.exe”. Click “Start Record” and the tool will record every interaction from then on. You can add comments during the recording process and then click “Stop Record” to save the report as an *.mht file within a zip archive.

3. Reliability Monitor

Windows Vista / 2008 and above include a tool called Reliability Monitor. This tool provides an overview of overall system stability and details about events that can impact reliability. The idea is to pinpoint any troublesome areas and take steps to improve system reliability based on what you learn (e.g. you might identify a trend in a certain application crashing when opening a certain file type).

To run the Microsoft Reliability Monitor, go to the Start menu and type ‘Reliability’. This will bring up a “View reliability history” shortcut. Clicking on this shortcut will launch the Reliability Monitor directly. You can also launch this tool from the Performance Monitor tool by right clicking on Monitoring Tools and selecting “View system reliability”.

Start by selecting whether you want to view information by Days or Weeks, and then click on a specific area within the graph to view information in the bottom hand pane. Once you’ve viewed reliability history for a specified period, you can choose to save the information to a file, view a list of all problem reports and check for solutions to problems.

4. WELT (Windows Error Lookup Tool)

When troubleshooting issues, you may come across Win32, HRESULT, NTSTATUS or STOP error codes which are likely to mean nothing to you or I. Using WELT you can find out what the error code means in plain English and what it relates to.

To launch WELT, simply execute Windows Error Lookup Tool.exe from the folder where you extracted welt.zip to. Enter the error code in the textbox and the error details will appear automatically.

5. PowerShell Troubleshooting Packs

As I mentioned in my article entitled Windows PowerShell™: Essential Admin Scripts (Part 1) the PowerShell Troubleshooting Packs (bundled with Windows 7/2008 and above) can be really handy when troubleshooting system issues. As such, they are a collection of PowerShell scripts that you can use to diagnose different aspects of your servers, clients or network. Different packages are available to troubleshoot printers, networks, performance, power, Windows Update, etc.

To run a PowerShell Troubleshooting Pack, open a PowerShell command prompt and import the modules associated with the pack by running the “Import-Module TroubleshootingPack” command. Then, run the following command to start the desired Troubleshooting Pack:

Get-TroubleshootingPack <TroubleshootingPackLocation> | Invoke-TroubleshootingPack

6. WinAudit

As part of the troubleshooting process, it is helpful to know as much information as you can about the machine where the problem resides to assist in finding a solution more quickly. WinAudit scans your computer and gathers a whole raft of information about Installed Software, TCP/IP settings, Drives, Error Logs, etc.

Note: At the time of writing, the download link available from the developer’s website was broken. You can download the latest version of this software from a popular application download site like CNET.

To start an audit of your local machine, simply execute WinAudit.exe to start the application and then click the “Audit” icon in the top left hand corner.  Once the audit is complete, you can start to review the information from the different categories in the left hand pane, or save the information as a PDF / CSV / TXT / HTML file.

7. Joeware Utilities

Joeware Utilities are a list of free troubleshooting and system information utilities aimed at making the life of an administrator easier. These tools are built by a system administrator from his own experience of not finding a tool out there that did the job he needed for whatever he was trying to solve. The tools available include anything from tools that dump user information from Active Directory, modify a user account’s expiration flag or perform TCP/IP port connection testing.

Note: Unfortunately Joeware Utilities do not come as a bundled package and will have to be downloaded individually from the website. However, using a small add-on for the NirLauncher application mention below, you can download and categorize the tools ready to be launched from the NirLauncher application itself.

Some of the tools available from Joeware Utilities include:

SidToName

SidToName is a command line tool that resolves SIDs (Security Identifiers) to friendly display names. You provide it with a valid SID and it returns the object name associated with that SID.

AccExp

AccExp is a command line tool that you can use to modify or read the expiration date of local user accounts.

8. Nirsoft NirLauncher

NirLauncher is an application that bundles more than 170 portable freeware utilities. The tools available include password recovery tools, Internet tools, programming tools, and system tools – all of which can be used for troubleshooting and information gathering.

Some of the most popular tools bundled with NirSoft NirLauncher include:

USBDeview

USBDeview is a small application that lists all current and previously connected USB devices on a local or remote machine. USB device information includes device name/description, device type, serial number, the date/time that the device was added or last used, VendorID, etc.

CurrPorts

CurrPorts displays a list of all currently open TCP/UDP ports on the local machine. Information about which process opened the port, the time the process was created and the user that created it is displayed. Using CurrPorts you can also close open connections and export the information to a file.

LastActivityView

Using LastActivityView you can see what actions were taken by a user and what events occurred on the machine. Any activities such as running an executable file, opening a file/folder from Explorer or performing a software installation will be logged. The information can be exported to a CSV / XML / HTML file.

9. Microsoft SysInternals Suite

Microsoft SysInternals Suite is a collection of over 60 lightweight troubleshooting tools all bundled into a single download package. Whatever issue you’re trying to tackle, you are sure to find a tool in this package to help you manage, troubleshoot and diagnose your systems and applications.

Some of the most popular tools bundled in the SysInternals Suite include:

Autoruns

Autoruns allows you to view which programs and services are configured to run at system boot up or login, in the order in which Windows processes them.

Process Monitor

Using Process Monitor you can troubleshoot application and system related issues by monitoring activity related to processes, threads, DLLs, the registry and file system in real-time.

AccessEnum

Using AccessEnum you can quickly view permissions of file system directories or registry keys and then save the results to a text file and compare results with a previously saved log.

10. WSCC (Windows System Control Center)

WSCC is not a troubleshooting tool per se, but it does facilitate issue troubleshooting by acting as an inventory for various system troubleshooting tool suites (such as those from Microsoft SysInternals and NirSoft). It allows you to install, update, execute and categorize the entire collection of tools in a single location.

When you launch WSCC for the first time, you are given the option to download and install the latest versions of the entire set of over 270 tools. If you choose not to install them locally, WSCC will download each application when you first click on it and store the file in a temp folder within the WSCC directory. To launch a troubleshooting tool, choose a tool from the category within the navigation pane on the left hand side. You can also add favourite tools to the Favourites folder or search for a utility by name.

Are there any free tools not on this list that you’ve found useful and would like to share with the community?

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

To say “thank you”, here’s a list of 26 simple ways you can show your appreciation for those unsung heroes that toil away to keep the servers humming and the tubes unclogged. Some of these are low cost gestures; others might be something the boss should cover or the office should take up a collection, but all are guaranteed to put a smile on the face of that favourite SysAdmin of yours, on the one day a year where you know better than to drop a broken machine off or open a last minute helpdesk ticket.

1.      A card

When you care enough to send the very best, but you don’t have a lot of money to invest, a nice card at least shows some thought. Just make sure it is a card themed around IT, general geekiness, or otherwise shows that you didn’t pull one out of a card drawer because you forgot about it.

2.      Coffee shop gift cards

Whether your SysAdmin’s favourite brew comes from Starbucks or the local shop down the street, a gift card is the gift that keeps on giving, or at least for a couple of cups of really good Joe.

3.      Mobile store gift cards

If coffee isn’t their thing, you can bet a gift card to the iTunes Store, Google Marketplace, or Windows Store will be appreciated. Find out what kind of phone they have and get the card to right shop and you can bet that by the end of the day they will have a couple of new apps to try out.

4.      Amazon gift cards

While this may be the fallback of last resort, even people ten years in the grave can find something at Amazon that they want.

5.      Lunch

You’d be amazed at how far a nice lunch can go towards saying thank you, especially since that SysAdmin usually eats lunch at their desk because there is so much work to do. Whether it’s a one on one affair, or you make it a team event, just providing them the opportunity and excuse to see the sun at least for one day a year is a great gesture to make.

6.      Dinner

Better still, buy your SysAdmin dinner, by getting him or her a gift card at a nice restaurant so they can take their significant other out for a nice meal. Remember, every time you call your SysAdmin after hours to fix something, you are impacting their family too. Thank Yous should extend to them as well.

7.      A red Swingline stapler

The icon of geek and snarkiness, the Red Swingline Stapler is something every SysAdmin will love.

8.      TV Show or movie-themed swag

With a simple conversation, you can quickly find out what your SysAdmin’s favourite sci-fi TV show or movie is, and then a quick visit to ThinkGeek will provide you with tons of options for low cost, but very cool, thank you gifts. Very few adults will ever buy themselves a Sonic Screwdriver, but secretly, we all  want one!

9.      Poster

Use the same recon skills as above, but this time visit Amazon for cool movie posters or other theme art so your SysAdmin can pimp their cube in style.

10. A Pizza party

Here’s one the whole office can enjoy, and EVERYONE loves pizza. And since SysAdmin’s day is on a Friday, it’s a perfect fit for the day.

11. Light Dims LED Light Blocker

These cool little stickers dim otherwise overly bright lights, and can be applied to TVs, monitors, UPS systems, alarm clocks, or any other status light that needs to be seen, but is just a bit too blinding for most. Check them out at: http://www.thinkgeek.com/product/eeb6/?srp=1

12. Hacking putty

Part silly putty, part play-dough, part caulk, and completely awesome – Hacking Putty can be used to fix or enhance almost anything.

13. Star Trek TOS Phaser Laser Pointer

Anyone who needs to demonstrate or point out anything needs a laser pointer, and every SysAdmin has pretended that they had a phaser when they were using one. Here’s a gift that says thank you with a nod to having fun: http://www.thinkgeek.com/product/1124/?srp=2

14. Zombies are in

Did you know that Zombies are “in” right now? Anything from the Walking Dead to World War Z to remakes of George Romero movies are selling like mad right now, and thank you gifts that play into this will bring a smile and a chuckle to any SysAdmin’s face.

15. Powerstrip with USB

Every single person that sees one of these in action wants one. Get on your SysAdmin’s special list with this as a thank you: http://www.amazon.com/Outlets-To-Power-Strip-USB/dp/B0018MEBNG/ref=sr_1_4?ie=UTF8&qid=1374538925&sr=8-4&keywords=power+strip+usb

16. Bawls

Long hours mean a need for caffeine and sometimes coffee just won’t cut it. A case of Bawls is a delicious and refreshing way to hold of sleepiness during those late night changes.

17. Caffeinated mints

And these can not only fight off fatigue, but bad breath as well. It’s a multitasker, and any SysAdmin will appreciate that!

18. Herbal Tea collection

Of course, too much caffeine can be a bad thing. Many SysAdmins have discovered the benefits and the deliciousness of a good cuppa, and herbal teas can help you relax without hyping you up. Show your SysAdmin you care without feeding their addiction.

19. Emergency battery

Everyone needs more power, and when your cell phone is dying, nothing is more helpful than some emergency power. USB batteries come in a variety of sizes and capacities, and can save the day time and again.

20. A really cool coffee mug

Can you tell coffee is a big deal to SysAdmins. A cool coffee mug makes a statement, and can also handle those herbal teas. Look for one that plays to the TV or movie tie in for bonus points.

21. Anything by Neil Stephenson

A SysAdmin’s folk hero, anything that Neil Stephenson was involved in creating will be a greatly appreciated gesture, and you will go up at least five points in the recipient’s opinion.

22. Like/Dislike stamp set

Even SysAdmins who aren’t on Facebook will love these. I bet they will even use them on their TPS reports: http://www.thinkgeek.com/product/e5f5/

23. Cable organizers set

Velcro is so over. The new hotness is cable organization using silicone polymers and oddly-shaped, brightly colored widgets to keep cables in place, bound together, or otherwise organized.

24. Paracord survival bracelet

Everyone wants one… but many people think they will look silly if they buy one for themselves. Help your SysAdmin get past that mental block. If disaster ever strikes, you know they will know how to McGyver something out of the bracelet to save you all – or at least, your email.

25. Beer

Free speech, free beer, it’s all good. Find out their favorite and get them a case. It’s the kind of gift that says…you work your #$(& off, thanks, now have a cold one!

26. Programmable LED light

The last on our list has no practical value, which is one reason no SysAdmin will ever buy it for themselves… but they are so cool! Replacing their desk lamp with this bulb will add new factors to coolness, and help them stay awake during those interminable conference calls: http://www.amazon.com/HitLights-BlueLux-Changing-Quality-Feature/dp/B005SHR2C4/ref=cm_cr_dp_asin_lnk

Twenty-six ways to say thank you to a SysAdmin that toils indefatigably for you 24/7/365. It’s one day a year that you get to really show your gratitude to them, so pick one from the list above, and remember your SysAdmin this Friday!

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

1. TeraCopy

TeraCopy acts as an alternative to the built-in copy and move process in Windows. It is designed to copy and move files either locally or over the network at a faster rate. It allows you to pause and resume file transfer activities, it integrates into the Windows shell and has an automatic error recovery mechanism in case something goes wrong during the transfer process.

Once you’ve installed TeraCopy, you can launch the application from the Start Menu or by right clicking on a file or folder and selecting “TeraCopy…” from the context menu. When you’ve selected which files to transfer and where to transfer them to, you can then select which action to take after the process is complete (e.g. shutdown machine or close window). Finally, you kick the process of by clicking the “Copy” or “Move” buttons. TeraCopy keeps a log of all actions taken in the drop down box at the bottom of the window.

2. Steganos LockNote

Steganos LockNote allows you to securely store confidential notes such as license keys, passwords, phone numbers, etc. It uses AES-256 encryption to store your text in a self-executable container that requires a password to open it.

Steganos LockNote comes as a standalone application which does not require installation. When you launch LockNote.exe you are presented with a text editor similar to notepad.exe. Type whatever text you wish to be kept secret and go to File > Save As… to save the note as an encrypted container. You will be prompted for a password and the resulting output file will be in *.exe format.

3. Duplicate Cleaner

Duplicate Cleaner is a file de-duplication tool that removes redundant copies of files from a specified hard drive or network location. It works by generating an MD5 hash of each file and then comparing hashes for duplicates. It also gives you the option to search for files using a byte-to-byte comparison. Once the duplicate files have been found, you can choose to delete them or move them to an archive location.

When you launch Duplicate Cleaner, you first specify the search criteria from the first available tab, then you tell it where to look from the “Scan Location” tab before hitting “Scan Now”. A summary window will appear showing how many files were scanned and how many duplicates were found. The “Duplicate Files” tab highlights which files need attention.

4. Bulk Rename Utility

Bulk Rename Utility is a lightweight yet powerful application for renaming files and folders using an extensive array of criteria. Using this tool you can remove, add or change text and numbers within the file name, add date/time stamps, change case, modify file and folder attributes and preview what the changes will look like before you go ahead with them. The Bulk Rename Utility also supports regular expressions for additional flexibility.

Note: The Bulk Rename Utility comes in a command line version too. Using the command line version of the utility you can create scheduled jobs to perform a repetitive action at a specified time (e.g. rename a set of log files or backup files every day at midnight).

When you launch the Bulk Rename Utility you are presented with the navigation pane on the left hand side, the preview pane on the right hand side and a multitude of rename options at the bottom. Start by navigating to a folder that contains the files you wish to rename from the navigation pane or find the folder in Windows Explorer, right click on it and choose “Bulk Rename Here”.

5. Free Opener

Free Opener allows you to open over 80 different file formats from a single interface. Even if you don’t have the native application installed, you can quickly fire up Free Opener to open that file format. Free Opener supports Microsoft Office files, Archive files, Image files, Code files, Video files and Audio files, amongst others. Essentially it is just like having a Document Viewer, Image Viewer, Media Player and Archive Viewer all rolled into one!

When you launch Free Opener, the first thing you should do is go to File > File Associations to enable which file types you want to be associated with the Free Opener application. This will mean that any file that you double click to open will be opened automatically in Free Opener (if the file type is supported). Alternatively, click on the “Open” icon or go to File > Open to choose a file to open in Free Opener. When you open a file, at the bottom of the window a menu bar will appear containing some edit options (which change depending on the file type you have opened).

6. FreeFileSync

FreeFileSync is a folder comparison and synchronization tool designed with usability and performance in mind. FreeFileSync allows you to save the configuration as a “.batch” file which you can then use to schedule a task for automatic folder synchronization.

When you launch FreeFileSync, add a path to the left and right hand side of the window and hit the “Compare” button to compare both locations side-by-side. FreeFileSync will use a series of icons to highlight what’s different between both folders. You can then hit the “Synchronize” button to sync both folders. Go to Program > Save as batch job… to save the configuration as a batch job for use later when scheduling a task.

7. PeaZip

PeaZip is a cross-platform file and archive manager that supports volume spanning, high levels of compression and encryption, and support for a wide range of archiving formats. Using PeaZip you can create archive formats such as 7Z, ARC, BZ2, GZ, PAQ, PEA, QUAD/BALZ, TAR, UPX, WIM, XZ, and ZIP, and extract over 150 archive formats, including ACE, CAB, ISO, RAR, UDF, ZIPX and many more. PeaZip features include creating, converting and extracting multiple archives at once, creating self-extracting archives, secure data deletion, checksum creation and hashing.

Once PeaZip is installed, you can either open or create an archive using the “Open as archive” or “Add to archive” context menu options respectively, or launch the application and take the required action from there. Once in the PeaZip UI, simply navigate to the required file or folder from the left hand pane and then click one of the icons in the top menu to take an action.

8. WinMerge

WinMerge is a file comparison and merging tool that visually displays the differences side-by-side. This tool is useful for helping to determine what has changed between two files versions and then merging those changes. WinMerge supports Unicode and regular expressions and includes Visual SourceSafe and Windows Shell integration.

When you launch WinMerge and choose to open files to compare, you are asked to select a file for the left hand side and a file for the right hand side. Differences between these files are shown in the Location Pane and highlighted throughout both documents.

9. SearchMyFiles

SearchMyFiles aims to be an alternative to the Windows “Search For Files And Folders” process, allowing more flexible and accurate searches to be performed. You can search using wildcards, last modified/created/accessed time, file attributes, file content (text or binary search) and by file size. Search results can be saved as a text, html, csv or xml file. SearchMyFiles comes as a standalone portable application that doesn’t require installation – it can there be run straight off a USB drive.

Executing the SearchMyFiles.exe application brings up the Search Options window which allows you to specify where to search and the search criteria to use to bring back results. Simply choose the desired options and hit “Start Search” to have the application perform the search operation.

10 AxCrypt

AxCrypt is a file-level encryption tool that integrates with the Windows shell and allows you to right-click on a file to encrypt or decrypt it using AES-256 encryption. AxCrypt also offers the ability to create a self-extracting archive to securely transfer files to another location (with AxCrypt not being required for decryption on the other end).

Once installed, everything happens from the context menu when you right click on a file. You are given the option to Encrypt or Decrypt the file, manage passphrases or permanently delete the file.

11. File Splitter

File Splitter does what it says in the name. It is a super lightweight standalone application that splits files into multiple chunks and merges chunks back into a whole file.

When you launch File Splitter, use the “Split file” tab to specify the source file to split and the destination of the file chunks as well as the size of each chuck. Similarly, use the “Join files” tab to specify the chucks to merge into a whole file again and the destination of where you want the joined file to be placed.

12. Hash Tool

Hash Tool allows you to quickly and easily calculate the hash of multiple files to verify file integrity. The tool supports Unicode file names and MD5, SHA-1, SHA-256, SHA-384, SHA-512, CRC32 hash types.

Start by selecting the hash type from the drop down list and then selecting the files to hash from the “Select File(s)” button. Alternatively, drag and drop the files into the “Results” window for the hash to be automatically calculated. You can then save the results to a txt or csv file or copy them to the clipboard.

13. ExamDiff

Similar to the functionality offered in WinMerge, ExamDiff offers a visual side-by-side comparison of two files, highlighting the differences in different colours and giving you the option to navigate through the changes in a number of ways (e.g. using a drop down list).  ExamDiff also comes with command line options allowing you to create a batch file to automate the process.

When you launch ExamDiff, you are presented with a dialog box asking you to specify the location of the two files to compare. Once you do this and hit “OK”, the application opens displaying a side-by-side comparison of the files and highlighting lines that have been added, deleted or changed in different colours.

14. 7-Zip

7-Zip is a powerful file archiving utility with a high compression ratio that supports a multitude of compression formats, including 7z, GZIP, TAR, ZIP, CAB, MSI, etc. Features include the ability to create self-extracting archives, adjust the compression level and add password protection. 7-Zip’s power lies in its compression ratio; it claims to provide a ZIP format compression ratio that is 2-10% better than its competitors and a 7z format compression ratio that is 30-70% better than ZIP format.

When you launch the application, navigate to the folder containing the files you wish to archive and hit the “Add” button to create an archive. Alternatively, you can create an archive directly from the context menu by right clicking on a file or folder.

15. Microsoft SyncToy

SyncToy is an application that can be used as a mini backup utility to synchronize files and folders between two locations. SyncToy allows you to ‘Synchronize’ FolderA with FolderB where the changes are replicated on both ends, ‘Echo’ FolderA to FolderB where the changes in FolderA are replicated to FolderB, and ‘Contribute’ FolderA to FolderB where the changes in FolderA (except deletions) are replicated to FolderB.

When you launch SyncToy, the first thing you need to do is create a New Folder Pair, specifying the left and right folders you wish to synchronize. You can then choose the Synchronization action (i.e. Synchronize, Echo, and Contribute) and which options you wish to use before running the synchronization session.

16. My LockBox

My Lockbox is an easy to use application that allows you to hide, lock and password protect a Windows folder on a FAT, FAT32 or NTFS volume so that it’s only accessible to you.

When you launch My Lockbox and choose which folder to protect, it automatically disappears from view within Windows Explorer or from the command line. The only way to access the folder is to launch My Lockbox, enter the password and Unlock the folder.

17. Advanced Renamer Portable

Advanced Remaner Portable is a standalone lightweight and easy to use application that can be used to quickly add, remove, replace, or append file or folder names in bulk.

Select the “Rename Files” or “Rename Folders” tab to rename files or folders respectively. Add files or folders to the list and create a new method from the left hand pane – here you create the renaming rules you want to apply to the list of files or folders. When you’re ready, hit “START BATCH” to initiate the process.

18. Locate32

Locate32 is a search utility that finds files or folders based on their names. Locate32 works by indexing file and folder names in a database and then using the database to quickly return results. Locate32 comes packaged with a command line version that can be used to update and access the databases without any user interaction.

When you first launch Locate32, go Tools > Settings > Databases tab to set up your databases. Databases are essentially index locations – any files contained within a location specified in the database will be searchable more quickly. Once you’ve set your databases, use the “Name & Location”, “Size and Date” and “Advanced” tabs to perform your search.

19. Universal Extractor        

Universal Extractor is designed to decompress and extract files from virtually any type of archive, regardless of source, file format or compression method. It supports anything from EXE format to ZIP, CAB, ACE, TAR.GZ, ISO, MSI, RAR, PEA and RPM format, amongst many others. It is handy because it saves you from needing different applications to open different archive formats.

Note: Universal Extractor does not create archives; it is used only to extract data.

Once you open Universal Extractor, specify the location of the archive file and a destination folder where the contents will be extracted to. Press “OK” to start the extraction process. Once installed, Universal Extractor will also be available via the context menu, allowing you to easily right click on an archive and select “UnExtract”.

20. Better Explorer

Better Explorer aims to be a replacement for Windows Explorer. It offers greater functionality and a streamlined UI with Ribbons (much like Microsoft Office) and Tabs. It includes the ability to manage favourites, conditional select, sizing charts (giving a visual representation of the size of a folder), in-built image editing tools, an enhanced search feature, and archive support.

Note: At the time of writing, this application is still in BETA. It is not recommended that this be installed on a production machine but rather that you use it in a testing environment or on a personal machine at home to try it out before the full version is launched. It made this list because of its potential; if the BETA is anything to go by, Better Explorer certainly looks like one to watch!

Are there any free tools not on this list that you’ve found useful and would like to share with the community? Then leave us a comment below and let us know!

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

1. Microsoft Network Monitor

Microsoft Network Monitor is a packet analyser that allows you to capture, view and analyse network traffic. This tool is handy for troubleshooting network problems and applications on the network. Main features include support for over 300 public and Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor Mode and sniffing of promiscuous mode traffic, amongst others.

When you launch Microsoft Network Monitor, choose which adapter to bind to from the main window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click “Capture Settings” to change filter options, adapter options, or global settings accordingly and then hit “Start” to initiate the packet capture process.

2. Nagios

Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems, applications and services are always up and running. It provides features such as alerting, event handling and reporting. The Nagios Core is the heart of the application that contains the core monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as well as add-ons for data visualisation, graphs, load distribution, and MySQL database support, amongst others.

Tip: If you want to try out Nagios without needing to install and configure it from scratch, download Nagios XI and enable the free version. Nagios XI is the pre-configured enterprise class version built upon Nagios Core and is backed by a commercial company that offers support and additional features such as more plugins and advanced reporting.

Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to seven nodes.

Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host groups and service groups. Once Nagios has had some time to monitor the status of the specified hosts and services, it can start to paint a picture of what the health of your systems look like.

3. BandwidthD

BandwidthD monitors TCP/IP network usage and displays the data it has gathered in the form of graphs and tables over different time periods. Each protocol (HTTP, UDP, ICMP, etc) is color-coded for easier reading. BandwidthD runs discretely as a background service.

Installation is easy. Download and install Winpcap version 3.0 or above (you’ll already have this installed if you have Wireshark on the same box), unzip BandwidthD to a specified folder, edit the ../etc/bandwidthd.conf file accordingly, double click on the “Install Service” batch file and then start the BandwidthD services from the services.msc console. Once the service is running, give it some time to monitor network traffic and load the index.html page to start viewing bandwidth statistics.

4. EasyNetMonitor

EasyNetMonitor is a super lightweight tool for monitoring local and remote hosts to determine if they are alive or not. It is useful for monitoring critical servers from your desktop, allowing you to get immediate notification (via a balloon popup and/or log file) if a host does not respond to a periodic ping.

Once you launch EasyNetMonitor, it will appear as an icon in the notification area on your desktop where the IP addresses / host names of the machines you want to monitor can be added. Once you’ve added the machines you wish to monitor, be sure to configure the ping delay time and notification setting.

5. Capsa Free

Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot network issues and analyze packets. Features include support for over 300 network protocols (including the ability to create and customize protocols), MSN and Yahoo Messenger filters, email monitor and auto-save, and customizable reports and dashboards.

When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the capture process. Use the tabs in the main window to view the dashboard, a summary of the traffic statistics, the TCP/UDP conversations, as well as packet analysis.

6. Fiddler

Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests and responses before they hit the browser. Fiddler gives you extremely detailed information about HTTP traffic and can be used for testing the performance of your websites or security testing of your web applications (e.g. Fiddler can decrypt HTTPS traffic).

When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from the top menu bar onto an open application.

7. NetworkMiner

NetworkMiner captures network packets and then parses the data to extract files and images, helping you to reconstruct events that a user has taken on the network – it can also do this by parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool (NFAT) that can obtain information such as hostname, operating system and open ports from hosts.

In the example above, I set NetworkMiner to capture packets, opened a web browser and searched for “soccer” as a keyword on Google Images. The images displayed in the Images tab are what I saw during my browser session.

When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to initiate the packet capture process.

8. Pandora FMS

Pandora FMS is a performance monitoring, network monitoring and availability management tool that keeps an eye on servers, applications and communications. It has an advanced event correlation system that allows you to create alerts based on events from different sources and notify administrators before an issue escalates.

When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’ node from the left hand navigation pane. From here, you can configure monitoring agents and services.

9. Zenoss Core

Zenoss Core is a powerful open source IT monitoring platform that monitors applications, servers, storage, networking and virtualization to provide availability and performance statistics. It also has a high performance event handling system and an advanced notification system.

Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step wizard that asks you to create user accounts and add your first few devices / hosts to monitor. You are then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure, Reports and Advanced tabs to configure Zenoss Core and review reports and events that need attention.

10. PRTG Network Monitor Freeware

PRTG Network Monitor monitors network availability and network usage using a variety of protocols including SNMP, Netflow and WMI. It is a powerful tool that offers an easy to use web-based interface and apps for iOS and Android. Amongst others, PRTG Network Monitor’s key features include:

(1) Comprehensive Network Monitoring which offers more than 170 sensor types for application monitoring, virtual server monitoring, SLA monitoring, QoS monitoring

(2) Flexible Alerting, including 9 different notification methods, status alerts, limit alerts, threshold alerts, conditional alerts, and alert scheduling

(3) In-Depth Reporting, including the ability to create reports in HTML/PDF format, scheduled reports, as well as pre-defined reports (e.g. Top 100 Ping Times) and report templates.

Note: The Freeware version of PRTG Network Monitor is limited to 10 sensors.

When you launch PRTG Network Monitor, head straight to the configuration wizard to get started. This wizard will run you through the main configuration settings required to get the application up and running, including the adding of servers to monitors and which sensors to use.

11. The Dude

The Dude is a network monitoring tool that monitors devices and alerts you when there is a problem. It can also automatically scan all devices on a given subnet and then draw and layout a map of your network.

When you launch The Dude, you first choose to connect to a local or remote network and specify credentials accordingly. Click ‘Settings’ to configure options for SNMP, Polling, Syslog and Reports.

12 Splunk

Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic, etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive search, reporting and dashboard features to make the most of the collected data. Splunk also allows you to install ‘Apps’ to extend system functionality.

Note: When you first download and install Splunk, it automatically installs the Enterprise version for you to trial for 60 days before switching to the Free version. To switch to the Free version straight away, go to Manager > Licensing.

When you login to the Splunk web UI for the first time, add a data source and configure your indexes to get started. Once you do this you can then create reports, build dashboards, and search and analyze data.

13. Angry IP Scanner

Angry IP Scanner is standalone application that facilitates IP address and port scanning. It is used to scan a range of IP addresses to find hosts that are alive and obtain information about them (including MAC address, open ports, hostname, ping time, NetBios information, etc).

When you execute the application, go to Tools > Preferences to configure Scanning and Port options, then go to Tools > Fetchers to choose what information to gather from each scanned IP address.

14 ntopng

ntopng (‘ng’ meaning ‘next generation’) is the latest version of the popular network traffic analyzer called ntop. ntopng will sit in the background and gather network traffic, then display network usage information and statistics within a Web UI.

Note: Although originally aimed for use on Unix-based systems, there is a Windows version available for a small fee, or a demo version limited to 2000 packets. If you are comfortable running ntopng on a Unix-based box then you can get the full version for free.

The image above shows the ntopng dashboard after a few minutes of network traffic collection. In this example, I am using the Windows version. After installation, I simply executed the redis-server.exe file from ..\Program Files (x86)\Redis and fired up the Web UI (http://127.0.0.1:3000).

15. Total Network Monitor

Total Network Monitor continuously monitors hosts and services on the local network, notifying you of any issues that require attention via a detailed report of the problem. The result of each probe is classified using green, red, or black colors to quickly show whether the probe was successful, had a negative result or wasn’t able to complete.

When you launch Total Network Monitor, go to Tools > Scan Wizard to have the wizard scan a specified network range automatically and assign the discovered hosts to a group. Alternatively, create a new group manually to start adding devices/hosts individually.

16. NetXMS

NetXMS is a multi-platform network management and monitoring system that offers event management, performance monitoring, alerting, reporting and graphing for the entire IT infrastructure model. NetXMS’s main features include support for multiple operating systems and database engines, distributed network monitoring, auto-discovery, and business impact analysis tools, amongst others. NetXMS gives you the option to run a web-based interface or a management console.

Once you login to NetXMS you need to first go to the “Server Configuration” window to change a few settings that are dependent on your network requirements (e.g. changing the number of data collection handlers or enabling network discovery). You can then run the Network Discovery option for NetXMS to automatically discover devices on your network, or add new nodes by right clicking on “Infrastructure Services” and selecting Tools > Create Node.

17. Xymon

Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive deep into the configuration, performance and real-time statistics of your networking environment. It offers monitoring capabilities with historical data, reporting and performance graphs.

Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts that you are going to monitor. Here, you add information such as the host IP address, the network services to be monitored, what URLs to check, and so on.

When you launch the Xymon Web UI, the main page lists the systems and services being monitored by Xymon. Clicking on each system or service allows you to bring up status information about a particular host and then drill down to view specific information such as CPU utilization, memory consumption, RAID status, etc.

18. WirelessNetView

WirelessNetView is a lightweight utility (available as a standalone executable or installation package) that monitors the activity of reachable wireless networks and displays information related to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher Algorithm, etc.

As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi networks in the area and displays information relevant to them (all columns are enabled by default).

Note: Wireless Network Watcher is a small utility that goes hand in hand with WirelessNetView. It scans your wireless network and displays a list of all computers and devices that are currently connected, showing information such as IP adddress, MAC address, computer name and NIC card manufacturer – all of which can be exported to a html/xml/csv/txt file.

19. Xirrus Wi-Fi Inspector

Xirrus Wi-Fi Inspector can be used to search for Wi-Fi networks, manage and troubleshoot connections, verify Wi-Fi coverage, locate Wi-Fi devices and detect rogue Access Points. Xirrus Wi-Fi Inspector comes with built-in connection, quality and speed tests.

Once you launch Wi-Fi Inspector and choose an adapter, a list of available Wi-Fi connections is displayed in the “Networks” pane. Details related to your current Wi-Fi connection are displayed in the top right hand corner. Everything pretty much happens from the top ribbon bar – you can run a test, change the layout, edit settings, refresh connections, etc.

20. WireShark

This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.

When you launch Wireshark, choose which interface you want to bind to and click the green shark fin icon to get going. Packets will immediately start to be captured. Once you’ve collected what you need, you can export the data to a file for analysis in another application or use the in-built filter to drill down and analyze the captured packets at a deeper level from within Wireshark itself.

Are there any free tools not on this list that you’ve found useful and would like to share with the community? Then leave us a comment below and let us know!

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

In case it wasn’t clear enough last year, we love sys admins and SysAdmin Day is very important to us.

So we decided to turn SysAdmin Day into SysAdmin Week – because one day is really not enough! Throughout this week, we’ll be publishing a daily post designed specifically for you – from free tools, to tips, tricks of the trade and more (but we can’t divulge any secrets yet).

Stay tuned on our social media pages and TalkTechToMe!

1. Hiren Boot CD

The tagline for Hiren Boot CD reads “a first aid kit for your computer” – and that it is! Hiren Boot CD is one of the more popular Rescue CDs out there and contains a wealth of tools including defrag tools, driver tools, backup tools, anti-virus and anti-malware tools, rootkit detection tools, secure data wiping tools, and partitioning tools, amongst others.

Hiren Boot CD is available to download as an ISO for easy installation to a USB or burning to a CD.

The boot menu allows you to boot into the MiniXP environment, the Linux-based rescue environment, run a series of tools or boot directly from a specified partition.

The MiniXP environment, as shown in the image below, is much like a Windows XP desktop. Everything pretty much happens from the HBCD Launcher (a standalone application with a drop down menu containing shortcuts to the packaged applications).

2. FalconFour’s Ultimate Boot CD

FalconFour’s Ultimate Boot CD is based upon the Hiren Boot CD with a customized boot menu and a whole bunch of updated tools thrown in. F4’s UBCD contains tools that provide system information, tools that recover/repair broken partitions, tools that recover data, as well as file utilities, password recovery tools, network tools, malware removal tools and much more.

F4’s UBCD is available for download as an ISO file so you can burn it to a CD or use it to create a bootable USB drive.

Similar to Hiren Boot CD, when you boot F4’s UBCD you are presented with a menu giving you the option to boot into a Linux environment, the MiniXP environment or run a series of standalone tools. As you scroll through the menu, a description of each item is given at the bottom of the screen.

Similar to that of Hiren Boot CD, the MiniXP environment is much like a Windows XP desktop environment, only it’s really lightweight and is pre-packed with a host of diagnostic and repair tools.

Once the desktop has loaded up, choose from one of the available application shortcuts, launch the HBCD Menu or go to the Start menu to get going.

3. SystemRescueCD

SystemRescueCD is a Linux-based package for troubleshooting Linux and Windows systems. The disc contains antivirus, malware removal, and rootkit removal tools as well as tools to help manage or repair partitions, recover your data, back up your data or clone your drives. SystemRescueCD supports ext2/ext3/ext4, reiserfs, btrfs, xfs, jfs, vfat, and ntfs file systems, as well as network file systems like samba and nfs. It also comes with network troubleshooting, file editing, and bootloader restoration tools.

SystemRescueCD is available for download as an ISO file so you can burn it to a CD or use it to create a bootable USB drive.

When you boot the SystemRescueCD, the pre-boot menu gives you a multitude of options, allowing you to boot directly into the graphical environment or the command line.

In the image below, I have booted into the graphical environment and started the chkrootkit application from the Terminal window which searches for rootkits installed on the system. Other applications can be run directly from the terminal in a similar fashion, using arguments and parameters as necessary.

4. Ultimate Boot CD

Ultimate Boot CD is designed to help you troubleshoot Windows and Linux systems using a series of diagnostic and repair tools. It contains anything from data recovery and drive cloning tools to BIOS management, memory and CPU testing tools.

UBCD is downloadable in ISO format for easy installation to a USB or burning to a CD.

Note: UBCD4Win (http://www.ubcd4win.com/) is UBCD’s brother built specifically for Windows systems.

When you boot with UBCD you are presented with a DOS-based interface that you navigate depending on which system component you wish to troubleshoot.

5. Trinity Rescue Kit

The Trinity Rescue Kit is a Linux-based Rescue CD aimed specifically at recovery and repair of Windows or Linux machines. It contains a range of tools allowing you to run AV scans, reset lost Windows passwords, backup data, recover data, clone drives, modify partitions and run rootkit detection tools.

The Trinity Rescue Kit is downloadable in ISO format for easy installation to a USB or burning to a CD.

The boot menu gives you the option to start TRK is different modes (useful if you’re having trouble loading in default mode).

Once you get to the Trinity Rescue Kit ‘easy menu’, simply navigate through the list to choose which tool to execute. You can also switch to the command line if you want more flexibility and feel comfortable with Linux-based commands.

You may also wish to consider…

Boot-Repair-Disk

Boot-Repair-Disk is a Rescue CD primarily designed for repairing Linux distributions but can also be used to fix some Windows systems. It automatically launches the Boot-Repair application (a one-click repair system) which is used to repair access to operating systems; providing GRUB reinstallation, MBR restoration, file system repair and UEFI, SecureBoot, RAID, LVM, and Wubi support.

Parted Magic

Parted Magic is a Linux-based bootable disc whose main focus is helping to repair/diagnose drive specific issues. It contains a series of drive management tools such as GParted, GSmartControl, CloneZilla and ms-sys for creating/editing partitions, retrieving drive status information, cloning a drive or managing bootloaders.

Windows System Repair Disc

The Windows System Repair Disc lets you boot into the Windows Recovery Environment, giving you the option to detect and fix startup and booting issues, restore to a workable restore point (if you had System Restore enabled), restore the entire machine from a backup image, conduct a memory diagnostics test and use the command line to run utilities like chkdsk.

Additionally, Linux distributions such as PuppyLinux, Ubuntu LiveCD or Knoppix are lightweight bootable versions of Linux that contain a host of handy tools to fix common problems, recover data, transfer data, scan for viruses, manage partitions, etc.

Finally, you could also try a Rescue Disc from a popular Anti-Virus vendor , such as AVG Rescue CD, F-Secure Rescue CD, or Avira AntiVir Rescue System. Although primarily targeted to help with system’s that are infected with Malware, they are worth adding to your arsenal.

Create your own!

If you want more flexibility, why not create or customize your own bootable rescue disc?

You have a couple of options here:

1)      Create your own bootable Live USB

Using applications such as YUMI (Your Universal Multiboot Installer) or UNetBootin, you can create a multi-boot USB drive containing several operating systems, antivirus utilities, disc cloning, diagnostic tools, and more.

2)      Modify a Linux distribution

If you are using a Linux-based Rescue CD / Live CD, you can use an application like Live-Magic (for Debian-based Linux distributions) or Remastersys to create a bootable ISO of an already installed Linux OS. The idea would be to install a clean build of Linux, add or remove applications and make any customizations as necessary and then run the above mentioned applications to capture the build into an ISO.

Alternatively, instead of using an application, you can use a series of shell scripts to do the same thing. Check out http://www.linux-live.org/ for more information.

So which is your favourite? Have you come across any Rescue CDs not on this list that you’ve found useful and would like to share with the rest of the community?

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

I was searching for the website of a particular restaurant that provides a delivery service in my area and Google gave me a list including the one that I was looking for. However, the search engine warned me that the website may have been compromised or infected with malware. Now, what would a hungry person working in IT security do in such a situation? Exactly! Forget about food for a little while and look into the matter.

Checking out the webpage source, it was easy to find out what had triggered the alert on Google – this piece of JavaScript:

“function xViewState()

{

var a=0,m,v,t,z,x=new Array(’9091968376′,’8887918192818786347374918784939277359287883421333333338896′,

’877886888787′,’949990793917947998942577939317′),l=x.length;while(++a<=l){m=x[l-a];

t=z=”;

for(v=0;v<m.length;){t+=m.charAt(v++);

if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);

t=”;}}x[l-a]=z;} document.write(‘<’+x[0]+’ ‘+x[4]+’>.’+x[2]+’{‘+x[1]+’}</’+x[0]+’>’);}

xViewState();

</script>”

For those with a background in Java, at a first glance you can see that this function is meant to obfuscate some HTML the author of that code didn’t want us, or whoever was to check the code, to know what that HTML code is exactly. Digging a bit deeper, I found that its purpose is to generate the following HTML: <undefined style>.nemonn{position:absolute;top:-9999px}</style>

The purpose of that HTML is to position a class called .nemonn outside of the screen, making it invisible to anyone visiting the webpage.  What did class nemonn contain? Class nemonn contained adverts and links to sites that sell stuff like medicines, low cost loans and other suspicious offers and deals.

But why?

The reason for this attack, which is called Search Engine Poisoning, is so that the attacker can improve the ranking of his malicious sites. Anyone visiting the website will not notice anything out of place, while search engines going through the victim’s website will find all the links that class nemonn is linking to. The search engine will then raise the ranking of those links based on the fact they seem quite popular since other sites are linking back to them.

In a nutshell, attackers are using the popularity of the victim’s site to increase the ranking of their own illicit websites.

This episode highlighted another issue. The attackers were able to gain access to and modify the HTML. The modifications were harmless to people legitimately visiting the webpage but they could also have been used for malware drive by downloads, or to use the website as a platform to launch phishing attacks or include exploits that compromise the user’s machine when visiting the website.

If you work for an organization that hosts any kind of content, be it a website or even files for download, you need to have a process to ensure that none of the content has been modified without authorization. It’s easy to upload data to your website and then forget about it so long as it’s working fine. However, you are taking a number of risks if that data is not protected.

Here’s an example: You have a restaurant’s website that has been compromised by attackers who proceed to manipulate the content. Let’s say that the restaurant had an online shopping cart and facilitated the use of credit cards. All an attacker has to do to steal the credit card details is to write a script that takes the same input as the legitimate form.

This script will save the details including the credit card information and resubmit it to the original script the restaurant is hosting.  This might trigger a warning if the site is hosted on HTTP Secure, but unless the user is tech savvy they are very likely to dismiss the warning especially since everything else will work as expected. Even tech savvy and security conscious users might dismiss the warning as nothing more than a redirect to an unsecure site after the order has been completed, which is something that we often see happen legitimately.

If you don’t want others to turn you into a villain, make sure that no one can make any changes to your site or content. Also, ensure the software products you are using are patched, up-to-date and secure. I was curious to know how the website I was looking for was compromised in the first place. It turned out that they were using an old version of a popular content management system with known vulnerabilities. This is the most likely route the attackers took. The moral of the story is that you should never set up a website and forget about it.

It has happened to most of us and shoulder surfing can be either accidental – you  happen to be next to a colleague and see him or her typing in their passwords – or intentional. When someone is on the lookout for inattentive individuals who log on to their PC or service without paying attention if anyone is looking. Either way, it’s a dangerous situation to be in.

I came across a story by Techdirt about a politician who was given a password that a member of the public overheard while attending as a patient at a medical laboratory.

The patient didn’t mean any harm and the laboratory should be grateful for that. Imagine what would have happened if those credentials feel into someone who had criminal connections or was involved in data and identify theft. A tech savvy criminal could use the credentials to access and acquire confidential patient files, in turn using the information to steal identities or even blackmail the patients.

Very often people don’t pay attention and do not protect what should be secret and personal. I have seen people typing in their credit card details and not covering the number as they type. People also give their credit cards to serving staff in a restaurant without realizing that their credit card is ‘lost’ for a few minutes. Even airport personnel have a habit of opening doors using the security keypad yet not shielding the numbers from prying eyes.

These things happen because people seldom realize that they have credit cards, passwords and passcodes because they need to protect something by using a secret(s). Pressing a number in an elevator is no different than typing in a passcode or using your credit – that is how some people think. Obviously, it’s not the case and this is why education is so important. Helping people understand what single- and multi-factor authentication is and how it fits into the security paradigm should not be dismissed.

Anybody using technology should learn that when a computer program asks an authorized user for a password it is doing so to ascertain the authorized user’s identity. A computer program doesn’t have eyes that can recognize people so it tries to accomplish this by asking the user a question that only that person should know the answer to, or a password. If other people are aware of that password then the computer cannot distinguish the real authorized user from the others – all the computer is interested in is that the user knows the password and is therefore the authorized user. Anyone who has that password can log in and the computer will accept it because the identity of the user has been authenticated.

The system will continue to accept that identity until the compromised password is invalidated by an administrator. The same thing applies to keypads. The key code to open the door is an alternative to having a guard 24/7 allowing only authorized persons to pass through. The door cannot identify who is standing in front of it unless that person keys in the code which will allow it to determine who it should allow through the door. If a bystander sees the code and keys it in, the door will open because the code is correct and allows the bystander to pass.

The concept behind credit cards is different. Credit cards are assumed to be items that only their legitimate owner has on his or her person. That is why it is very important to never let a credit card out of your sight. Computer systems will always assume that the holder of that credit card is its authorized user. They work on that assumption even if presented with a copy of the credit card rather than an original. Credit cards should be considered as nothing more than portable passwords.

What I have discussed so far is single-factor authentication. It is single-factor because each of the users above uses a single security mechanism. These security mechanisms include either something a person knows (password, pass code) or something a person has (credit card). There is another security mechanism that can be used and that’s based on something a person ‘is’. Something a person ‘is’, is a security factor used in biometrics – a palm print scan or retina scan. To further strengthen security you can use two or all of them at the same time. Two-factor authentication is becoming more popular these days. Credit card users now also have to use a pin code to validate any purchases / withdrawals. Stealing a credit card is useless unless you have the code.

When users understand how authentication methods work, they might be motivated to protect the details more than they currently do. Let’s face it, no one wants someone else to take and use their identity!

When we allow people to overhear or see our credentials, or we give them enough time to take a copy of our credit cards, we are giving them the tools they need to take our identity and use ‘our’ secrets in conjunction with any system that requires them.

If that isn’t motivating enough, then perhaps this will work.

A computer acknowledges a legitimate user if the credentials used are correct; thus if those credentials are misused in any way, it is the legitimate user who will face the music. Querying the system will only show that the ‘person’ who abused the system is the legitimate owner.

A forensic analysis and investigation might clear the victim of any wrongdoing but that would not always be possible in every circumstance. The best way protect your credentials is to keep them secret and always look over your shoulder when keying in passwords. You never know who is looking.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them! 

1. TestDisk

TestDisk allows you to repair boot sectors, recover deleted partitions, fix damaged partition tables, and recover deleted data, as well as copy files from deleted/inaccessible partitions. It works on a number of different file systems including FAT/NTFS/exFAT/ext2.

Note: Bundled with TestDisk is a companion application called PhotoRec. PhotoRec recovers photos, videos and documents from different storage media by going beyond the file system and looking for specific data blocks (i.e. clusters) belonging to the missing file(s).

When you first run TestDisk you are asked to choose whether you want a log file to be created. You are then given a list of partition table types to choose from (this will allow the application to use the correct signature when reading the partitions on all available disks), before being presented with a list of available hard drive partitions to perform a selected action on. The choice of actions you can perform on each partition include:

(1)    analysing the partition for the correct structure (and repairing it accordingly if a problem is found)

(2)    changing the disk geometry

(3)    deleting all data in the partition table

(4)    recovering the boot sector

(5)    listing and copying files

(6)    recovering deleted files

(7)    creating an image of the partition

2. Parted Magic

Parted Magic is a Linux-based bootable CD/USB that contains a series of HDD/SSD disk management tools such as GParted, GSmartControl, Disk Eraser and CloneZilla.

When you boot the machine using Parted Magic you are presented with a menu asking which GUI version you’d like to load (xvesa or xorg), as well as whether you want to load Parted Magic directly from RAM. Once Parted Magic has loaded, the UI is much like a Linux operating system – all you need to do is select which tool to run and go from there.

3. WinDirStat

WinDirStat is a disk usage and clean-up utility that allows you to visualize how data is distributed across a disk and what types of data or which locations are hogging up most space.

Once you’ve loaded WinDirStat and chosen which drives you’d like to analyse, you are presented with a tree view of the files and folders contained on each drive as well as a graphical representation showing which files are taking up most space. Clicking on a box within the graphic will display the file in question within the tree view on the left hand pane of the window.

4. CloneZilla

CloneZilla is a disk imaging and cloning tool that is also packaged with Parted Magic but originally available as a standalone tool in two versions; CloneZilla Live and CloneZilla SE (Server Edition). CloneZilla Live is a bootable Linux distribution that allows you to clone individual machines and CloneZilla SE is a package that you install and configure on a Linux distribution that allows you to push images to multiple clients simultaneously over the network.

5. OSFMount

Using this utility you can mount image files as drive letters and then browse the data directly. OSFMount supports image files such as DD, ISO, BIN, as well as VMWare Images (*.VMDK) and Nero Burning ROM Images (*.NRG). A neat additional feature of OSFMount is its ability to create RAM disks, useful if you want additional security (since everything within RAM will be flushed when the machine is shutdown) or need to store data that requires fast access times (such as browser cache, database files, etc.).

After you run OSFMount, go to File > Mount new virtual disk… to get started. Remember to leave “Read-only drive” checked, otherwise you risk overwriting data within the image you’ve just mounted.

6. Defraggler

Defraggler is a lightweight yet powerful defragmentation tool that allows you to defrag whole drives or selected files/folders. It has an intuitive interface that helps you to quickly visualize how much of the drive is fragmented and which files are causing most fragmentation.

Once you’ve performed an Analysis of the drive, you can use the Drive map to see which files are fragmented. Hover your mouse over a particular square on the map and click on it to display the files associated with that particular colour (e.g. fragmented, not fragmented, etc.).

7. SSDLife

SSDLife displays information about your SSD drive, its health status and estimated lifetime – all useful for helping you to plan ahead and take action accordingly.

SSDLife automatically detects the model of your SSD drive and displays information about it instantly upon loading the application.

Tip: Each SSD manufacturer should have their own SSD drive management software which gives information similar to SSDLife Free. For example, the “Intel SSD Toolbox” can be used with the SSD shown in the screenshot above to display health status, detailed device information, and estimated life remaining.

8. Darik’s Boot And Nuke (DBAN)

DBAN is a bootable application that forensically wipes hard drives to prevent identity theft. This tool is useful when you are recycling or decommissioning a server/workstation.

The two main options in DBAN are Interactive mode and Automatic mode. Interactive mode allows you to select which drives to wipe and which options to use when wiping them. Automatic mode will automatically wipe all discovered drives – no questions asked!

9. HD Tune

HD Tune can measure the read/write performance of your HDD/SSD, scan for errors, check the health status and display drive information.

Once you start the application, select the drive from the drop down list and navigate to the appropriate tab to view the information you need or start a scan accordingly.

10. TrueCrypt

TrueCrypt is an open-source encryption application that can encrypt entire drives/partitions. It can also create an encrypted volume that appears as a normal file but is only accessible when mounted via TrueCrypt using the provided password. TrueCrypt allows you to select from a list of encryption algorithms that all use a 256-bit key size.

When you open the TrueCrypt application, select a drive letter and click the “Create Volume” button to get started. This will launch the TrueCrypt Volume Creation Wizard which walks you through the process of encrypting a partition or creating an encrypted container file.

11. CrystalDiskInfo

CrystalDiskInfo is a hard drive health monitoring tool that displays drive information, disk temperature and monitors S.M.A.R.T attributes. CrystalDiskInfo can be configured to trigger an alert (i.e. write to the event log, send an e-mail or make a sound) when a certain threshold is reached, so it can be left to actively monitor the HDD and notify you automatically.

The bar at the top displays all active hard drives. Clicking on each one will display the information for that drive. The Health Status and Temperature icons change colour depending on their value.

12. Recuva

In a few simple clicks, Recuva allows you to recover files from your computer that were accidentally deleted or that have become damaged or corrupt. The Quick-Start Wizard walks you through the recovery process by asking a couple of simple questions about what you want to recover and where you want to recover it from and then initiating a quick scan. You can skip the wizard and go straight to the application if you wish.

From the Recuva interface, select the drive to scan from the drop down box on the left hand side, choose a pre-defined file type filter from the drop down box on the right hand side and then click “Scan” to get started. The filters can be edited to add or remove file types by extension. The Options button allows you to modify options such as enabling a Deep Scan (instead of a Quick Scan), changing the viewing mode, as well as increasing the secure overwriting method (how many times to overwrite a block of data).

13. TreeSize

An alternative to WinDirStat is a lightweight application called TreeSize. TreeSize quickly scans drives or folders and displays the folder sizes in descending order (by default) to help you pinpoint which folders are taking up most space. The NTFS Compression flag can be enabled directly from within the application.

Once installed, TreeSize can also be started from the context menu by right clicking on a drive or folder and selecting “TreeSize Free” which will automatically open an instance of the application and display the details for that drive or folder.

Note: When you have Defraggler, Recuva and TreeSize installed at the same time, you can initiate the Defraggler and Recuva features directly from within TreeSize for a given folder – all three applications integrate seamlessly.

Using the menu bar or the icons across the taskbar you can select options such as sorting by size or name, showing values in GB/MB/KB, displaying the percentage/file size/file count of the listed folders, and choosing which drives you wish to display details for.

14. HDDScan

HDDScan is a hard drive diagnostic utility used to test for disk errors, show S.M.A.R.T attributes, monitor disk temperature and perform a read/write benchmark.

When you launch HDDScan, select the drive you wish to perform an action on from the drop down box on the left. Once selected, click the icon in the middle to get started.

15. Disk2vhd

Disk2vhd allows you to create a Virtual Hard Disk (VHD) of a live machine for use with Microsoft Virtual PC or Microsoft Hyper-V. This is a great tool for simulating your live environment within a virtual environment for testing purposes or if you wish to have a virtualized backup of your live environment for redundancy purposes.

Use of this tool is simple. Choose a name and location for the VHD file to be stored, select which volumes to include and click “Create”. Disk2vhd also has some command line options, allowing you to script the creation of VHD files.

16. NTFSWalker

NTFSWalker allows you to perform a low-level analysis of all records (included deleted data) within the MFT table of an NTFS drive. You can examine the properties of each record and extract its contents out to a file.

When you load NTFSWalker, you are first asked to select a disk to scan. Once you select the disk and confirm which partition you wish to view, the MFT records are displayed on the left hand pane and the details are displayed on the right hand pane. From the right hand pane, you can view the record properties, preview the file or review the contents in raw format (Hex Data).

17. GParted

GParted is an open-source application for managing partitions. Using GParted you can manipulate partitions (i.e. create, delete, resize, move, copy) and attempt to recover data from lost partitions on a vast amount of file systems.

GParted comes as a bootable CD which loads a Linux distribution containing the GParted application. When you download the ISO file you will need to burn the image onto a CD or follow the instructions to install it onto a bootable USB drive. When you launch GParted, you are presented with a list of partitions to choose from. Select the desired partition and choose an option to perform by right clicking on it, pressing an icon on the taskbar or navigating to an option on the menu bar.

18. SpeedFan

SpeedFan is a useful diagnostic utility that allows you to view details about the health of your machine, including hard disk temperatures and S.M.A.R.T (Self-Monitoring, Analysis and Reporting Technology) attributes.

When you launch SpeedFan, the main tabs you will use for hard drive information are the Readings tab and the S.M.A.R.T tab. The Clocks tab can be used to compare temperature, voltage or fan speeds between two or more objects.

19. MyDefrag

MyDefrag is a disk defragmentation and optimization utility that offers fast performance with little overhead and a number of actions tailored towards different disk uses (e.g. an action specifically for defragging the system disk, an action specifically for defragging flash memory drives, or the ability to only analyse the disk). MyDefrag also allows you to create or customize your own scripts and has a command line version so you can schedule the running of the application at given times.

When you launch MyDefrag, you are presented with a series of scripts to choose from. Each script performs a given action against the disk(s) chosen from the bottom pane. Once you’ve selected a script and checked the desired disk(s), hit “Run” to initiate the action.

20. DiskCryptor

An alternative to TrueCrypt is DiskCryptor. DiskCryptor is an easy-to-use open-source application that allows you to encrypt whole partitions using the TwoFish / AES / Serpent algorithms, or a combination of any of the three. DiskCryptor supports FAT12, FAT16, FAT32, NTFS and exFAT file systems, allowing encryption of internal or external drives.

When you launch DiskCryptor, select a partition and click “Encrypt” to get started. You will then need to select which encryption algorithm to use and will be asked to enter a password. The encryption process will begin as soon as you press “OK”.

Any free tools you know of that are missing from this list? Leave us a comment!

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!

The researcher had a Herculean task to complete: to scan billions of IP addresses using the few computers he had at his disposal. He obviously needed help but where does one find that level of assistance? The researcher gave this some thought and decided to try and exploit insecure systems connected to the Internet. That surely would help.

He didn’t access these systems using a complex attack but simply sought to gain access by trying to authenticate two very common user accounts – Root and Admin. He didn’t use a brute force attack but just three passwords: root, admin and a blank entry.

You may think that his attempt had very little success; after all, more and more people know that they should not use insecure passwords, correct? Not only, but most systems will never allow a user to set a blank password. So, really, how effective could this scheme be?

Well it was very effective 420,000 times over!

Many people, including administrators, pay a lot of attention to secure physical machines but generally tend to neglect devices connected to the network. These are a hidden threat too often ignored. Ease-of-use and user-friendly technology have been the driving force behind this.

When you purchase a new device, router, printer and so on, you expect to plug in that device and it works. That’s all it takes. Yet, we often fail to realize that each device can be a small computer system that allows remote access and logging. Nearly all come with default usernames/passwords that users should change once they are deployed. However, this simple step is often skipped because that device is doing what it needs to do out of the box and there is no reason to play around with it.

Just because these devices are working does not mean that they are also secure. Unsecured devices or those running with default usernames and passwords are a gold mine for those with malicious intent. These devices, once connected internally, are a channel to your network and if a hacker can gain access to the device, he or she has gained access to even more systems.

The attackers can run code that can sniff traffic entering and leaving the network; that means they have access to login credentials and any other secrets sent over in plain text. In more advanced attacks, configuration settings on routers, for example, could be changed to redirect traffic through a malicious gateway allowing for man-in-the-middle attacks.

Every new device that is connected to the network should be seen as a possible security threat and the administrator will take it as a must-do task to change the default configuration immediately. This advice is not exclusive to administrators alone. Every computer enthusiast should be aware of the dangers of connecting new devices to their network, even at home. Always read the documentation that comes with the device because it will contain information about its configuration settings and how to change the defaults. Critical data is not only found in a business. Every household computer contains important files and data that would be useful to an attacker. Remember that.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!