|
Filemon v7.02
|
|
Hits: 3 |
|
Date added: 01/19/2006 |
|
FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. FileMon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.
FileMon works on NT 4.0, Windows 2000, Windows XP, Windows XP and Windows Server 2003 64-bit Edition, Windows 2003 Server, Windows 95, Windows 98 and Windows ME. |
|
|
|
|
|
DOS Boot Disks
|
|
Hits: 3 |
|
Date added: 09/24/2005 |
|
,keywords=This Is A collection of DOS Boot Disks from 5.0 to 6.22. This writes to floppy so u can recover
|
|
|
|
|
|
The Coroner%60s Toolkit Source v1.18
|
|
Hits: 3 |
|
Date added: 08/13/2007 |
|
TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in. |
|
|
|
|
|
|
MSyslog v1.08g
|
|
Hits: 3 |
|
Date added: 09/06/2007 |
|
MSyslog is a logging subsystem for UNIX operating systems. It replaces the traditional UNIX logging daemon, syslogd, with an improved version that provides capabilities for log centralization, preservation of log integrity, and storage on a myriad of popular database engines. MSyslog, which stands for Modular Syslog, has a very flexible architecture that allows the administrator to configure it to receive log data from several input sources such as TCP and UDP network connections, UNIX named pipes and plaintext files. Log data storage is available through multiple output options including plaintext files, MySQL and PostgreSQL database engines. Log relaying can be performed over TCP sessions or the traditional UDP-based syslog protocol. MSyslog also supports filters that perform cryptographic integrity checks and filtering by regular expressions. MSyslog runs on a variety of UNIX and Linux operating systems. |
|
|
|
|
|
|
Sigcheck
|
|
Hits: 4 |
|
Date added: 03/01/2005 |
|
Verify that images are digitally signed and dump version information with this simple command-line utility.
usage: sigcheck [-i][[-s]|[-v]][-q][-u] [-c catalog file] <file or directory>
-c Look for signature in the specified catalog file
-i Show image signers
-s Recurse subdirectories
-q Quiet (no banner)
-u Show unsigned files only
-v Csv output
One way to use the tool is to check for unsigned files in your WindowsSystem32 directories with this command:
sigcheck -u c:windowssystem32
You should investigate the purpose of any files that are not signed.
Download Sigcheck (16 KB)
Streams
The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file's main unnamed data stream, but by using the syntax file:stream , you are able to read and write to alternates. Not all applications are written to access alternate streams, but you can demonstrate streams very simply. First, change to a directory on a NTFS drive from within a command prompt. Next, type echo hello > test:stream . You've just created a stream named 'stream' that is associated with the file 'test'. Note that when you look at the size of test it is reported as 0, and the file looks empty when opened in any text editor. To see your stream enter more < test:stream (the type command doesn't accept stream syntax so you have to use more).
NT does not come with any tools that let you see which NTFS files have streams associated with them, so I've written one myself. Streams will examine the files and directories (note that directories can also have alternate data streams) you specify and inform you of the name and sizes of any named streams it encounters within those files. Streams makes use of an undocumented native function for retrieving file stream information. Full source code is included.
Usage: streams [-s] [-d] <file or directory>
-s Recurse subdirectories.
-d Delete streams.
Streams takes wildcards e.g. 'streams *.txt'. |
|
|
|
