A high level overview to perform live memory captures and analysis:
I previously wrote about how to have your system automatically clear the pagefile before a reboot or shutdown. There’s a couple other steps I recommend you make on your system…
Automatically permanently delete (Nuke on Delete)- Normally Delete sends files to the Recycle Bin and a Shift+Delete will permanently delete them. With the registry tweak below the normal Delete will also behave as a permanent delete. ***Note: Delete does not mean a file is deleted. It only frees up the file record and clusters so they _could_ be overwritten.
Scheduled Task to Zero out unused disk space – As I mentioned above a deleted file only insures that there is a _chance_ the file will be overwritten. If you run the below command it will zero out all unused disk space which _should_ be good enough to prevent file content recovery. ***Note: The deleted file name will still be lying around until a new file happens to overwrite it.
>cipher /W:[directory_to_wipe]
Here’s my scheduled task: C:\WINDOWS\system32\cmd.exe /c cipher /W:C:\
Scheduled Task to Delete Recent Items – Even if you permanently delete a file and or use Eraser there’s a copy of the filename in your Recent directory. I have the following scheduled task command which clears my Recent items once a day….
Task for Recent Items:
>C:\WINDOWS\system32\cmd.exe /c del “c:\documents and settings\[username]\recent\*.lnk”
Task for Recent Office Items:
>C:\WINDOWS\system32\cmd.exe /c del /Q “C:\Documents and Settings\[username]\Application Data\Microsoft\Office\Recent\*.*”
Eraser - I highly recommend using this great freeware utility. One of many things it does is adds a new option in your content menu to permanently delete a file and zero out the contents all at the same time.
I came across a handy (& free) Windows utility that allows you to export “non exportable” certificates. Do you want to get at those recovery certificates or private keys? Jailbreak can be snatched here: https://www.isecpartners.com/jailbreak.html
I recently setup a honeypot share on a Windows server. I put some very “interesting” files and directories in there (financial information, PII etc) and then enabled audit logging in Windows. There’s a very powerful but mostly unknown Windows tool called LogParser which can be used to query your System/Security event logs. It’s possible to write a script that will query your system security log every so often and look for requests to the honey pot. You can get very sophisticated using LogParser, a few hand written scripts, and the Windows Task Scheduler.
Now that Microsoft’s Bing has been out for a couple weeks I’m wondering everyone’s impression. I like the simple interface with minimal ad’s and clutter. Nothing like the MSN search. It looks awfully similar to Google’s interface.
However, I’m very disappointed with search results. I’m finding that most of my queries are not returning what I’m looking for. I find myself returning to google. This could be because the Bing engine doesn’t have enough information from analytics data to generate better results. Hopefully with time this will improve; once Bing see’s what pages users are really interested in.
Here’s a few [lesser] known Windows shortcuts: (feel free to share more in the comments!)
WinKey + E : Windows Explorer
WinKey + R : Run
WinKey + F : Find (Windows Search)
WinKey + L : Lock computer
WinKey + Pause/Break : Computer properties
CTRL + LEFT SHIFT + ESC : Task Manager
CTRL + ALT + END : Shows Shutdown menu *on remote machine*
Mar 20
In case you haven’t heard Internet Explorer 8 was released yesterday. You can download it here:
http://www.microsoft.com/windows/internet-explorer/default.aspx
I played around with it a little last night. Unfortunately it’s the same user interface as IE7. Where IE8 really steps it up is with security and privacy. There’s a built in SmartScreen filter that notifies you if a page is known to be malicious.
You can also clear all of your browsing artifacts with one click. There is also a new context menu (right click) that lets you jump right to your blog or map an address. There is compatibility mode to render pages as IE7 — what would really be nice is IE6 which so many pages seem to still be built for. Also I noticed they more or less stole the improved Firefox address bar that doubles as a history search.
I recommend trying it at least to give you something to talk about this weekend!
Mar 19
In case you haven’t seen or heard the new Microsoft Office 2007 includes a completely overhauled user interface dubbed Fluent. I’m been lucky enough at work to be included in our pilot program. Office 2007 features a new “ribbon” across the top of all applications. It is supposed to be a much more intuitive design to follow. Although there is a learning curve for any advanced Office user, there are reported productivity improvements after that.
I had the chance to ride in a friend’s Ford Fusion over the weekend – first time in this car. The Fusion is one of a handful of automobiles that features Ford Sync which was developed through a partnership by Ford and Microsoft. My Fusion experience was simply incredible. I’m in the market to buy a new car and was heavily leaning towards purchasing a Honda Civic Si Sedan — but no more! The Ford Sync technology is making me reconsider my decision (not to mention that Consumer Reports loves the Fusion).
Ford Sync handles the external audio input — usb or headphone jack. It also features a bluetooth receiver to work with your cell phone. First, my friend told his car “play nirvana” and Sync randomly selected a nirvana song on his mp3 player. It appears that Sync has internal memory that catalogs the media on your mp3 player. While we were driving the car speakers started playing a telephone ringing. My friend pushed a button on his steering wheel and answered the phone – it was his wife! I can see where having your car stereo morph into a cell phone would be great for long commutes. The voice recognition of Sync is also amazing. It never once hesitated when we gave it a command. My friend instructed Sync to call someone and we soon had them on the line. It also turns out that Sync 2.0 will read SMS (text) messages and interpret acronyms i.e. LOL.
Cadillac, Benz, BMW and other luxury cars have had bluetooth receivers built in for some while but they can’t compete with Sync technology in a Ford Fusion with MSRP $19,035.
Do you have a Microsoft Windows PC running slow? The first but usually most painful solution is to reformat and or reinstall.
However before proceeding with such drastic steps there are two things I recommend checking:
1) Do you have enough physical memory? You want to reduce the frequency of virtual memory paging activity. Run Task Manager by pressing CTRL+SHIFT+ESC. See below:
*Note: If you have Windows Vista or 7 remember you can add additional member on the fly with a USB stick by using ReadyBoost
2) Make sure your hard drive(s) is running in DMA mode. It is unfortunately not uncommon for Windows to revert to PIO mode which means transfer speeds of 3-4mbps instead of 50-60mbps. Basically remember that PIO=slow, DMA=fast. Open Device Manager by pressing WinKey+R and typing “devmgmt.msc”
