Tool Sysinternal

Sysinternals Suite

Segno alcune utility interessanti si Sysinternal:

Disk2vhd simplifies the migration of physical systems into virtual machines (p2v).
Schedule file rename and delete commands for the next reboot. This can be useful for cleaning stubborn or in-use malware files.

Defragment your paging files and Registry hives!

Scan file shares on your network and view their security settings to close security holes.
Undelete Server 2003 Active Directory objects.

The PsTools suite includes command-line utilities for listing the processes running on local or remote computers, running processes remotely, rebooting computers, dumping event logs, and more.

Active socket command-line viewer.
See who owns an Internet address.
See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

Launch programs as a different user via a convenient shell context-menu entry.

Displays the SID of a computer or a user.

Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.

Bypass password screen during logon.

Scan your system for rootkit-based malware

This new utility enables you to create up to four virtual desktops and to use a tray interface or hotkeys to preview what’s on each desktop and easily switch between them.

Convert hex numbers to decimal and vice versa.

Search for ANSI and UNICODE strings in binary images.

Sysinternal Live

Nonostante si possano lanciare direttamente da rete senza doverli scaricaricare, ad esempio il programma Autoruns.exe può essere lanciato con il comando:

a volte può essere utile avere una copia in locale di tutti i programmi e poterla sincronizzare a intervalli regolari.

Per far questo possiamo usare il programma Robocopy e un piccolo file batch

Iniziamo creando una directory che conterrà tutti i programmmi, ad esempio:

c:\Program Files (x86)\Sysinternals Suite

dopodichè apriamo il notepad e inseriamo queste righe:

@echo off
set path=c:\Program Files (x86)\Sysinternals Suite
%windir%\system32\robocopy \\\Tools "%path%" /w:0 /r:0 /log+:"%path%\Update.log"

infine salviamo il file come Update.cmd nella directory appena creata.

Possiamo provare anche a lanciarlo e dopo qualche secondo dovremmo vedere i files che vengono scaricati e alla fine un log dell’operazione del file Update.log.