A bunch of stuff
Here's a bunch of stuff I've run across recently...
As an update to my Working with email post, I found this post from digfor about a couple of other useful tools for handling email. The post mentions Mail Viewer from MiTeC, as well as the MiTeC Outlook Express Reader.
Digfor also mentions the ImDisk virtual disk driver, something I've mentioned before and included in my book. I agree, this is an excellent tool for mounting images of disks.
Digfor's post led me to this one about an SFCList tool that lets you see all of the files protected by WFP. From there, I found this link to disabling SFC...something I've been aware of for a while, and the reason I wrote the wfpcheck tool discussed in the second edition of my book. The link to disabling SFC led me this one, and I knew about this one. I think that it's important for all responders and analysts to be aware of this, as it can help you to find bad stuff on a system or within an acquired image. This came into play with MS's initial release of their description of W32/Virut.BM (hey, I didn't name the variant, but it's funny to me, too!). In that initial description, under the Analysis tab, they had no mention of SFC being disabled. To me, this was just another example of how AV vendors are missing the mark when it comes to helping their customers...rather than writing up malware in a way that helps the IT staffs that battle it, they write it up in a way that suits themselves.
Next - not a tool, per se, as much as a site...check out the Command Line Kungfu blog!
As an update to my Working with email post, I found this post from digfor about a couple of other useful tools for handling email. The post mentions Mail Viewer from MiTeC, as well as the MiTeC Outlook Express Reader.
Digfor also mentions the ImDisk virtual disk driver, something I've mentioned before and included in my book. I agree, this is an excellent tool for mounting images of disks.
Digfor's post led me to this one about an SFCList tool that lets you see all of the files protected by WFP. From there, I found this link to disabling SFC...something I've been aware of for a while, and the reason I wrote the wfpcheck tool discussed in the second edition of my book. The link to disabling SFC led me this one, and I knew about this one. I think that it's important for all responders and analysts to be aware of this, as it can help you to find bad stuff on a system or within an acquired image. This came into play with MS's initial release of their description of W32/Virut.BM (hey, I didn't name the variant, but it's funny to me, too!). In that initial description, under the Analysis tab, they had no mention of SFC being disabled. To me, this was just another example of how AV vendors are missing the mark when it comes to helping their customers...rather than writing up malware in a way that helps the IT staffs that battle it, they write it up in a way that suits themselves.
Next - not a tool, per se, as much as a site...check out the Command Line Kungfu blog!