Sunday, December 1, 2013

Two utilities for measuring network throughput

Below are two utilities that can be used to measure network throughput between two Windows machines.  Both are portable and do not require any installation.

The first is LanBench and can be found at  After unzipping the download file, launch the main application.  On the computer you wish to use as a server, click on the Listen button.


On the other machine, click on File –> Configure.  Enter the IP address of the first machine and click on the OK button.


The second utility is NetIO-GUI and can be found at  Once unpacked, launch the main executable.  The mode can be either client or server.


More examples of network testing utilities can be found below.

Using the DISM command to free up some disk space with Windows

Starting with Windows Vista/Server 2008, a subfolder named WinSxS is present under the system folder.  This folder contains all Windows system components, and can grow quite large over time.  One option to use to lower the amount of disk space being used is to execute the following command.  The command dism.exe /Online /Cleanup-Image /AnalyzeComponentStore should offer some information concerning the current size.  To clean up the store, use the command below. 

dism.exe /Online /Cleanup-Image /StartComponentCleanup


The following command will remove files needed for the uninstallation of a service pack.

dism.exe /online /Cleanup-Image /SPSuperseded

The following command will remove all old versions of every component.

dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

Another method is to remove local setup files for features that will never be used.  To obtain a list of local components, use the command below:

dism.exe /Online /English /Get-Features /Format:Table

To remove a feature from the local system, use the command below:

dism.exe /Online /Disable-Feature /featurename:NAME /Remove

Windows 8 and 8.1 include a built-in scheduled task named StartConponentCleanup that will clean up any components 30 days after the initial installation date.

Forensic bootable environments

Below are some links to some bootable forensic environments.

How to determine PowerShell version

To determine the local PowerShell version, use the command $PSVersionTable.  The first example is version 2 while the second is version 3.

PS C:\> $PSVersionTable

Name                           Value                                                                                                                                                  
----                           -----                                                                                                                                                  
CLRVersion                     2.0.50727.5472                                                                                                                                         
BuildVersion                   6.1.7601.17514                                                                                                                                         
PSVersion                      2.0                                                                                                                                                    
WSManStackVersion              2.0                                                                                                                                                    
PSCompatibleVersions           {1.0, 2.0}                                                                                                                                             
PSRemotingProtocolVersion      2.1



Name                           Value                                                                                                
----                           -----                                                                                                
WSManStackVersion              3.0                                                                                                  
PSCompatibleVersions           {1.0, 2.0, 3.0}                                                                                      
BuildVersion                   6.2.9200.16398                                                                                       
PSVersion                      3.0                                                                                                  
CLRVersion                     4.0.30319.1008                                                                                       
PSRemotingProtocolVersion      2.2                                                                                                  

Show-Command cmdlet with PowerShell

If you are unsure what parameters are required for a cmdlet or wish to view the various fields in a different manner, the Show-Command cmdlet will display a separate dialog box with the available parameters.


Screen brightness parameter with Windows 8.1

Some devices experience viewing quality issues when the option to automatically adjust the screen brightness is enabled with Windows 8.1.  To disable this feature, access PC Settings –> PC and devices –> Power and sleep.  Set the “Adjust my screen brightness automatically” to Off.


PowerShell cmdlets for Windows Defender with Windows 8.1

Windows 8.1 includes PowerShell cmdlets for the local Windows Defender service.  A list of cmdlets can be obtained by using the command Get-Command –Module defender.


The cmdlet Get-MpComputerStatus will display overall details of the Windows Defender service.


The Get-MpPreference will display parameters for the application.


The cmdlet Update-MpSignature will start the signature update process.


Manual scans can be executed by using the Start-MpScan cmdlet.


The Get-MPThreatDetection cmdlet should display any threats that have been found.  In this example, no detected threats were present.


Screen captures of the initial installation of Hyper-V 2012 R2

Below are some screen captures of the initial installation of Hyper-V 2012 R2.










Shutdown utility within Windows 8.1

Windows 8.1 includes an executable that can be used to perform a shutdown.  Under the \Windows\System32 subfolder, an executable named slidetoshutdown.exe should be present.


A shortcut can be created on either the Start screen or the desktop.  When executed, a screen will appear with a simple slider down prompt to start the shutdown process.

How to disable animations within Office 2013

By default, Office 2013 includes animations which includes what appears to be a typing delay in Word.  To disable the animations globally, use the following Registry modification.

Windows Registry Editor Version 5.00


Saturday, November 2, 2013

Command to clear the local cache of the Windows Store

The command wsreset.exe will clear the local cache of the Windows Store with Windows 8 and 8.1.  The command needs to be executed with administrative authority.


A message should be displayed when the clearing process has completed.


How to configure Windows version 8.1 to boot into the desktop

By default, Windows 8 did not allow an individual to boot directly into the desktop.  Windows 8.1 includes this feature.  To enable it, right-click on the Taskbar while on the desktop and access Properties.  Or via the Modern screen, search for “taskbar” and select Taskbar and Navigation.



Click on the Navigation tab.  The option to boot directly to the desktop should be near the middle of the dialog box with the text of “When I sign in or close all apps on a screen, go to the desktop instead of Start.”


Another option within this dialog box is the feature “Show the Apps view automatically when I go to Start.”  This will display all of the existing applications in a list instead of the normal Modern start screen.

Screen capture option via the Share Charm within Windows 8.1

Windows 8.1 has a screen capture option available via the Share Charm.  When accessing the Share Charm, a down-arrow option should be present.


An option to share a screen capture should be listed.


The list of destination applications will depend on what local programs are installed.



Wioski is a free replacement for the SteadyState product that Microsoft has dropped.


vGuestExplorer is a Windows Explorer style tool which can copy files and folders to and from virtual machines without requiring network connectivity.  It does require PowerCLI.

Hydration Kit for Microsoft’s Configuration Manager 2012

A Hydration Kit is a free download for creating an entire Configuration Manager 2012 infrastructure in a Virtual Machine. The VM runs on Hyper-V or VMware and allows Configuration Manager to be built into a complete lab environment quickly.

Application View for vCenter Site Recovery Manager

Application View for vCenter Site Recovery Manager shows the application dependencies between virtual machines in a disaster recovery site.  This tool is packaged as a standalone virtual appliance, which can be easily set up in an environment which runs vCenter, vCenter Site Recovery Manager, and vCenter Infrastructure Navigator.  This fling identifies dependencies between virtual machines in a protected site and displays the information in a HTML user interface.

Friday, November 1, 2013

Using the apt-get command to clear some free disk space with Ubuntu

To free up some disk space with a Ubuntu/Debian-based system, the apt-get clean command can be used.  This command should remove downloaded .deb files or packages from the local repository within the paths /var/cache/apt/archives and /var/cache/apt/archives/partial.  The apt-get autoclean command is similar; the only difference is that it only removes package files that can not longer be downloaded.  An example would be a package that has a newer version within the repository.

sudo apt-get clean

sudo apt-get autoclean


How to configure iOS with version 7 to disable the default animations and transitions

Apple’s iOS version 7 included animations and transitions that could not be disabled.  The version 7.0.3 update included a new option to disable these features.  Access Settings –> General –> Accessibility –> Reduce Motion and enable the option.


Using the Verify button within Process Explorer

The Process Explorer utility from SysInternals has a verify process feature.  This option indicates whether the executable in question has been verified as digitally signed by a certificate that chains to a root authority trusted by the computer in question.

After launching Process Explorer, access the Properties of the entry in question.  Click on the Verify button on the Image tab.


If the certificate is valid, a “verified” text should appear near the top of the dialog box near the description.


Below is an example of an older application that did not return a “verified” value.  If a process does not return a “valid” certificate, this could be a clue that the entry in question may be malware.


Disk Cleanup update for Windows 7

In October of 2013, Microsoft released an update to the Disk Cleanup utility for Windows 7.  The KB article concerning this update can be viewed at:

Once installed, launch the Disk Cleanup utility as normal.  Select your default partition.


Click on the “Clean up system files” button if the user account in question does not have local administrative authority as in this example.


When the application reloads, the list of items should include a new entry named “Windows Update Cleanup.”  In this example, this entry was over 3 GB in size.


During the next reboot, the boot screen may display a notification stating that some maintenance tasks are being performed.


Wednesday, October 9, 2013


Vyatta is an open-source Linux distribution that offers IPv4 and IPv6 routing, as well as other features such as a stateful firewall.  An .ISO can be downloaded at the link below.

The screen captures below were taken using VMware Workstation and Vyatta version 6.6.  An additional network adapter was added to the virtual machine’s configuration before the initial boot.

The .ISO is a Live CD that allows a direct boot.  The default user name and password are vyatta.  The show version command will display the version number of the application.


The install system command will start a wizard to install the application on the local hard drive.



As stated above, two network adapters were installed on the virtual machine.  This can be verified by the show interfaces command.


Vyatta is similar to Cisco’s IOS operating system in that it has two modes:  Operational and Configuration.  To enter Configuration Mode, use the command configure.  To exit Configuration Mode, use the exit command.  To save a change, use the commit command as well as the save command.

To allow SSH access, use the command set service ssh allow-root within the Configuration Mode.  Commit and save the modification.


To configure an initial IP address value, use the command set interfaces ethernet ethx address x.x.x.x/x.


To set the DNS server value, use the command set system name-server x.x.x.x.


The main gateway address can be set using the command set system gateway-address x.x.x.x.  The current configuration can be displayed by using the command show –all within the Configuration Mode.  The command run show configuration should display the same data.  The command show configuration commands should display information without the {} lines.  The hostname can be set by using the command set system host-name.


Tcpdump is available for packet analysis.  To view packets for IPv6 for example, use the command sudo tcpdump ip6.


Another example would be sudo tcpdump -nvi eth0 dst and not port 22, which would return all traffic on eth0 with a destination IP address of when the port is not 22.


The application tshark is available as well.


Several default time servers are present.  The command delete system ntp server value can be used to remove the default entries, and set system ntp server value can be used to add a new entry.


To shutdown the operating system, use the command poweroff.

A site that includes more commands can be found at  Details concerning IPv6 commands can be found at