Sunday, December 1, 2013

Two utilities for measuring network throughput

Below are two utilities that can be used to measure network throughput between two Windows machines.  Both are portable and do not require any installation.

The first is LanBench and can be found at http://www.zachsaw.com/.  After unzipping the download file, launch the main application.  On the computer you wish to use as a server, click on the Listen button.

lanbench_1

On the other machine, click on File –> Configure.  Enter the IP address of the first machine and click on the OK button.

lanbench_2

The second utility is NetIO-GUI and can be found at http://sourceforge.net/projects/netiogui/.  Once unpacked, launch the main executable.  The mode can be either client or server.

netio_gui

More examples of network testing utilities can be found below.

https://code.google.com/p/iperf/

http://nutsaboutnets.com/netstress/

http://www.tamos.com/products/throughput-test/

http://www.ixiacom.com/products/ixchariot/

http://www.totusoft.com/lanspeed.html

Using the DISM command to free up some disk space with Windows

Starting with Windows Vista/Server 2008, a subfolder named WinSxS is present under the system folder.  This folder contains all Windows system components, and can grow quite large over time.  One option to use to lower the amount of disk space being used is to execute the following command.  The command dism.exe /Online /Cleanup-Image /AnalyzeComponentStore should offer some information concerning the current size.  To clean up the store, use the command below. 

dism.exe /Online /Cleanup-Image /StartComponentCleanup

dism

The following command will remove files needed for the uninstallation of a service pack.

dism.exe /online /Cleanup-Image /SPSuperseded

The following command will remove all old versions of every component.

dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

Another method is to remove local setup files for features that will never be used.  To obtain a list of local components, use the command below:

dism.exe /Online /English /Get-Features /Format:Table

To remove a feature from the local system, use the command below:

dism.exe /Online /Disable-Feature /featurename:NAME /Remove

Windows 8 and 8.1 include a built-in scheduled task named StartConponentCleanup that will clean up any components 30 days after the initial installation date.

Forensic bootable environments

Below are some links to some bootable forensic environments.

http://www.caine-live.net/

http://www.deftlinux.net/

http://win-ufo.org/

http://computer-forensics.sans.org/community/downloads

How to determine PowerShell version

To determine the local PowerShell version, use the command $PSVersionTable.  The first example is version 2 while the second is version 3.

PS C:\> $PSVersionTable

Name                           Value                                                                                                                                                  
----                           -----                                                                                                                                                  
CLRVersion                     2.0.50727.5472                                                                                                                                         
BuildVersion                   6.1.7601.17514                                                                                                                                         
PSVersion                      2.0                                                                                                                                                    
WSManStackVersion              2.0                                                                                                                                                    
PSCompatibleVersions           {1.0, 2.0}                                                                                                                                             
SerializationVersion           1.1.0.1                                                                                                                                                
PSRemotingProtocolVersion      2.1

 

$PSVersionTable

Name                           Value                                                                                                
----                           -----                                                                                                
WSManStackVersion              3.0                                                                                                  
PSCompatibleVersions           {1.0, 2.0, 3.0}                                                                                      
SerializationVersion           1.1.0.1                                                                                              
BuildVersion                   6.2.9200.16398                                                                                       
PSVersion                      3.0                                                                                                  
CLRVersion                     4.0.30319.1008                                                                                       
PSRemotingProtocolVersion      2.2                                                                                                  

Show-Command cmdlet with PowerShell

If you are unsure what parameters are required for a cmdlet or wish to view the various fields in a different manner, the Show-Command cmdlet will display a separate dialog box with the available parameters.

powershell_show_command

Screen brightness parameter with Windows 8.1

Some devices experience viewing quality issues when the option to automatically adjust the screen brightness is enabled with Windows 8.1.  To disable this feature, access PC Settings –> PC and devices –> Power and sleep.  Set the “Adjust my screen brightness automatically” to Off.

windows81_screen_brightness

PowerShell cmdlets for Windows Defender with Windows 8.1

Windows 8.1 includes PowerShell cmdlets for the local Windows Defender service.  A list of cmdlets can be obtained by using the command Get-Command –Module defender.

powershell_defender_windows81_1

The cmdlet Get-MpComputerStatus will display overall details of the Windows Defender service.

powershell_defender_windows81_2

The Get-MpPreference will display parameters for the application.

powershell_defender_windows81_3

The cmdlet Update-MpSignature will start the signature update process.

powershell_defender_windows81_4

Manual scans can be executed by using the Start-MpScan cmdlet.

powershell_defender_windows81_5

The Get-MPThreatDetection cmdlet should display any threats that have been found.  In this example, no detected threats were present.

powershell_defender_windows81_6

Screen captures of the initial installation of Hyper-V 2012 R2

Below are some screen captures of the initial installation of Hyper-V 2012 R2.

hyperv_2012_r2_installation_1

hyperv_2012_r2_installation_2

hyperv_2012_r2_installation_3

hyperv_2012_r2_installation_4

hyperv_2012_r2_installation_5

hyperv_2012_r2_installation_6

hyperv_2012_r2_installation_7

hyperv_2012_r2_installation_8

hyperv_2012_r2_installation_9

Shutdown utility within Windows 8.1

Windows 8.1 includes an executable that can be used to perform a shutdown.  Under the \Windows\System32 subfolder, an executable named slidetoshutdown.exe should be present.

slidetoshutdown

A shortcut can be created on either the Start screen or the desktop.  When executed, a screen will appear with a simple slider down prompt to start the shutdown process.

How to disable animations within Office 2013

By default, Office 2013 includes animations which includes what appears to be a typing delay in Word.  To disable the animations globally, use the following Registry modification.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Graphics]
"DisableAnimations"=dword:00000001

Saturday, November 2, 2013

Command to clear the local cache of the Windows Store

The command wsreset.exe will clear the local cache of the Windows Store with Windows 8 and 8.1.  The command needs to be executed with administrative authority.

wsreset_1 

A message should be displayed when the clearing process has completed.

wsreset_2

How to configure Windows version 8.1 to boot into the desktop

By default, Windows 8 did not allow an individual to boot directly into the desktop.  Windows 8.1 includes this feature.  To enable it, right-click on the Taskbar while on the desktop and access Properties.  Or via the Modern screen, search for “taskbar” and select Taskbar and Navigation.

windows81_taskbar_options_1

windows81_taskbar_options_2

Click on the Navigation tab.  The option to boot directly to the desktop should be near the middle of the dialog box with the text of “When I sign in or close all apps on a screen, go to the desktop instead of Start.”

windows81_taskbar_options_3

Another option within this dialog box is the feature “Show the Apps view automatically when I go to Start.”  This will display all of the existing applications in a list instead of the normal Modern start screen.

Screen capture option via the Share Charm within Windows 8.1

Windows 8.1 has a screen capture option available via the Share Charm.  When accessing the Share Charm, a down-arrow option should be present.

windows81_share_screencapture_1

An option to share a screen capture should be listed.

windows81_share_screencapture_2

The list of destination applications will depend on what local programs are installed.

windows81_share_screencapture_3

Wioski

Wioski is a free replacement for the SteadyState product that Microsoft has dropped.

http://www.wioski.com/

vGuestExplorer

vGuestExplorer is a Windows Explorer style tool which can copy files and folders to and from virtual machines without requiring network connectivity.  It does require PowerCLI.

http://www.vmwaredirectory.com/vguestexplorer

Hydration Kit for Microsoft’s Configuration Manager 2012

A Hydration Kit is a free download for creating an entire Configuration Manager 2012 infrastructure in a Virtual Machine. The VM runs on Hyper-V or VMware and allows Configuration Manager to be built into a complete lab environment quickly.

http://www.deploymentresearch.com/Research/tabid/62/EntryId/113/The-Hydration-Kit-for-ConfigMgr-2012-R2-is-available-for-download.aspx

Application View for vCenter Site Recovery Manager

Application View for vCenter Site Recovery Manager shows the application dependencies between virtual machines in a disaster recovery site.  This tool is packaged as a standalone virtual appliance, which can be easily set up in an environment which runs vCenter, vCenter Site Recovery Manager, and vCenter Infrastructure Navigator.  This fling identifies dependencies between virtual machines in a protected site and displays the information in a HTML user interface.

http://labs.vmware.com/flings/application-view-for-vcenter-site-recovery-manager

Friday, November 1, 2013

Using the apt-get command to clear some free disk space with Ubuntu

To free up some disk space with a Ubuntu/Debian-based system, the apt-get clean command can be used.  This command should remove downloaded .deb files or packages from the local repository within the paths /var/cache/apt/archives and /var/cache/apt/archives/partial.  The apt-get autoclean command is similar; the only difference is that it only removes package files that can not longer be downloaded.  An example would be a package that has a newer version within the repository.

sudo apt-get clean

sudo apt-get autoclean

apt_get_clean

How to configure iOS with version 7 to disable the default animations and transitions

Apple’s iOS version 7 included animations and transitions that could not be disabled.  The version 7.0.3 update included a new option to disable these features.  Access Settings –> General –> Accessibility –> Reduce Motion and enable the option.

ios_reduce_motion

Using the Verify button within Process Explorer

The Process Explorer utility from SysInternals has a verify process feature.  This option indicates whether the executable in question has been verified as digitally signed by a certificate that chains to a root authority trusted by the computer in question.

After launching Process Explorer, access the Properties of the entry in question.  Click on the Verify button on the Image tab.

process_explorer_verify_1

If the certificate is valid, a “verified” text should appear near the top of the dialog box near the description.

process_explorer_verify_2

Below is an example of an older application that did not return a “verified” value.  If a process does not return a “valid” certificate, this could be a clue that the entry in question may be malware.

process_explorer_verify_3

Disk Cleanup update for Windows 7

In October of 2013, Microsoft released an update to the Disk Cleanup utility for Windows 7.  The KB article concerning this update can be viewed at:

http://support.microsoft.com/kb/2852386

Once installed, launch the Disk Cleanup utility as normal.  Select your default partition.

windows7_disk_cleanup_1

Click on the “Clean up system files” button if the user account in question does not have local administrative authority as in this example.

windows7_disk_cleanup_2

When the application reloads, the list of items should include a new entry named “Windows Update Cleanup.”  In this example, this entry was over 3 GB in size.

windows7_disk_cleanup_3

During the next reboot, the boot screen may display a notification stating that some maintenance tasks are being performed.

windows7_disk_cleanup_4

Wednesday, October 9, 2013

Vyatta

Vyatta is an open-source Linux distribution that offers IPv4 and IPv6 routing, as well as other features such as a stateful firewall.  An .ISO can be downloaded at the link below.

http://www.vyatta.org/

The screen captures below were taken using VMware Workstation and Vyatta version 6.6.  An additional network adapter was added to the virtual machine’s configuration before the initial boot.

The .ISO is a Live CD that allows a direct boot.  The default user name and password are vyatta.  The show version command will display the version number of the application.

vyatta1

The install system command will start a wizard to install the application on the local hard drive.

vyatta2

vyatta3

As stated above, two network adapters were installed on the virtual machine.  This can be verified by the show interfaces command.

vyatta4

Vyatta is similar to Cisco’s IOS operating system in that it has two modes:  Operational and Configuration.  To enter Configuration Mode, use the command configure.  To exit Configuration Mode, use the exit command.  To save a change, use the commit command as well as the save command.

To allow SSH access, use the command set service ssh allow-root within the Configuration Mode.  Commit and save the modification.

vyatta5

To configure an initial IP address value, use the command set interfaces ethernet ethx address x.x.x.x/x.

vyatta6

To set the DNS server value, use the command set system name-server x.x.x.x.

vyatta7

The main gateway address can be set using the command set system gateway-address x.x.x.x.  The current configuration can be displayed by using the command show –all within the Configuration Mode.  The command run show configuration should display the same data.  The command show configuration commands should display information without the {} lines.  The hostname can be set by using the command set system host-name.

vyatta8

Tcpdump is available for packet analysis.  To view packets for IPv6 for example, use the command sudo tcpdump ip6.

vyatta9

Another example would be sudo tcpdump -nvi eth0 dst 172.16.1.1 and not port 22, which would return all traffic on eth0 with a destination IP address of 172.16.1.1 when the port is not 22.

vyatta10

The application tshark is available as well.

vyatta11

Several default time servers are present.  The command delete system ntp server value can be used to remove the default entries, and set system ntp server value can be used to add a new entry.

vyatta12

To shutdown the operating system, use the command poweroff.

A site that includes more commands can be found at http://www.v12n.com/mediawiki/index.php/Vyatta_How_To.  Details concerning IPv6 commands can be found at http://samsclass.info/ipv6/proj/pV7-dhcpv6.html.