Sunday, December 1, 2013

Two utilities for measuring network throughput

Below are two utilities that can be used to measure network throughput between two Windows machines.  Both are portable and do not require any installation.

The first is LanBench and can be found at  After unzipping the download file, launch the main application.  On the computer you wish to use as a server, click on the Listen button.


On the other machine, click on File –> Configure.  Enter the IP address of the first machine and click on the OK button.


The second utility is NetIO-GUI and can be found at  Once unpacked, launch the main executable.  The mode can be either client or server.


More examples of network testing utilities can be found below.

Using the DISM command to free up some disk space with Windows

Starting with Windows Vista/Server 2008, a subfolder named WinSxS is present under the system folder.  This folder contains all Windows system components, and can grow quite large over time.  One option to use to lower the amount of disk space being used is to execute the following command.  The command dism.exe /Online /Cleanup-Image /AnalyzeComponentStore should offer some information concerning the current size.  To clean up the store, use the command below. 

dism.exe /Online /Cleanup-Image /StartComponentCleanup


The following command will remove files needed for the uninstallation of a service pack.

dism.exe /online /Cleanup-Image /SPSuperseded

The following command will remove all old versions of every component.

dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

Another method is to remove local setup files for features that will never be used.  To obtain a list of local components, use the command below:

dism.exe /Online /English /Get-Features /Format:Table

To remove a feature from the local system, use the command below:

dism.exe /Online /Disable-Feature /featurename:NAME /Remove

Windows 8 and 8.1 include a built-in scheduled task named StartConponentCleanup that will clean up any components 30 days after the initial installation date.

Forensic bootable environments

Below are some links to some bootable forensic environments.

How to determine PowerShell version

To determine the local PowerShell version, use the command $PSVersionTable.  The first example is version 2 while the second is version 3.

PS C:\> $PSVersionTable

Name                           Value                                                                                                                                                  
----                           -----                                                                                                                                                  
CLRVersion                     2.0.50727.5472                                                                                                                                         
BuildVersion                   6.1.7601.17514                                                                                                                                         
PSVersion                      2.0                                                                                                                                                    
WSManStackVersion              2.0                                                                                                                                                    
PSCompatibleVersions           {1.0, 2.0}                                                                                                                                             
PSRemotingProtocolVersion      2.1



Name                           Value                                                                                                
----                           -----                                                                                                
WSManStackVersion              3.0                                                                                                  
PSCompatibleVersions           {1.0, 2.0, 3.0}                                                                                      
BuildVersion                   6.2.9200.16398                                                                                       
PSVersion                      3.0                                                                                                  
CLRVersion                     4.0.30319.1008                                                                                       
PSRemotingProtocolVersion      2.2                                                                                                  

Show-Command cmdlet with PowerShell

If you are unsure what parameters are required for a cmdlet or wish to view the various fields in a different manner, the Show-Command cmdlet will display a separate dialog box with the available parameters.


Screen brightness parameter with Windows 8.1

Some devices experience viewing quality issues when the option to automatically adjust the screen brightness is enabled with Windows 8.1.  To disable this feature, access PC Settings –> PC and devices –> Power and sleep.  Set the “Adjust my screen brightness automatically” to Off.


PowerShell cmdlets for Windows Defender with Windows 8.1

Windows 8.1 includes PowerShell cmdlets for the local Windows Defender service.  A list of cmdlets can be obtained by using the command Get-Command –Module defender.


The cmdlet Get-MpComputerStatus will display overall details of the Windows Defender service.


The Get-MpPreference will display parameters for the application.


The cmdlet Update-MpSignature will start the signature update process.


Manual scans can be executed by using the Start-MpScan cmdlet.


The Get-MPThreatDetection cmdlet should display any threats that have been found.  In this example, no detected threats were present.


Screen captures of the initial installation of Hyper-V 2012 R2

Below are some screen captures of the initial installation of Hyper-V 2012 R2.










Shutdown utility within Windows 8.1

Windows 8.1 includes an executable that can be used to perform a shutdown.  Under the \Windows\System32 subfolder, an executable named slidetoshutdown.exe should be present.


A shortcut can be created on either the Start screen or the desktop.  When executed, a screen will appear with a simple slider down prompt to start the shutdown process.

How to disable animations within Office 2013

By default, Office 2013 includes animations which includes what appears to be a typing delay in Word.  To disable the animations globally, use the following Registry modification.

Windows Registry Editor Version 5.00