Liste de logiciels et utilitaires
Dernière modification : 2020-06-30
Ceci est une liste d'outils de forensique, d'analyse et utilitaires divers.
-
Sans Sift
https://digital-forensics.sans.org/community/downloads Sans Sift is a complete investigative toolkit that runs of a Ubuntu based live CD. It has a wealth of applications that will allow you to conduct in-depth forensic and incident response investigations. -
Autopsy Sleuth Kit
http://www.sleuthkit.org The Sleuth Kit also offers an in-depth analysis of file systems. It comes packaged with Autopsy that offers additional features, including, timeline analysis, hash filtering, file system analysis and keyword searching. -
Forensic Tool Kit Imager (FTKi)
http://www.accessdata.com FTK Imager provides you with a data preview and imaging tool allowing you to view findings in Windows Explorer. It can examine files and folders on local and network drives, and also review the contents of memory dumps. -
DEFT Linux
http://www.deftlinux.net If you want a bundle of popular free forensic tools, then look no further than DEFT. It includes tools for mobile a network forensics, data recovery, and hashing. -
Volatility
https://github.com/volatilityfoundation Volatility extracts digital artefacts from RAM dumps, giving you details of running processes, open network sockets, DLL's loaded, and a host other information. -
HxD
http://mh-nexus.de/en/hxd/ HxD, Freeware Hex Editor and Disk Editor, a user-friendly low-level hex editor that can be used on raw disk or main memory. It has a wealth of features, including exporting, file shredding and splitting of files. -
CAINE
http://www.caine-live.net Computer Aided Investigated Environmental, or CAINE, is a user-friendly way to create reports for your investigations as well as also packing some good forensic tools. -
RedLine
https://www.mandiant.com/ Want to examine a specific host? Mandiant RedLine will do that by collecting a huge amount of information on running processes, drivers, file system metadata, event logs and many other elements. -
PlainSight
http://www.plainsight.info And finally, PlainSight is a live CD that allows you to perform forensic tasks such as looking into Internet histories, gathering data on USB device usage, extracting password hashes and others.
https://digital-forensics.sans.org/community/downloads/digital-forensics-tools
-
AmcacheParser
Amcache.hve parser with lots of extra features. Handles locked files. -
AppCompatCacheParser
AppCompatCache aka ShimCache parser. Handles locked files. -
bstrings
Find them strings yo. Built in regex patterns. Handles locked files. -
EZViewer
Standalone, zero dependency viewer for .doc, .docx, .xls, .xlsx, .txt, .log, .rtf, .otd, .htm, .html, .mht, .csv, and .pdf. Any non-supported files are shown in a hex editor (with data interpreter!) - -
Evtx Explorer/EvtxECmd
Event log (evtx) parser with standardized CSV, XML, and json output! Custom maps, locked file support, and more! -
Hasher
Hash all the things -
JLECmd
Jump List parser -
JumpList Explorer
GUI based Jump List viewer -
LECmd
Parse lnk files -
MFTECmd
$MFT, $Boot, $J, $SDS, and $LogFile (coming soon) parser. Handles locked files. -
MFTExplorer
Graphical $MFT viewer -
PECmd
Prefetch parser -
RBCmd
Recycle Bin artifact (INFO2/$I) parser -
RecentFileCacheParser
RecentFileCache parser -
Registry Explorer/RECmd
Registry viewer with searching, multi-hive support, plugins, and more. Handles locked files -
SDB Explorer
Shim database GUI -
ShellBags Explorer
GUI for browsing shellbags data. Handles locked files -
Timeline Explorer
View CSV and Excel files, filter, group, sort, etc. with ease -
VSCMount
Mount all VSCs on a drive letter to a given mount point -
WxTCmd
Windows 10 Timeline database parser
iii) dCode : http://www.digital0detective.net/digital0forensic0software/free0tools/ iv) Cute Pdf Writer : http://www.cutepdf.com/products/cutepdf/writer.asp v) Encase Forensic Imager (EnFI) : https://www.guidancesoftware.com/encase0forensic0imager vi) 7zip : http://www.70zip.org/download.html vii) Quick Hash : https://sourceforge.net/projects/quickhash/ viii) The Regulator : https://sourceforge.net/projects/regulator/ ix) HxD : https://mh0nexus.de/en/downloads.php?product=HxD x) Windows Registry Recovery (WRR) Mitec : http://www.mitec.cz/wrr.html xi) MailViewer : http://www.mitec.cz/mailview.html xii) GeoSetter : http://www.geosetter.de/en/download/ xiii) USBdeView : http://www.nirsoft.net/utils/usb_devices_view.html xiv) DSi USB blocker : http://dsicovery.com/landing0pages/download0usb0write0blocker/ xv) USBDeviceForensic : http://www.woanware.co.uk/forensics/usbdeviceforensics.html xvi) Google Earth : https://www.google.com/earth/download/gep/agree.html xvii) Redline : https://www.fireeye.com/services/freeware.html xviii) Memoryze : https://www.fireeye.com/services/freeware.html xix) Highlighter : https://www.fireeye.com/services/freeware.html xx) Volatility : https://github.com/volatilityfoundation xxi) Json Viewer : http://jsonviewer.codeplex.com/ xxii) Sqlite Database viewer : https://sourceforge.net/projects/sqlitebrowser/ xxiii) Silent Eye : http://silenteye.v1kings.io/ xxiv) Thumbs Viewer : https://thumbsviewer.github.io/ xxv) Linux Reader : https://www.diskinternals.com/linux0reader/ xxvi) Plist Pad : https://www.johnwordsworth.com/projects/plist0pad/ xxvii) Evtx_view : https://www.tzworks.net/download_links.php xxviii) Tela : https://www.tzworks.net/download_links.php xxix) APFA : http://www.ash368.com/# xxx) VW7 : http://www.ash368.com/# xxxi) Info2 : http://www.ash368.com/# xxxii) MFTview : http://www.sandersonforensics.com/forum/list.php?category/460Free0Software Le ISO de Paladin – https://sumuri.com/ :
We know that managing disks takes up valuable time, and you need tools that can make the process more efficient. Here are 9 of the top FREE tools for sysadmins.
http://www.cgsecurity.org/wiki/TestDisk TestDisk is a great tool that helps you to repair boot sectors, recover deleted partitions, fix damaged tables and recover deleted tables. It can also handle a number of file systems, including FAT, NTFS, exFAT and ext2.
http://partedmagic.com Parted Magic is an Linux-based bootable CD/USB containing a number of tools. It can be loaded directly from RAM and runs like a Linux operating system, allowing you to easily select the tools you need.
http://clonezilla.org One of the tools packaged with Parted Magic is Clonezilla. This allows you to clone individual machines and simultaneously push images to multiple clients over your network.
https://www.piriform.com/defraggler Defraggler will defray whole drives or selected files and folders, while also identifying how badly the drive is fragmented and what's causing it.
http://www.dban.org Everyone needs to be conscious of data security and Darik's Boot And Nuke is perfect for cleaning out hard drives. This bootable application forensically wipes hard drives clean. Vital when you want to recycle or decommission a workstation.
http://www.osforensics.com/tools/moun... OSFMount not only mounts image files as drive letters, but can also create RAM disks for when you want additional security. It supports a variety of image files, including DD, ISO, BIN, VMDK and NRG.
https://windirstat.info WinDirStat gives you a graphical representation at which data and locations are hogging valuable space. It's great when you want to clean house.
https://www.piriform.com/recuva Accidentally deleted a file? Recuva will get it back, even if that file has become damaged or corrupted.
http://technet.microsoft.com/en-us/sy... Finally, Disk2vhd creates a virtual hard disk that will work with Microsoft's Virtual PC or Hyper-V. That's perfect when you want to stimulate your live environment.
Password Recovery Utilities
-
WebBrowserPassView
WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 8.0), Mozilla Firefox (All Versions), Google Chrome, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser. After retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the 'Save Selected Items' option (Ctrl+S). -
IE PassView
IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0-11.0, as well as older versions of Internet explorer, v4.0 - v6.0 -
PasswordFox
PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. -
ChromePass
ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time. You can select one or more items and then save them into text/html/xml file or copy them to the clipboard. -
WirelessKeyView
WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard. -
Network Password Recovery
When you connect to a network share on your LAN or to your .NET Passport/Messenger account, Windows XP/Vista allows you to save your password in order to use it in each time that you connect the remote server. This utility recovers all network passwords stored on your system for the current logged-on user. -
BulletsPassView
BulletsPassView is a password recovery tool that reveals the passwords stored behind the bullets in the standard password text-box of Windows operating system and Internet Explorer Web browser. After revealing the passwords, you can easily copy them to the clipboard or save them into text/html/csv/xml file. -
Mail PassView - Email Password Recovery Recovers the passwords and other email accounts information of the following email applications: Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007/2010/2013/2016, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird,
-
PstPassword
PstPassword is a small utility that recover lost password of Outlook .PST (Personal Folders) file. -
RouterPassView
Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed. The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless network keys. If you lost one of these password/keys, but you still have a backup file of your router configuration, RouterPassView might help you to recover your lost password from your router file. -
VaultPasswordView
VaultPasswordView is a simple tool for Windows 10/8/7 that decrypts and displays the passwords and other data stored inside 'Windows Vault'. You can use it to decrypt the Windows Vault data of your currently running system, as well as the Windows Vault data stored on external hard drive. -
CredentialsFileView
CredentialsFileView is a simple tool for Windows that decrypts and displays the passwords and other data stored inside Credentials files of Windows. You can use it to decrypt the Credentials data of your currently running system, as well as the Credentials data stored on external hard drive. -
EncryptedRegView
EncryptedRegView is a tool for Windows that scans the Registry of your current running system or the Registry of external hard drive you choose and searches for data encrypted with DPAPI (Data Protection API). When it finds encrypted data in the Registry, it tries to decrypt it and displays the decrypted data in the main window of EncryptedRegView. With this tool, you may find passwords and other secret data stored in the Registry by Microsoft products as well as by 3-party products. -
DataProtectionDecryptor
DataProtectionDecryptor is a powerful tool for Windows that allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system. You can use this tool to decrypt DPAPI data on your current running system and to decrypt DPAPI data stored on external hard drive. -
Remote Desktop PassView
Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside .rdp files. -
SecurityQuestionsView
SecurityQuestionsView is a tool for Windows 10 that allows you to view the security questions and their answers stored in the Registry by Windows 10 operating system. SecurityQuestionsView can decrypt the security questions stored on your current running system (Requires elevation) and it can also decrypt the security questions stored on external hard drive. SecurityQuestionsView displays the security questions of all users on your system that chose to set their security questions, for every user there are usually 3 questions. -
OperaPassView
OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file. You can easily select one or more passwords in the OperaPassView window, and then copy the passwords list to the clipboard and save it into text/html/csv/xml file. -
LSASecretsView
LSASecretsView is a small utility that displays the list of all LSA secrets stored in the Registry on your computer. The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys. -
LSASecretsDump
LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window. The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys. This utility is the console version of LSASecretsView. -
PCAnywhere PassView
Reveals the passwords stored in PCAnywhere items. Both login information and the protection passwords are revealed instantly. -
Access PassView
This utility reveals the database password of every password-protected mdb file that created with Microsoft Access 95/97/2000/XP or with Jet Database Engine 3.0/4.0 It can be very useful if you forgot your Access Database password and you want to recover it. -
Win9x PassView
The Win9x PassView utility reveals the passwords stored on your computer by Windows 95/98 operating system. -
Content Advisor Password Remover
Removes the Content Advisor password in Internet Explorer (versions 4.x and above). Visual C++ Source code is included. -
Enterprise Manager PassView
Reveals the passwords that SQL Server Enterprise Manager stores on your computer. -
VNCPassView
VNCPassView is a small utility that recover the passwords stored by the VNC tool. It can recover 2 of passwords: password stored for the current logged-on user (HKEY_CURRENT_USER in the Registry), and password stored for the all users. -
Dialupass - Dialup Password Recovery This utility enumerates all dialup/VPN entries on your computers, and displays their logon details: User Name, Password, and Domain. You can use it to recover a lost password of your Internet connection or VPN. Dialupass also allows you to save the dialup/VPN list into text/html/csv/xml file, or copy it to the clipboard.
-
MessenPass - Instant Messenger Password Recovery MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications: MSN Messenger, Windows Messenger (In Windows XP), Windows Live Messenger (In Windows XP And Vista), Yahoo Messenger (Version 5.x/6.x), ICQ Lite 4.x/5.x/2003, AOL Instant Messenger, AIM 6.x, AIM Pro, Trillian, Miranda, and GAIM.
-
AsterWin IE This utility reveals the passwords stored behind the asterisks in the web pages of Internet Explorer 5.0 and above. You can use it for recovering a lost web site password, if it's stored on your computer. It was developed in Visual Basic environment and requires the Visual Basic Runtime library.
Network Monitoring Tools
-
SmartSniff
SmartSniff allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS) -
WifiChannelMonitor
WifiChannelMonitor captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver in monitor mode, and displays extensive information about access points and the wifi clients connected to them. WifiChannelMonitor also allows you to view the information about wifi clients that are not connected to any access points, including the list of SSIDs (network names) that they are trying to connect. For every access point, the following information is displayed: SSID, MAC Address, Device Manufacturer , PHY Type, Channel, RSSI, Security, Beacons Count, Probe Responses Count, Data Bytes, Retransmitted Data Bytes, and more... For every client, the following information is displayed: MAC Address, Device Manufacturer, SSID list that the client tries to connect, Sent Data Bytes, Received Data Bytes, Probe Requests Count, and more... -
NetworkTrafficView
NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports. For every statistics line, the following information is displayed: Ethernet Type (IPv4, IPv6, ARP), IP Protocol (TCP, UDP, ICMP), Source Address, Destination Address, Source Port, Destination Port, Service Name (http, ftp, and so on), Packets Count, Total Packets Size, Total Data Size, Data Speed, Maximum Data Speed, Average Packet Size, First/Last Packet Time, Duration, and process ID/Name (For TCP connections). -
HTTPNetworkSniffer
HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method (GET, POST, HEAD), URL Path, User Agent, Response Code, Response String, Content Type, Referer, Content Encoding, Transfer Encoding, Server Name, Content Length, Cookie String, and more... You can easily select one or more HTTP information lines, and then export them to text/html/xml/csv file or copy them to the clipboard and then paste them into Excel. -
AppNetworkCounter
AppNetworkCounter is a simple tool for Windows that counts and displays the number of TCP/UDP bytes and packets sent and received by every application on your system. For every application, the following information is displayed: the number of sent and received bytes, number of sent and received packets, number of sent/received IPv4 bytes, and number of sent/received IPv6 bytes. It also displays the version information of the application - Product Name, Product Version, File Description, and Company Name. -
LiveTcpUdpWatch
LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system. Every line in the main table of LiveTcpUdpWatch displays the protocol (TCP/UDP/IPv4/IPv6), local/remote IP address, local/remote port, number of sent/received bytes, number of sent/received packets, connect/disconnect time (For TCP only), and the process (ID and path) responsible for this activity. -
PingInfoView
PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table. It automatically ping to all hosts every number of seconds that you specify, and displays the number of succeed and failed pings, as well as the average ping time. You can also save the ping result into text/html/xml file, or copy it to the clipboard. -
WifiInfoView
WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name (SSID), MAC Address, PHY Type (802.11g or 802.11n), RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name (Only for routers that provides this information), and more... When you select a wireless network in the upper pane of this tool, the lower pane displays the Wi-Fi information elements received from this device, in hexadecimal format. WifiInfoView also has a summary mode, which displays a summary of all detected wireless networks, grouped by channel number, company that manufactured the router, PHY type, or the maximum speed. -
SocketSniff
SocketSniff allows you to watch the Windows Sockets (WinSock) activity of the selected process. For each created socket, the following information is displayed: socket handle, socket type, local and remote addresses, local and remote ports, total number of send/receive bytes, and more. You can also watch the content of each send or receive call, in Ascii mode or as Hex Dump. -
CurrPorts
CurrPorts is a network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it. In addition, CurrPorts allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file. CurrPorts also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons) -
TcpLogView
TcpLogView is a simple utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.) -
ProcessTCPSummary
ProcessTCPSummary is a simple tool for Windows that displays a summary of all process that have TCP connections or listening UDP ports. For every process, this tool displays the total number of TCP connections, number of TCP connections for each status (Established, Listening, Syn-Sent, Syn-Received...), number of IPv4 TCP connections, number of IPv6 TCP connections, common port numbers, and more... If you run ProcessTCPSummary as Administrator, you can also watch the number of TCP/UDP bytes sent and received by every process as well as the current send/receive speed. -
NetworkConnectLog
NetworkConnectLog is a simple utility that repeatedly scans your local area network (Using ARP and Netbios protocols) and add a new log line every time that a new computer or device connects to your network, and when a computer or device disconnects from your network. After the connect/disconnect log lines are accumulated, you can easily export the log lines to comma-delimited/tab-delimited/html/xml file. -
NetworkLatencyView
NetworkLatencyView is a simple tool for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system. For every IP address, NetworkLatencyView displays up to 10 network latency values, and their average. The latency value calculated by NetworkLatencyView is very similar to the result you get from pinging to the same IP address. NetworkLatencyView also allows you to easily export the latency information to text/csv/tab-delimited/html/xml file, or copy the information to the clipboard and then paste it to Excel or other application. -
DNSQuerySniffer
DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records. You can easily export the DNS queries information to csv/tab-delimited/xml/html file, or copy the DNS queries to the clipboard, and then paste them into Excel or other spreadsheet application. -
WhoIsConnectedSniffer
WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER. For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address. After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file. -
Wireless Network Watcher
Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name. You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application. -
NetworkUsageView
NetworkUsageView extracts and displays the network usage information stored in the SRUDB.dat database of Windows 8 and Windows 10. The network usage data is collected every hour by Windows operating systems and includes the following information: The name and description of the service or application, the name and SID of the user, the network adapter, and the total number of bytes sent and received by the specified service/application. -
WakeMeOnLan
This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN (WOL) packet to the remote computers. When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list info a file. Later, when your computers are turned off or in standby mode, you can use the stored computers list to easily choose the computer you want to turn on, and then turn on all these computers with a single click. WakeMeOnLan also allows you to turn on a computer from command-line, by specifying the computer name, IP address, or the MAC address of the remote network card. -
NetworkCountersWatch
NetworkCountersWatch is a tool for Windows that displays system counters for every network interface on your system. The system counters include the number of incoming/outgoing bytes, number of incoming/outgoing packets, number of broadcast packets, and more. You can also initialize all counters to zero at any time in order to watch the network counters for specific event. NetworkCountersWatch also calculates and displays the current download speed and upload speed on your network interface. -
WifiHistoryView
WifiHistoryView is a simple tool for Windows 10/8/7/Vista that displays the history of connections to wireless networks on your computer. For every event that the computer connected to a wireless network or disconnected from it, the following information is displayed: The date/time that the event occurred, network name (SSID), profile name, network adapter name, BSSID of the router/Access Point, and more... WifiHistoryView can read the wifi history information from a running system or from external event log file of another computer. -
NetworkOpenedFiles
NetworkOpenedFiles is a simple tool for Windows that displays the list of all files that are currently opened by other computers on your network. For every opened filename, the following information is displayed: Filename, user name, computer name (On Windows 7/2008 or later), Permissions information (Read/Write/Create), locks count, file owner, file size, file attributes, and more... -
NetBScanner
NetBScanner is a network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address). NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file. -
WirelessNetView
WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you. For each detected network, it displays the following information: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, and more. -
WirelessConnectionInfo
WirelessConnectionInfo is a simple tool for Windows Vista/7/8/2008 that displays general information and statistics about the active wifi connection, including the SSID, BSSID, PHY Type, Signal Quality, Receiving rate, Transmission Rate, Authentication Algorithm, Channel Number, Total number of transmitted/received frames, and more... -
AdapterWatch
AdapterWatch displays useful information about your network adapters: IP addresses, Hardware address, WINS servers, DNS servers, MTU value, Number of bytes received or sent, The current transfer speed, and more. In addition, it displays general TCP/IP/UDP/ICMP statistics for your local computer. -
NetResView
NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares. -
NetRouteView
NetRouteView is a GUI alternative to the standard route utility (Route.exe) of Windows operating system. It displays the list of all routes on your current network, including the destination, mask, gateway, interface IP address, metric value, type, protocol, age (in seconds), interface name, and the MAC address. NetRouteView also allows you to easily add new routes, as well as to remove or modify existing static routes. -
CountryTraceRoute
CountryTraceRoute is a Traceroute utility, similar to the tracert tool of Windows, but with graphical user interface, and it's also much faster than tracert of Windows. CountryTraceRoute also displays the country of the owner of every IP address found in the Traceroute. After the Traceroute is completed, you can select all items (Ctrl+A) and then save them into csv/tab-delimited/html/xml file with 'Save Selected Items' option (Ctrl+S) or copy them to the clipboard (Ctrl+C) and then paste the result into Excel or other spreadsheet application. -
SniffPass - Password Sniffer
SniffPass is small utility that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords). You can use this utility to recover lost Web/FTP/Email passwords.
Web Browser Tools
-
BrowsingHistoryView
BrowsingHistoryView is a utility that reads the history data of 4 different Web browsers (Internet Explorer, Mozilla Firefox, Google Chrome, and Safari) and displays the browsing history of all these Web browsers in one table. The browsing history table includes the following information: Visited URL, Title, Visit Time, Visit Count, Web browser and User Profile. BrowsingHistoryView allows you to watch the browsing history of all user profiles in a running system, as well as to get the browsing history from external hard drive. You can also export the browsing history into csv/tab-delimited/html/xml file from the user interface, or from command-line, without displaying any user interface. -
BrowserDownloadsView
BrowserDownloadsView is a tool for Windows that displays the details of downloaded files of Chrome and Firefox Web browsers. For every download, the following information is displayed: Filename, Download URL, Web Page URL, Start Time, End Time, Download Duration, Download Size, Web Browser, and more... BrowserDownloadsView allows you to load the downloads list from your current running system (your user or all user profiles), from remote computer on your network , and from external hard drive. After BrowserDownloadsView loads the downloads list, you can select one or more downloads and then export them to comma-delimited/tab-delimited/html5/xml/JSON file or calculate the MD5/SHA1/SHA256/SHA512 hash of the downloaded files. -
WebCacheImageInfo
WebCacheImageInfo is a simple tool that searches for JPEG images with EXIF information stored inside the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and then it displays the list of all images found in the cache with the interesting information stored in them, like the software that was used to create the image, the camera model that was used to photograph the image, and the date/time that the image was created. -
ImageCacheViewer
ImageCacheViewer is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists the images displayed in the Web sites that you recently visited. For every cached image file, the following information is displayed: URL of the image, Web browser that was used to visit the page, image type, date/time of the image, browsing time, and file size. When selecting a cache item in the upper pane of ImageCacheViewer, the image is displayed in the lower pane, and you can copy the image to the clipboard by pressing Ctrl+M. -
FBCacheView
FBCacheView is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists all images displayed in Facebook pages that you previously visited, including profile pictures, images uploaded to Facebook, and images taken from other Web sites. For every Facebook image, the following information is displayed: URL of the image, Web browser that was used to visit the page, image type, date/time of the image, visit time, image file size, and external URL (For images taken from another Web site). -
BrowserAddonsView
BrowserAddonsView is a simple tools that displays the details of all Web browser addons/plugins installed in your system. BrowserAddonsView can scan and detect the addons of most popular Web browsers: Chrome, Firefox, and Internet Explorer. For Chrome and Firefox, BrowserAddonsView detects and scans all Web browser profiles if there are multiple profiles. -
IECacheView - Internet Explorer Cache Viewer IECacheView is a small utility that reads the cache folder of Internet Explorer, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: Filename, Content Type, URL, Last Accessed Time, Last Modified Time, Expiration Time, Number Of Hits, File Size, Folder Name, and full path of the cache filename. You can easily save the cache information into text/html/xml file, or copy the cache table to the clipboard and then paste it to another application, like Excel or OpenOffice Spreadsheet.
-
EdgeCookiesView
EdgeCookiesView is a tool for Windows that displays the cookies stored by newer versions of Microsoft Edge Web browser (Starting from Fall Creators Update 1709 of Windows 10). It also allows you to select one or more cookies and then export them to tab-delimited, csv file, html file, or to a file in cookies.txt format. You can read the cookies from the current running system or from the WebCacheV01.dat database on external hard drive. -
IECookiesView
This utility displays the details of all cookies that Internet Explorer stores on your computer. In addition, it allows you to change the content of the cookies, delete unwanted cookies files, save the cookies into a readable text file, find cookies by specifying the domain name, view the cookies of other users and in other computers, and more... -
WebCookiesSniffer
WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane. -
IEHistoryView
This utility reads all information from the history file on your computer, and displays the list of all URLs that you have visited with Internet Explorer browser in the last few days. It also allows you to select one or more URL addresses, and then remove them from the history file or save them into text, HTML or XML file. In addition, you are allowed to view the visited URL list of other user profiles on your computer, and even access the visited URL list on a remote computer, as long as you have permission to access the history folder. -
MZCookiesView
MZCookiesView is an alternative to the standard 'Cookie Manager' provided by Netscape and Mozilla browsers. It displays the details of all cookies stored inside the cookies file (cookies.txt) in one table, and allows you to save the cookies list into text, HTML or XML file, delete unwanted cookies, and backup/restore the cookies file. -
MZHistoryView
MZHistoryView is a small utility that reads the history data file (history.dat) of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web pages in the last days. For each visited Web page, the following information is displayed: URL, First visit date, Last visit date, Visit counter, Referrer, Title, and Host name. You can also easily export the history data to text/HTML/Xml file. -
MZCacheView
MZCacheView is a small utility that reads the cache folder of Firefox/Mozilla/Netscape Web browsers, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, Content type, File size, Last modified time, Last fetched time, Expiration time, Fetch count, Server name, and more. You can easily select one or more items from the cache list, and then extract the files to another folder, or copy the URLs list to the clipboard. -
FirefoxDownloadsView
This utility displays the list of the latest files that you downloaded with Firefox. For every download record, the following information is displayed: Download URL, Download Filename (with full path), Referrer, MIME Type, File Size, Start/End Time, Download Duration, and Average Download Speed. You can easily select one or more downloads, and then save the list into xml/html/text/csv file or copy the downloads information to the clipboard and paste it into Excel or other spreadsheet application. -
ChromeCookiesView
ChromeCookiesView is an alternative to the standard internal cookies viewer of Google Chrome Web browser. it displays the list of all cookies stored by Google Chrome Web browser, and allows you to easily delete unwanted cookies. It also allows you export the cookies into text/csv/html/xml file. For every cookie, the following information is displayed: Host Name, Path, Name, Value, Secure (Yes/No), HTTP Only Cookie (Yes/No), Last Accessed Time, Creation Time, Expiration Time. -
ChromeHistoryView
ChromeHistoryView is a small utility that reads the history data file of Google Chrome Web browser, and displays the list of all visited Web pages in the last days. For each visited Web page, the following information is displayed: URL, Title, Visit Date/Time, Number of visits, number of times that the user typed this address (Typed Count), Referrer, and Visit ID. You can select one or more history items, and them export them into html/xml/csv/text file, or copy the information to the clipboard and paste it into Excel. -
SafariHistoryView
SafariHistoryView is a simple utility for Windows that reads and parses the history file of Safari Web browser (history.plist) and displays the browsing history in a simple table. Every browsing history line includes the following information: URL, Web Page Title, Last Visit Time, Visit Count, Redirected To URL, and Record Index. SafariHistoryView allows you to easily export the browsing history data into text/csv/html/xml file, or copy the data to the clipboard and then paste it into Excel. -
SafariCacheView
SafariCacheView is a simple utility for Windows that reads and parses the cache file of Safari Web browser (cache.db) and displays the list of all cached files in a simple table. Every cache information line includes the following information: Filename, Content Type, URL, Content Length, Server Name, Server Time, Expiration Time, Last Modified Time, Content Encoding, and Referrer. SafariCacheView also allows you to select one or more cache items and then extract them into the desired folder or save the cache list into html/text/xml/csv file. -
OperaCacheView
OperaCacheView is a small utility that reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, Content type, File size, Last accessed time, and last modified time in the server. You can easily select one or more items from the cache list, and then extract the files to another folder, or copy the URLs list to the clipboard. -
ChromeCacheView
ChromeCacheView is a small utility that reads the cache folder of Google Chrome Web browser, and displays the list of all files currently stored in the cache. For each cache file, the following information is displayed: URL, Content type, File size, Last accessed time, Expiration time, Server name, Server response, and more. You can easily select one or more items from the cache list, and then extract the files to another folder, or copy the URLs list to the clipboard. -
FlashCookiesView
FlashCookiesView is a small utility that displays the list of cookie files created by Flash component (Local Shared Object) in your Web browser. For each cookie file, the lower pane of FlashCookiesView displays the content of the file in readable format or as Hex dump. You can also select one or more cookie files, and then copy them to the clipboard, save them to text/html/xml file or delete them. -
MyLastSearch
MyLastSearch utility scans the cache and history files of your Web browser, and locate all search queries that you made with the most popular search engines (Google, Yahoo and MSN). The search queries that you made are displayed in a table with the following columns: Search Text, Search Engine, Search Time, Web Browser, and the search URL. -
URLStringGrabber
URLStringGrabber is a small utility that scans all opened windows of Internet Explorer and grab the URLs stored in them, including clickable links, images, script files, CSS files, RSS feeds, and flash (.swf) files.
The URLs list is displayed in table, and you can easily export some of the URLs or the entire URLs list into text, csv, html, or xml file. You can also copy the URLs list into the clipboard and paste them into Excel or other spreadsheet application.
-
IEDesignMode
IEDesignMode Adds a new menu item into the context menu of Internet Explorer that allows you to easily switch the active Internet Explorer window to design mode. When a Web page in in design mode, you can change the location of images and other objects, change the current text, paste a new text into the Web page, and so on. After you made your changes, you can easily switch back to non-design mode and/or save the modified Web page to HTML file. -
FavoritesView
FavoritesView displays the list of all your Favorties (of Internet Explorer browser) and bookmarks (of Netscape/Mozilla browsers) in a single page. Each line in the list specifies the title of the item, the URL address, the created/modified date of the bookmark item, and the folder name. You select one or more of these bookmarks, and then copy them to the clipboard, delete them (Only for Internet Explorer Favorites), export them to tab-delimited text file, HTML file, or XML file. FavoritesView also allows you to locate duplicate URL addresses in your Favorites/Bookmarks or find specific item by specifying the URL or the title. -
ActiveX Compatibility Manager
This utility allows you to easily disable/enable ActiveX components on Internet Explorer browser.
Video/Audio Related Utilities
-
VideoCacheView
After watching a video in a Web site, you may want to save the video file into your local disk for playing it offline in the future. If the video file is stored in your browser's cache, this utility can help you to extract the video file from the cache and save it for watching it in the future. It automatically scans the entire cache of Internet Explorer and Mozilla-based Web browsers (Including Firefox) and finds all video files that are currently stored in it. It allows you to easily copy the cached video files into another folder for playing/watching them in the future. If you have a movie player that is configured to play flv files, it also allows you to play the video directly from your browser's cache. -
RTMPDumpHelper
RTMPDumpHelper is a small utility that can help you to easily download RTMP video/audio streams. By combining this utility and the proxy server of RTMPDump toolkit, you can simply open a Web page containing RTMP video stream in your favorite Web browser, and while watching the video, it'll be saved to your disk automatically as .flv or .mp4 file. RTMP is a streaming protocol used by Hulu, justin.tv, and by many live streaming Web sites. -
SoundVolumeView
SoundVolumeView is a simple tool for Windows Vista/7/8/2008 that displays general information and current volume level for all active sound components on your system, and allows you to mute and unmute them instantly. SoundVolumeView also allows you to save a sound profile into a file, containing the current volume level and the mute/unmute state of all sound components, as well as the default sound devices, and then later, load the same filename to restore exactly the same volume levels and settings. There is also extensive command-line support, which allows you to save/load profiles, change current volume of every sound component, and mute/unmute every sound component, without displaying any user interface. -
AppAudioConfig
Starting from Windows Vista, you are allowed to change the sound volume of every application separately, and after you exit from the application, the last settings are saved in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore so in the next time you run the application, your last settings are used. This tool displays your current audio settings of every application on your system, and allows you to easily change the setting of multiple applications at once. You can change the mute/unmute status, the sound volume level, and the right/left audio balance of the application. -
Volumouse
Volumouse provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse. It allows you to define a set of rules for determining when the wheel will be used for changing the sound volume. For example: You can configure Volumouse to use your mouse wheel for volume control when the Alt key is hold down, when the left mouse button is down, when the mouse cursor is over the taskbar, and so on... When the conditions that you define are not satisfied, your mouse wheel will be used for the regular scrolling tasks, exactly as before. -
InstalledCodec
InstalledCodec is a small utility displays the list of all Codec drivers and DirectShow filters currently installed on your system. For each component the following information is displayed: Display Name, Type, Disabled Status, Installed/Modified Time, Description, Company Name, Filename, and more... It allows you to easily disable or enable any Codec/DirectShow component or export the list into text/xml/html file. -
WebVideoCap
While watching a video in a Web site, you may sometimes want to save the video into your local drive, and then play it offline later. This utility allows you to capture .flv (Flash Video) files and RTSP streams while the Web browser download and play them inside a Web page. After the entire video file is downloaded and played by the Web browser, the video file is saved in the folder that you selected, and you can play it offline later with any Video player. WebVideoCap can capture the video files of most popular video-sharing sites, including YouTube, Google Video, Yahoo Video, iFilm, Metacafe, Putfile, and more...
Internet Related Utilities
-
DomainHostingView
DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company or data center that hosts the Web server, mail server, and domain name server (DNS) of the specified domain, the created/changed/expire date of the domain, domain owner, domain registrar that registered the domain, list of all DNS records, and more... -
DownTester - Internet Speed Test
DownTester allows you to easily test your Internet download speed in multiple locations around the world. It automatically test the download speed of the URLs that you choose, one after another. It moves to the next download URL after the specified number of seconds has been elapsed or after it downloads the specified amount of KB - just according to your preferences. After the download test is finished, you can easily save the result into text/html/xml/csv file, or copy it to the clipboard and paste it into Excel and other applications. -
NetConnectChoose
NetConnectChoose is a simple tool that allows you to easily choose the default Internet connection that will be used by all Internet applications, when you have more than a single Internet connection on the same time. (Each connection on different network adapter) It also displays extensive information about every active network/Internet connection, including network adapter name, MAC Address, Name Servers, MTU, Interface Speed, current incoming/outgoing data speed, number of received/sent packets, received/sent bytes, and more... -
HostedNetworkStarter
HostedNetworkStarter is a simple tool for Windows 7 and later that allows you to easily create a wifi hotspot with your wireless network adapter, using the Wifi hosted network feature of Windows operating system. With the wifi hotspot created by this tool, you can allow any device with wifi support to access the network and the Internet connection available in your computer. -
IPNetInfo
IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more. This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses. -
WhoisThisDomain
This utility allows you to easily get information about a registered domain. It automatically connects to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. It supports both generic domains and country code domains. -
IPInfoOffline
IPInfoOffline Allows you to view information about IP addresses, without connecting any external server. It uses a compressed IP addresses database that is stored inside the exe file. For each IP address, the following information is displayed: IP block range, Organization (RIPE, ARIN, APNIC, LACNIC or AFRINIC), Assigned Date, Country Name, and Country Code. After retrieving the information about the desired IP addresses, You can copy the information to the clipboard, or save it into text/html/xml/csv file. -
DNSDataView
This utility is a GUI alternative to the NSLookup tool that comes with Windows operating system. It allows you to easily retrieve the DNS records (MX, NS, A, SOA) of the specified domains. You can use the default DNS server of your Internet connection, or use any other DNS server that you specify. After retrieving the DNS records for the desired domains, you can save them into text/xml/html/csv file. -
QuickSetDNS
QuickSetDNS is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection. You can set the desired DNS servers from the user interface, by choosing from a list of DNS servers that you defined, or from command-line, without displaying any user interface. -
MACAddressView
MACAddressView is a MAC address lookup tool that allows you to easily find the company details (company name, address, and country) according to the MAC address of a product. MACAddressView also allows you to find MAC address records according to the company name, company address, or country name. After finding the desired MAC address records, you can save them into text/xml/HTML/csv file or copy them to the clipboard and paste them into Excel or other applications. -
FastResolver
FastResolver is a small utility that resolves multiple host names into IP addresses and vice versa. You can simply type the list of IP addresses or host name that you want to resolve, or alternatively, you can specify IP addresses range that you want to scan. For local network, FastResolver also allows you to get the MAC address of all IP addresses that you scan. FastResolver is a multithreaded application, so it can resolve dozens of addresses within a few seconds. -
WebSiteSniffer
WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files. While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on) -
SiteShoter - Capture Website Screenshots
SiteShoter is a small utility that allows you to save a screenshot of any Web page into a file. It automatically creates hidden window of Internet Explorer, loads the desired Web page, and than save the entire content of the Web page into an image file (.png, .jpg, .tiff, .bmp or .gif). You can use SiteShoter in user interface mode, or alternatively, you can run SiteShoter in command-line mode without displaying any user interface. -
SeqDownload
This utilities allows you to automatically download live images from the Web for every xxx seconds/minutes and store the files on your local drive. After collecting a fair amount of images, you can easily create nice animation from the downloaded images. This utility is especially useful for live cams Web sites, weather radar images, and satellite images. -
HTMLAsText
HTMLAsText utility converts HTML documents to simple text files, by removing all HTML tags and formatting the text according to your preferences. -
AddrView
AddrView allows you to parse HTML pages and extract most URL addresses stored in them. AddrView extracts URLs of images (\ tag), links to other files (\ tag), CSS files, frames, Flash files, and more. -
TagsReport
TagsReport reads HTML file and displays statistical information about the tags the appears in it. JavaScript Animator Express v1.10 This utility allows you to easily create animation from image files (GIFs and JPGs) on your local drive. The animation is achieved by creating a simple HTML page with JavaScript animation, and running it on your default browser. -
CustomizeIE
Add new menu items and toolbar buttons to Internet Explorer -
TurnFlash (UI Version)
TurnFlash is a small utility that allows you to eaily disable and enable the Macromedia Flash player component in Internet Explorer. -
TurnFlash (command-line version)
small command-line utility that allows you to eaily disable and enable the Macromedia Flash player component in Internet Explorer. Source code is included! -
MIMEView
This utility displays the list of all MIME types defined in your system. For each MIME type, information about the associated file extension and installed plugin is also displayed.
Command-Line Utilities
-
NirCmd
NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. By running NirCmd with simple command-line option, you can write and delete values and keys in the Registry, write values into INI file, dial to your internet account or connect to a VPN network, restart windows or shut down the computer, create shortcut to a file, change the created/modified date of a file, change your display settings, and more... -
GetNir
GetNir is a command-line tool for Windows that receives tab-delimited or comma-delimited data from other NirSoft tools through Standard input (stdin) , finds and extracts the desired values according to the specified filter expression and column names, and then sends these values to the Standard output (stdout). -
WirelessNetConsole
WirelessNetConsole is a small console application that dumps all current detected wireless networks information into the standard output. For each wireless network, the following information is displayed: SSID, Signal Quality in %, PHY types, RSSI, MAC Address, Channel Frequency, and more. -
BluetoothCL
BluetoothCL is a small console application that dumps all current detected bluetooth devices into the standard output. For each Bluetooth device, the following information is displayed: MAC Address, Name, Major Device Type, Minor Device Type, and optionally the company name of the device (if external file of MAC addresses - oui.txt is provided) -
RegFileExport
RegFileExport is a small console application that allows you to easily extract data from offline Registry file located on another disk drive. RegFileExport read the Registry file, ananlyze it, and then export the Registry data into a standard .reg file of Windows. You can export the entire Registry file, or only a specific Registry key. RegFileExport may also be able to export some of the Registry data even when the Registry file is corrupted and cannot be loaded by Windows. -
RunFromProcess
RunFromProcess is a command-line utility that allows you to run a program from another process that you choose. The program that you run will be executed as a child of the specified process and it'll run with the same user and security context of the specified parent process. -
AtNow
AtNow is a command-line utility that schedules programs and commands to run in the near future. -
WhosIP
WhosIP is a simple command-line utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more. -
WhoisCL
WhoisCL is a simple command-line utility that allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. It supports both generic domains and country code domains. -
SNRemove
This utility removes the reference to strong name signature from .NET exe and dll files. After removing the strong name reference, you can make any change you want in dll/exe file, without getting any exception or error message. -
DumpEDID
DumpEDID is a small console application that extract the EDID ("Extended display identification data") records from your computer, analyze it, and dump it into the console window. EDID record provide essential information about your monitor: manufacture week/year, monitor manufacturer, monitor model, supported display modes, and so on... You can also get the EDID records of a remote computer, if you login to this computer with administrator rights. (DumpEDID is the console version of MonitorInfoView utility)
Desktop Utilities
-
GUIPropView
GUIPropView displays extensive information about all windows currently opened on your system. The upper pane of GUIPropView displays all top level windows, and when you select a window in the upper pane, the lower pane displays the list of all child windows of the selected top level window. You can also select one or more windows and then do some actions on them like close, hide, show, minimize, maximize, disable, enable, and so on... -
FileTypesMan
FileTypesMan is an alternative to the 'File Types' tab in the 'Folder Options' of Windows. It displays the list of all file extensions and types registered on your computer. For each file type, the following information is displayed: Type Name, Description, MIME Type, Perceived Type, Flags, Browser Flags, and more. FileTypesMan also allows you to easily edit the properties and flags of each file type, as well as it allows you to add, edit, and remove actions in a file type. -
ShortcutsMan
ShortcutsMan displays the details about all shortcuts that you have on your desktop and under your start menu. Broken shortcuts (shortcuts that point to file that doesn't exist) are automatically painted with pink color. You select one or more shortcuts, and then delete them, resolve them or save the shortcut's details to HTML/Text/XML file. -
OpenWithView
OpenWithView is a small utility that displays the list of all available applications in the 'Open With' dialog-box of Windows, and allows you to easily disable/enable the applications in the list. When application is disabled, it won't be displayed in the 'Other Programs' section of the 'Open With' dialog-box. This utility can be useful if your 'Open With' window displays too much applications, and you want to remove the applications that you don't use frequently. -
SpecialFoldersView
Windows operating system have dozens of special folders that are used for storing application settings and files, storing Internet files, saving temporary files, storing shortcuts to other files, and so on. This utility displays the list of all special folders in your system, and allows you to easily jump to the right folder simply by double-clicking the folder item. You can also save the list of all folder paths into text/html/xml file. -
WinLister
This utility displays the list of opened windows on your system. For each window, some useful information is displayed: the title, the handle of window, location, size, class name, process number, the name of the program that created the window, and more... In addition, you can easily hide, show or close the selected windows, or save the windows list to text or HTML file. -
InsideClipboard
Each time that you copy something into the clipboard for pasting it into another application, the copied data is saved into multiple formats. The main clipboard application of Windows only display the basic clipboard formats, like text and bitmaps, but doesn't display the list of all formats that are stored in the clipboard. InsideClipboard is a small utility that displays the binary content of all formats that are currently stored in the clipboard, and allow you to save the content of specific format into a binary file. -
Clipboardic
Clipboardic is a small utility that listen to the clipboard activity, and each time that you copy something into the clipboard, it automatically save the copied data into Windows clipboard file (.clp). Later, when you need the copied data again, you can simply select the right clipboard file, and Clipboardic will automatically insert it into the clipboard. Clipboardic also allows you to easily share the clipboard data between multiple computers on your local network. -
CustomExplorerToolbar
CustomExplorerToolbar is small utility for Windows 7 only, which allows you to easily customize the toolbar of Windows Explorer, and add buttons that were existed in previous versions of Windows, like Copy, Cut, Paste, Select All, and more. This utility also allows you to remove the toolbar buttons that you previously added. -
NirExt
NirExt utility adds 3 useful context menu extensions to your Windows Explorer environment: Folder Properties: This option is available in the context menu when you right-click on a folder in your file system. It allows you change the icon of any folder you want, and change the text that appears when the mouse cursor moves over the folder. Advanced Run: This option is available in the context menu when you right-click on an executable file (*.EXE). It allows you to instantly run an application with command-line and some other options. Create Shortcut+: This option is available in the context menu when you right-click on any file in your system. It allows you to instantly create a shortcut and drop it into one of the following folders: Desktop, Start Menu, Programs folder under Start Menu, Common Desktop (for all users), Common Start Menu (for all users), and Common Programs folder (for all users) under Start Menu.
Outlook/Office Utilities
-
NK2Edit
Every time that you type an email address or name in the message window of MS-Outlook, it automatically offer you a list of users and email address that you can choose. This feature is known as 'AutoComplete' and Outlook automatically build this emails list according to user activity and save it into a file with .NK2 extension. In some circumstances, you may need to fix or modify the values appeared in the AutoComplete list, or you may want to remove unwanted email addresses and/or to add new email addresses. MS-Outlook doesn't provide any ability to edit this AutoComplete list, so this is where NK2Edit software can help you. NK2Edit is a real NK2 editor that allows you to modify all fields in NK2 file, delete unwanted records, add new records, repair corrupted nk2 files, merge 2 or more NK2 files into a single NK2 file, and more... -
OutlookAttachView
OutlookAttachView scans all messages stored in your Outlook, and displays the list of all attached files that it finds. You can easily select one or more attachments and save all of them into the desired folder, as well as you can delete unwanted large attachments that take too much disk space in your mailbox. You can also save the list of attachments into xml/html/text/csv file. -
OutlookStatView
OutlookStatView scans your Outlook mailbox, and display a general statistics about the users that you communicate via emails. For each user/email, the following information is displayed: The number of outgoing messages that you sent to the user (separated by to/cc/bcc), the number of incoming message that the user sent to you, the total size of messages sent by the user, the email client software used by this user, and the time range that you send/received emails with the specified user. -
OutlookAddressBookView
OutlookAddressBookView is a simple utility that displays the details of all recipients stored in the address books of Microsoft Outlook. For every recipient entry, the following information is displayed: Email Address, Display Name, Address Type (MS-Exchange or SMTP), Street Address, Phone Number, Created Time, Modified Time (Works only with address books of Exchange server), and more... You can easily select one or more recipients from the list and export them into tab-delimited/comma-delimited/xml/html file, or copy them to the clipboard and then paste the list into Excel. -
OfficeIns - Microsoft Office Add-Ins Manager
OfficeIns is a small utility that displays the details of all installed Microsoft Office add-ins on your computer, and allows you to disable/enable them.
Programmer Tools
-
DLL Export Viewer
This utility displays the list of all exported functions and their virtual memory addresses for the specified DLL files. You can easily copy the memory address of the desired function, paste it into your debugger, and set a breakpoint for this memory address. When this function is called, the debugger will stop in the beginning of this function. -
GDIView
GDIView is a unique tool that displays the list of GDI handles (brushes, pens, fonts, bitmaps, and others) allocated by every process. It displays the total count for each type of GDI handle, as well as detailed information about each handle. This tool can be useful for developers that need to trace GDI resources leak in their software. -
HeapMemView
HeapMemView is a small utility that allows you to view the content of all memory blocks allocated in the heap of the process that you select. This tool can be useful for developers that need to trace memory leaks in their software. -
DeviceIOView
DeviceIOView allows you to watch the data transfer between a software or service and a device driver (DeviceIoControl calls). For each call to a device driver, the following information is displayed: Handle, Control Code, number of input bytes, number of output bytes, the name of the device handle, and all the input/output bytes, displayed as Hex dump. -
SimpleProgramDebugger
SimpleProgramDebugger is a simple debugging tool that attaches to existing running program or starts a new program in debugging mode, and then displays all major debugging events occurs while the program is running, including Exception, Create Thread, Create Process, Exit Thread, Exit Process, Load DLL, Unload Dll, and Debug String. After the debugging events are accumulated, you can easily export them into comma-delimited/tab-delimited/xml/html file or copy them to the clipboard and then paste them into Excel or any other spreadsheet application.
Disk Utilities
SearchMyFiles v3.10 SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows. It allows you to easily search files in your system by wildcard, by last modified/created/last accessed time, by file attributes, by file content (text or binary search), and by the file size. SearchMyFiles allows you to make a very accurate search that cannot be done with Windows search. For Example: You can search all files created in the last 10 minutes with size between 500 and 700 bytes. After you made a search, you can select one or more files, and save the list into text/html/csv/xml file, or copy the list to the clipboard. DriveLetterView v1.50 DriveLetterView is a simple utility that allows you to view the list of all drive letter assignments in your system, including local drives, remote network drives, CD/DVD drives, and USB drives - even if they are not currently plugged. It also allows you to easily change a drive letter of USB devices and remote network shares, as well as to delete a drive letter of USB device that is not plugged. You can also use DriveLetterView to export the list of all drives into text/csv/html/xml file. DiskCountersView v1.27 DiskCountersView displays the system counters of each disk drive in your system, including the total number of read/write operations and the total number of read/write bytes. It also displays general drive information, like disk name, partition number, partition location, and so on. AppReadWriteCounter v1.26 AppReadWriteCounter is a tool for Windows that counts and displays the current file read/write operations of every application running on your system. It displays the number of read/write bytes, the number of read/write operations, current calculated read/write speed, and the details about the application (product name, product version, and so on) that makes the file read/write operations. FileActivityWatch v1.55 FileActivityWatch is a tool for Windows that displays information about every read/write/delete operation of files occurs on your system. For every file, FileActivityWatch displays the number of read/write bytes, number of read/write/delete operations, first and last read/write timestamp, and the name/ID of the process responsible for the file operation. FileAccessErrorView v1.22 FileAccessErrorView is a diagnostic tool for Windows that displays information about errors occur while programs running on your system try to open/read/write/delete a file. FileAccessErrorView displays the filename that the application tried to open/read/write/delete, the process id/name of the application, the error code (NTSTATUS code), the description of the error code, the number of times that this error occurred, and the timestamp of this error. DiskSmartView v1.21 DiskSmartView is a small utility that retrieves the S.M.A.R.T information (S.M.A.R.T = Self-Monitoring, Analysis, and Reporting Technology) from IDE disks. This information includes the disk model/firmware/serial number, cylinders/heads, power-on hours (POH), internal temperature, disk errors rate, and more. You can use the S.M.A.R.T information retrieved by DiskSmartView to find out whether there is any significant problem in your disk drive. AlternateStreamView v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. AltStreamDump v1.05 AltStreamDump is a console application (Command Prompt) that dumps the list of NTFS alternate streams found in the current directory. By using a few command-line options, you can also instruct AltStreamDump to displays the alternate streams list of other folders and to scan subfolders in the desired folder depth NTFSLinksView v1.32 Starting from Windows Vista, Microsoft uses symbolic links and junction points of NTFS file system in order to make changes in the folders structure of Windows and keep the compatibility of applications written for older versions of Windows. This utility simply shows you to list of all symbolic links and junctions in the specified folder, and their target paths. FoldersReport v1.21 The FoldersReport utility scans a drive or a base folder that you select, and displays essential information for each folder that it finds: The size of all files inside the folder, The real files size on the disk, number of files inside the folder, number of hidden files, number of compressed files, and number of subfolders. You can use this utility to easily find out which folders use the most space in your drive. You can scan the folders of your local drives, CD-ROM drives, and network resources on a remote computer.
System Utilities
WinUpdatesView v1.13 - Windows Updates History Viewer WinUpdatesView is a simple tool that displays the history of Windows updates on your system. WinUpdatesView can load the Windows updates history from your local system, using API, and it can also read and parse the Windows updates database file (DataStore.edb) from external drive or from remote computer on your network. For every Windows update history record, WinUpdatesView displays the following fields: Title, Description, Install Date, Update Operation (Install, Uninstall, Not Started, In Progress), Operation Result (Succeeded, Succeeded With Errors, Failed, Aborted), Category, Information URL, Support URL, Uninstall Notes, Client Application ID, Service ID, Update ID, Revision Number, Unmapped Result Code, Server Selection, hResult MultiMonitorTool v1.96 MultiMonitorTool is a small tool that allows you to do some actions related to working with multiple monitors. With MultiMonitorTool, you can disable/enable monitors, set the primary monitor, save and load the configuration of all monitors, and move windows from one monitor to another. You can do these actions from the user interface or from command-line, without displaying user interface. MultiMonitorTool also provides a preview window, which allows you to watch a preview of every monitor on your system. ControlMyMonitor v1.26 ControlMyMonitor allows you view and modify the settings of your monitor (Also known as 'VCP Features'), like brightness, contrast, sharpness, red/green/blue color balance, and more... You can modify the monitor settings from the GUI and from command-line. You can also export all settings of your monitor into a configuration file and then later load the same configuration back into your monitor. PropertySystemView v1.11 PropertySystemView is a tool that allows you view and modify the properties of file from GUI and command-line, using the property system of Windows operating system. For example, you can change the 'Media Created' timestamp stored in .mp4 files (System.Media.DateEncoded) as well as other metadata stored in media files and office documents, like Title, Comments, Authors, Tags, Date Acquired, Last Saved Date, Content Created Date, Date Imported, Date Taken (EXIF of .jpg files), and more... PropertySystemView also allows you to set properties of Windows. For example, you can set the System.AppUserModel.ID property of a window in order to disable the taskbar grouping of the specified window. BlueScreenView v1.55 BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version). For each crash displayed in the upper pane, you can view the details of the device drivers loaded during the crash in the lower pane. BlueScreenView also mark the drivers that their addresses found in the crash stack, so you can easily locate the suspected drivers that possibly caused the crash. USBDeview v2.86 USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used. For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more... USBDeview also allows you to uninstall USB devices that you previously used, and disconnect USB devices that are currently connected to your computer. You can also use USBDeview on a remote computer, as long as you login to that computer with admin user. USBLogView v1.26 USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system. For every log line created by USBLogView, the following information is displayed: Event Type (Plug/Unplug), Event Time, Device Name, Description, Device Type, Drive Letter (For storage devices), Serial Number (Only for some types of devices), Vendor ID, Product ID, Vendor Name, Product Name, and more... You can easily select one or more log records and then export them into csv/tab-delimited/xml/html file. UninstallView v1.37 UninstallView is a tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it). InstalledAppView v1.01 InstalledAppView is a tool for Windows 10 that displays the details of Windows 10 apps installed on your system. For every Windows app, the following information is displayed: App Name, App Version, Registry Name, Registry Modified Time, Install Folder, Install Folder Owner, Uninstall Command, and more... InstalledAppView allows you to load the Windows 10 apps list from your local system, remote computer on your network and from external disk plugged to your computer. InstalledAppView also allows you to view the XML files of the Windows app (AppxManifest.xml and AppxBlockMap.xml), uninstall apps, quietly uninstall apps, open the install folder of the app, and more... InstalledPackagesView v1.05 InstalledPackagesView is a tool for Windows that displays the list of all software packages installed on your system with Windows Installer, and lists the files, Registry keys, and .NET Assemblies associated with them. For every installed software, the following information is displayed: Display Name, Display Version, Install Date, Registry Time, Estimated Size, Install Location, Install Source, MSI Filename (In C:\Windows\Installer), and more... You can watch the installed software packages information from your local system or from another system on external hard-drive. RegistryChangesView v1.25 RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit. WinDefThreatsView v1.06 WinDefThreatsView is tool for Windows 10 that displays the list of all threats detected by Windows Defender Antivirus and allows you to easily set the default action (Allow, Quarantine, Clean, Remove, Block, or No Action) for multiple threats at once. You can use this tool on your local computer and also on remote computer, as long as you have permission to access WMI on the remote machine. WinCrashReport v1.25 WinCrashReport provides an alternative to the built-in crash reporting program of Windows operating system. When application crashes in your system and Windows displays the internal crash window of the operating system, you can run WinCrashReport, and get extensive report about the crashed application. The crash report of WinCrashReport is displayed as simple text or in HTML, and includes the following information: Crash memory address, Exception code, Exception description, Strings found in the stack, call stack, processor registers, modules list, threads list, and more... WhatIsHang v1.27 Sometimes, a Windows software hangs, the user interface doesn't respond anymore, and you cannot find out what is cause of the problem. This utility tries to detect the software that is currently hang, and displays some information that may allow you to understand what exactly cause the software to hang. Most of the information displayed in the report of WhatIsHang, like Call Stack, Stack Data, Processor Registers, and Memory Data, is designed for users with Windows programming knowledge. However, WhatIsHang also displays a list of strings and dll files related to the hang problem, which can also help users without programming knowledge to understand the cause of the problem. OpenedFilesView v1.86 OpenedFilesView displays the list of all opened files on your system. For each opened file, additional information is displayed: handle value, read/write/delete access, file position, the process that opened the file, and more... Optionally, you can also close one or more opened files, or close the process that opened these files. FolderChangesView v2.31 FolderChangesView is a simple tool that monitors the folder or disk drive that you choose and lists every filename that is being modified, created, or deleted while the folder is being monitored. You can use FolderChangesView with any local disk drive or with a remote network share, as long as you have read permission to the selected folder. AdvancedRun v1.21 AdvancedRun is a simple tool for Windows that allows you to run a program with different settings that you choose, including - low or high priority, start directory, main window state (Minimized/Maximized), run the program with different user or permissions, Operating system compatibility settings, and environment variables. You can also save the desired settings into a configuration file and then run the program automatically from command-line with the desired settings. ShadowCopyView v1.10 ShadowCopyView is simple tool for Windows 10/8/7/Vista that lists the snapshots of your hard drive created by the 'Volume Shadow Copy' service of Windows. Every snapshot contains an older versions of your files and folders from the date that the snapshot was created, you can browse the older version of your files and folders, and optionally copy them into a folder on your disk. PreviousFilesRecovery v1.00 PreviousFilesRecovery is a simple tool for Windows 10/8/7/Vista that allows you to scan the shadow copies of your local hard drive and find deleted files as well as older versions of existing files. If the file you need is found in the shadow copies of Windows, you can easily recover it by copying it into existing folder on your drive. LastActivityView v1.35 LastActivityView is a tool for Windows operating system that collects information from various sources on a running system, and displays a log of actions made by the user and events occurred on this computer. The activity displayed by LastActivityView includes: Running .exe file, Opening open/save dialog-box, Opening file/folder from Explorer or other software, software installation, system shutdown/start, application or system crash, network connection/disconnection and more... You can easily export this information into csv/tab-delimited/xml/html file or copy it to the clipboard and then paste into Excel or other software. OpenSaveFilesView v1.15 OpenSaveFilesView is a simple tool that displays the list of files that you previously opened with the standard open/save dialog-box of Windows. For every file in the list, the following information is displayed: Filename, Extension, Order (The order that the files were opened for every file extension), Open Time (Available only for the last opened file of every file type), File Modified/Created Time, File Size, and File Attributes. ExecutedProgramsList v1.11< ExecutedProgramsList is a simple tool that displays a list of programs and batch files that you previously executed on your system. For every program, ExecutedProgramsList displays the .exe file, the created/modified time of the .exe file, and the current version information of the program (product name, product version, company name) if it's available. For some of the programs, the last time execution time of the program is also displayed. TaskSchedulerView v1.54 TaskSchedulerView is a simple tool for Windows Vista/7/8/10 that displays in a single table the list of all tasks from the Task Scheduler of Windows. It also allows you to easily disable/enable mutiple tasks at once. For every task, the following information is displayed: Task Name, Description, Status, Hidden (Yes/No), Last Run/Next Run Times, Task Folder, EXE filename or COM handler of the task, number of missed runs, and more... LoadedDllsView v1.01 LoadedDllsView is a simple tool for Windows that scans all running processes on your system and displays the list of all DLL files loaded by these processes and the number of processes that load each DLL in the list. When selecting a DLL file in the upper pane of LoadedDllsView, the lower pane displays the list of all processes that use the selected DLL file. You can also select one or more DLL files and then export the list into comma-delimited/tab-delimited/html/xml file. TimeZonesView v1.06 TimeZonesView is a simple tool for Windows that displays all world time zones. For every time zone, the following information is displayed: name, description, current date/time in this time zone and date/time that daylight saving time begins and ends. SecuritySoftView v1.00 SecuritySoftView is a simple tool that displays the AntiVirus, AntiSpyware, and Firewall programs that are currently installed on your system and registered with the security center of Windows operating system. FolderTimeUpdate v1.55 FolderTimeUpdate is a simple tool for Windows that scans all files and folders under the base folder you choose, and updates the 'Modified Time' of every folder according the latest modified time of the files stored in it. This tool might be useful if, for example, you backup a cluster of folders and then restore them into another disk, but the backup program doesn't restore the original modified time of the folders. SimpleWMIView v1.40 SimpleWMIView is a simple tool for Windows that displays the result of WMI queries in a simple table, and allows you to easily export the data to text/csv/tab-delimited/html/xml file, or to copy the selected items to the clipboard and then paste them to Excel or other spreadsheet application. With SimpleWMIView you can get extensive information about your system, like a list of running processes, services, drivers, user accounts, hardware, and so on... AppCompatibilityView v1.02 AppCompatibilityView is a simple tool that displays the list of all programs that run with different compatibility settings, stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers keys. It also allows you to easily modify or delete the compatibility settings of multiple applications at once. AllThreadsView v1.00 AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table. For every thread, the following information is displayed: Thread ID, Creation Time, Kernel Time, User Time, Duration, Start Address, Priority, Base Priority, Context Switch Count, Context Switch Change (Since the last refresh), Wait Reason, Process ID, Process Path. MMCSnapInsView v1.00 MMCSnapInsView is a simple tool for Windows that displays the details of all MMC snap-ins installed on your system, including name, description, CLSID, dll file, product name, company name, file version, and more... You can also select multiple MMC snap-ins and then open them in MMC application. JumpListsView v1.16 JumpListsView is a simple tool that displays the information stored by the 'Jump Lists' feature of Windows 7 and Windows 8. For every record found in the Jump Lists, the following information is displayed: The filename that the user opened, the date/time of the file opening event, the ID of the application that was used to open the file, the size/time/attributes of the file on the time that the file was opened, and more... You can also export the Jump Lists records to csv/tab-delimited/xml/html file. SysExporter v1.77 SysExporter utility allows you to grab the data stored in standard list-views, list boxes, and combo boxes from almost any application running on your system, and export it to text, HTML or XML file. FirmwareTablesView v1.01 FirmwareTablesView is a simple tool for Windows that displays a list of firmware tables (ACPI, SMBIOS) stored on your system. You can view the content of these tables in Hex-dump format and export them to a binary file. BatteryInfoView v1.23 BatteryInfoView is a small utility for laptops and netbook computers that displays the current status and information about your battery. The displayed battery information includes the battery name, manufacture name, serial number, manufacture date, power state (charging/discharging), current battery capacity, full charged capacity, voltage, charge/discharge rate, and more... BatteryInfoView also provides a log window, which adds a new log line containing the battery status every 30 seconds or any other time interval that you choose. Password Security Scanner v1.60 This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more...) and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number of numeric characters, number of lowercase/uppercase characters, number of repeating characters, and password strength. You can use this tool to determine whether the passwords used by other users are secured enough, without watching the passwords themselves. WhatInStartup v1.35 This utility displays the list of all applications that are loaded automatically when Windows starts up. For each application, the following information is displayed: Startup Type (Registry/Startup Folder), Command-Line String, Product Name, File Version, Company Name, Location in the Registry or file system, and more. It allows you to easily disable or delete unwanted programs that run in your Windows startup. You can use it on your currently running instance of Windows, as well as you can use it on external instance of Windows in another drive. WhatInStartup also supports a special "Permanent Disabling" feature - If a program that you previously disabled added itself again to the startup list of Windows, WhatInStartup will automatically detect the change and disable it again. DevManView v1.67 DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of another computer on your network, as long as you have administrator access rights to this computer. DevManView can also load the devices list from external instance of Windows and disable unwanted devices. This feature can be useful if you have Windows operating system with booting problems, and you want to disable the problematic device. NetworkInterfacesView v1.21 NetworkInterfacesView is a simple tool that displays the list of all network adapters/interfaces installed on your system. It displays network interfaces that are currently active, as well as network interfaces that have been installed previously, and now they are not connected (like USB wireless network adapters). For every network interface found on your system, the following information is displayed (if it's stored in the Registry): Device Name, Connection Name, IP Address, Subnet Mask, Default Gateway, DHCP Server, Status, MAC Address and more... You can select one or more network interface items and then export them to xml/html/csv/tab-delimited file, or copy them into the clipboard and then paste them into Excel or other spreadsheet application. WinPrefetchView v1.36 Each time that you run an application in your system, a Prefetch file which contains information about the files loaded by the application is created by Windows operating system. The information in the Prefetch file is used for optimizing the loading time of the application in the next time that you run it. WinPrefetchView is a small utility that reads the Prefetch files stored in your system and displays the information stored in them. By looking in these files, you can learn which files every application is using, and which files are loaded on Windows boot. AppCrashView v1.35 AppCrashView is a small utility for Windows Vista and Windows 7 that displays the details of all application crashes occurred in your system. The crashes information is extracted from the .wer files created by the Windows Error Reporting (WER) component of the operating system every time that a crash is occurred. AppCrashView also allows you to easily save the crashes list to text/csv/html/xml file. ProcessActivityView v1.16 ProcessActivityView creates a summary of all files and folders that the selected process tries to access. For each file that the process access, the following information is displayed: Number of times that the file was opened and closed, number of read/write calls, total number of read/write bytes, the dll that made the last open-file call, and more... WinUpdatesList v1.33 WinUpdatesList displays the list of all Windows updates (Service Packs and Hotfixes) installed on your local computer. For hotfix updates, this utility also displays the list of files updated with these hotfixes. In addition, it allows you to instantly open the Web link in Microsoft Web site that provides more information about the selected update, uninstall an update, copy the update information to the clipboard, or save it to text/HTML/XML file. TurnedOnTimesView v1.42 TurnedOnTimesView is a simple tool that analyses the event log of Windows operating system, and detects the time ranges that your computer was turned on. For every period of time that the computer was turned on, the following information is displayed: Startup Time, Shutdown Time, Duration, Shutdown Reason, Shutdown Type, Shutdown Process, and Shutdown Code. TurnedOnTimesView allows you to get this information from your local computer, and from remote computer on your network if you have enough privilege to read the event log of Windows remotely. WinLogOnView v1.33 WinLogOnView is a simple tool for Windows Vista/7/8/2008 that analyses the security event log of Windows operating system, and detects the date/time that users logged on and logged off. For every time that a user log on/log off to your system, the following information is displayed: Logon ID, User Name, Domain, Computer, Logon Time, Logoff Time, Duration, and network address. WinLogOnView also allows you to easily export the logon sessions information to tab-delimited/comma-delimited/html/xml file. ShellExView v2.01 - Shell Extensions Manager The ShellExView utility displays the details of shell extensions installed on your computer, and allows you to easily disable and enable each shell extension. InstalledDriversList v1.05 InstalledDriversList is a simple tool for Windows that lists all device drivers that are currently installed on your system. For every device driver, the following information is displayed: Driver Name, Display Name, Description, Startup Type, Driver type, Driver Group, Filename, File Size, Modified/Created Time of the driver file, and version information of the driver file. If the driver is currently running on Windows kernel, the following information is also displayed: Base Memory Address, End Address, Memory Size, and Load Count. URLProtocolView v1.15 URLProtocolView is a simple utility that displays all URL protocols (for example: ftp:, telnet:, mailto:) that are currently installed on your system. For each URL protocol, the following information is displayed: The protocol name, the protocol description, the command-line that is executed when you type or click the URL, the product name, and the company name. This utility also allows you to easily enable/disable the URL protocols. WinsockServicesView v1.00 This utility displays the details of all Winsock service providers installed on your system. For every Winsock service, the following information is displayed: Display Name, Status (Enabled/Disabled), DLL Type (32-bit or 64-bit), DLL Filename, DLL Description/Version, and Created/Modified Time. WinsockServicesView also allows you to easily disable/enable a Winsock service provider. RegScanner v2.51 RegScanner is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item. OfflineRegistryFinder v1.11 OfflineRegistryFinder is a tool for Windows that allows you to scan Registry files from external drive and find the desired Registry keys/values/data according to the search criteria you define. After OfflineRegistryFinder displays the search result, you can easily select one or more items and then export them into a .reg file that can be used to import in the RegEdit tool of Windows. OfflineRegistryFinder can also be used for Registry scan of your running operating system. You simply have to create a Registry snapshot, and then scan this snapshot with OfflineRegistryFinder. Searching in a Registry snapshot is usually much faster then searching in the Registry of running system. OfflineRegistryView v1.03 OfflineRegistryView is a simple tool for Windows that allows you to read offline Registry files from external drive and view the desired Registry key in .reg file format. RegFromApp v1.33 RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed. BluetoothLogView v1.12 BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following information: Device Name, Device Address, Event Time, Event Type ('Device Arrival' or 'Device Left'), Device Type, and the company that created the device. BluetoothLogView also allows you to specify a description for every device (according to its MAC address) that will appear under the 'Description' column. BluetoothView v1.66 BluetoothView is a small utility that runs in the background, and monitor the activity of Bluetooth devices around you. For each detected Bluetooth device, it displays the following information: Device Name, Bluetooth Address, Major Device Type, Minor Device Type, First Detection Time, Last Detection Time, and more. BluetoothView can also notify you when a new Bluetooth device is detected, by displaying a balloon in your taskbar or by playing a small beep sound. ProcessThreadsView v1.29 ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. When selecting a thread in the upper pane, the lower pane displays the following information: Strings found in the stack, stack modules addresses, call stack, and processor registers. ProcessThreadsView also allows you to suspend and resume one or more threads. CleanAfterMe v1.37 CleanAfterMe allows you to easily clean files and Registry entries that are automatically created by the Windows operating system during your regular computer work. With CleanAfterMe, you can clean the cookies/history/cache/passwords of Internet Explorer, the 'Recent' folder, the Registry entries that record the last opened files, the temporary folder of Windows, the event logs, the Recycle Bin, and more. SearchFilterView v1.00 When you search the content of files with Windows search, it uses the right search IFilter plugin according to the file extension. This utility allows you to easily view the search filters installed on your system and the file extensions that are associated with them, as well as it allows you to easily add or remove file extensions for these filters. UserProfilesView v1.10 UserProfilesView displays the list of all user profiles that you currently have in your system. For each user profile, the following information is displayed: Domain\User Name, Profile Path, Last Load Time, Registry File Size, User SID, and more. You can save the profiles list into text/xml/html/csv file. MonitorInfoView v1.22 MonitorInfoView is a small utility that displays essential information about your monitor: manufacture week/year, monitor manufacturer, monitor model, supported display modes, and more... The information is extracted from the EDID ("Extended display identification data") records stored on your computer. You can also view the monitor information of multiple computers on your network, if you login to these computers with administrator rights. RunAsDate v1.37 RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn't change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application. You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally. ProduKey v1.93 ProduKey is a small utility that displays the ProductID and the CD-Key of MS-Office, Windows, and SQL Server installed on your computer. You can view this information for your current running operating system, or for another operating system/computer - by using command-line options. RegDllView v1.60 RegDllView is a small utility that displays the list of all registered dll/ocx/exe files (COM registration). For each registered file, you can view the last date/time that it was registered, and the list of all registration entries (CLSID/ProgID). MUICacheView v1.01 Each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the 'MuiCache'.
This utility allows you to easily view and edit the list of all MuiCache items on your system. You can edit the name of the application, or alternatively, you can delete unwanted MUICache items. ShellBagsView v1.30 Each time that you open a folder in Explorer, Windows automatically save the settings of this folder into the Registry. This utility displays the list of all folder settings saved by Windows. For each folder, the following information is displayed: The date/time that you opened it, the entry number, display mode (Details, Icons, Tiles, and so on...), the last position of the window, and the last size of the window. UserAssistView v1.02 This utility decrypt and displays the list of all UserAssist entries stored under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist key in the Registry. The UserAssist key contains information about the exe files and links that you open frequently. you can save the list of UserAssist entries into text/html/xml/csv file, as well as you can delete unwanted items. FullEventLogView v1.52 FullEventLogView is a simple tool for Windows 10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description. It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files. It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line. EventLogChannelsView v1.26 EventLogChannelsView is a simple tool for Windows 10/8/7/Vista that shows the list of all event log channels on your system, including the channel name, event log filename, enabled/disabled status, current number of events in the channel, and more... It also allows you to easily make some actions on multiple channels at once: enable/disable channels, set their maximum file size, and clear all events stored in the channels. MyEventViewer v2.25 MyEventViewer is a simple alternative to the standard event viewer of Windows. As oppose to Windows event viewer, MyEventViewer allows you to watch multiple event logs in one list, as well as the event description and data are displayed in the main window, instead of opening a new one. Also, with MyEventViewer you can easily select multiple event items and then save them to HTML/Text/XML file, or copy them to the clipboard (Ctrl+C) and then paste them into Excel. EventLogSourcesView v1.00 EventLogSourcesView is a simple tool that displays the list of all event log sources installed on your system. For every event log source, the following information is displayed: Event Source Name, Event Type, DLL/EXE Files containing the event message strings, Registry Modified Time, and version information taken from the DLL/EXE file (Product Name, Company, File Description, File Version) ActiveXHelper v1.12 ActiveXHelper is a small utility that allows you to view essential information about ActiveX components installed on your computer. You can view the entire (and very large !) list of ActiveX components by loading it from HKEY_CLASSES_ROOT\CLSID Registry key, or alternatively, display only the ActiveX components that you specify. In addition, you can temporarily disable specific ActiveX components. When ActiveX components are disabled, they cannot be used by any software, until you enable them again. RecentFilesView v1.33 Each time that you open a file from Windows Explorer or from a standard open/save dialog-box, the name of the file that you opened is recorded by the operating system. Some of the names are saved into the 'Recent' folder. Other are saved into the Registry. This utility display the list of all recently opened files, and allows you to delete unwanted filename entries. You can also save the files list into text/html/xml file. InjectedDLL v1.00 InjectedDLL is a small utility that displays the list of DLLs that are automatically injected on every process in your system. CurrProcess v1.13 CurrProcess utility displays the list of all processes currently running on your system. For each process, you can view the list of all modules (DLL files) that the process loads into memory. for all processes and modules, additional useful information is also displayed: product name, version, company name, description of the file, the size of the file, and more. In addition, CurrProcess allows you to do the following actions: Kill a process, Dump memory of process into a text file, Create HTML report containing information about a process with the list of all modules that it loads into memory, Save the list of all running processes into text or HTML file, and more. ServiWin v1.71 ServiWin utility displays the list of installed drivers and services on your system. For some of them, additional useful information is displayed: file description, version, product name, company that created the driver file, and more. In addition, ServiWin allows you to easily stop, start, restart, pause, and continue service or driver, change the startup type of service or driver (automatic, manual, disabled, boot or system), save the list of services and drivers to file, or view HTML report of installed services/drivers in your default browser. ShellMenuView v1.41 ShellMenuView is a small utility that display the list of static menu items that appeared in the context menu when you right-click a file/folder on Windows Explorer, and allows you to easily disable unwanted menu items. ShellMenuNew v1.02 ShellMenuNew is a small utility that displays the list of all menu items in the 'New' submenu of Windows Explorer. It allows you to easily disable unwanted menu items, so this 'New' submenu will display only the items that you need. BulkFileChanger v1.71 BulkFileChanger is a small utility that allows you to create files list from multiple folders, and then make some action on them - Modify their created/modified/accessed time, change their file attribute (Read Only, Hidden, System), run an executable with these files as parameter, and copy/cut paste into Explorer. DriverView v1.47 DriverView utility displays the list of all device drivers currently loaded on your system. For each driver in the list, additional useful information is displayed: load address of the driver, description, version, product name, company that created the driver, and more. KeyboardStateView v1.00 KeyboardStateView is a simple tool for Windows that displays the current state and virtual key code of every key you press. It also allows you to view the current state of all keyboard keys. For every key, the following information is displayed: Key Name (VK_XXXX ), Description, Key Code (Decimal), Key Code (Hexadecimal), Key Pressed Status, Key Toggled Status (Useful for Num Lock, Caps Lock), and last time that the key was pressed. HandleCountersView v1.00 HandleCountersView is a simple tool for Windows that shows the current number of handles (File, Directory, Token, Job, Thread, and so on...) opened by every process running on your system and the change in number of handles since the last time that you reset the counters. GACView v1.11 GACView is an alternative to the standard .NET assembly viewer on Windows Explorer. In addition to the standard columns, GACView displays additional information for each assembly, like modified date, file size, full path of the assembly file, file version, and so on. GACView also allows you to delete an assembly the cannot be uninstalled in the regular way. IECompo v1.00 Displays the installed Internet Explorer components on your computer. StartBlueScreen v1.00 This utility, just as it sounds, allows your to crash the Windows operating system by initiating a Blue Screen of Death according to 5 parameters that you specify from command-line.
Other Utilities
-
MobileFileSearch
MobileFileSearch is a tool for Windows that allows you to search files inside a mobile device (Smartphone or Tablet) plugged to the USB port on your computer, with Media Transfer Protocol (MTP). You can search files by their size, their created time, their modified time, or their name (using wildcard). After finding the files on your Smartphone / Tablet, you can optionally delete them, copy them to a folder on your computer, or export the files list to csv/tab-delimited/html/xml/JSON file. MobileFileSearch also allows you to activate the search from command-line and then export the result to a file, or copy the found files to the desired folder on your computer. -
ESEDatabaseView
ESEDatabaseView is a simple utility that reads and displays the data stored inside Extensible Storage Engine (ESE) database (Also known as 'Jet Blue' or .edb file). It displays a list of all tables available in the opened database file, allows you to choose the desired table to view, and then when you choose a table, it displays all records found in the selected table. ESEDatabaseView also allows you to easily choose one or more records, and then export them into comma-delimited/tab-delimited/html/xml file, or copy the records to the clipboard (Ctrl+C) and then paste them into Excel or other spreadsheet application. -
WebCamImageSave
WebCamImageSave is simple WebCam capture utility that allows you to easily capture a still image from your camera every number of seconds that you choose, and save it into image file (.jpg, .png, .bmp) on your disk. You can format the saved image filename with the date/time that the image was taken according to your preference, for example: c:\images\img20110725_123256.jpg WebCamImageSave also adds a label with the date/time that the image was captured into the image, by using the font, color, and date/time format that you choose. You can also capture a single camera image from command-line, without displaying any user interface. -
ExifDataView
ExifDataView is a small utility that reads and displays the Exif data stored inside .jpg image files generated by digital cameras. The EXIF data includes the name of the company created the camera, camera model, the date/time that the photograph was taken, Exposure Time, ISO Speed, GPS information (for digital cameras with GPS), and more. TableTextCompare v1.20 TableTextCompare is a small utility that allows you to easily compare 2 tab-delimited or comma-delimited (csv) files, and find out the difference between the 2 files. You can use this tool for comparing 2 different snapshots of data, created by other NirSoft utilities, like DriverView, ServiWin, USBDeview, CurrPorts, WirelessNetView, ShellExView, and many others... For example, You can use DriverView utility to save 2 snapshots of loaded drivers list into a tab-delimited file, and then use TableTextCompare to easily find out which device drivers were added, removed, or changed since the time that the first snapshot was taken. TableTextCompare can make the comparison even if the records of the 2 files are not sorted in the same order, or if the fields are not positioned in the same order. CSVFileView v2.45 CSVFileView is a simple CSV file viewer/converter utility that allows you to easily view the content of CSV or tab-delimited file created by NirSoft utilities or by any other software, in a simple table viewer. You can sort the lines according to one of the fields, remove unwanted fields and change their order, and then save the result back into CSV file, tab-delimited file, XML file, or HTML report. LiveContactsView v1.26 LiveContactsView is a small utility that allows you to view the details of all contacts in your Windows Live Messenger. For each contact, LiveContactsView display the following fields: Email address, nickname, quick name, first name, last name, and more. You can easily select one or more contacts and then export them into text/xml/html/csv file, or copy them into the clipboard and then paste them into Excel or to other spreadsheet application. SkypeLogView v1.55 SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file. SkypeContactsView v1.05 SkypeContactsView is a simple tool that displays the list of all Skype contacts stored in the local database file of Skype. For each contact, one or more of the following fields are displayed: Skype Name, Full Name, Display Name, Gender, ID, Birthday, Profile Time, Last Online Time, Last Used Time, Phone, Emails, and more... SkypeContactsView also allows you to export the contacts list into text/tab-delimited/comma-delimited/xml/html file, or copy them to the clipboard and then paste them into Excel or other spreadsheet application. ResourcesExtract v1.18 ResourcesExtract is a small utility that scans dll/ocx/exe files and extract all resources (bitmaps, icons, cursors, AVI movies, HTML files, and more...) stored in them into the folder that you specify. You can use ResourcesExtract in user interface mode, or alternatively, you can run ResourcesExtract in command-line mode without displaying any user interface. HashMyFiles v2.36 HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder. WinFontsView v1.10 WinFontsView is a small utility that enumerates all fonts installed on your system, and display them in one simple table. For each font, WinFontsView draws 5 samples of the font in different sizes, in order to allow you to easily find and choose the desired font that you need. WinFontsView also allows you to view the fonts as Bold, as Italic or with underline, as well as it allows you to export the fonts list into html file. If you need to find a font in non-English character set, WinFontsView also allows you to choose the right characters set of the fonts and to type the characters displayed in the sample text of each font. HotKeysList v1.05 HotKeysList is a simple tool for Windows that displays the list of hot keys that are currently registered on your system. You can use this tool to easily determine which hot keys on your system are available to use. MetarWeather v1.76 The MetarWeather utility decodes METAR weather reports from around the world, and displays them in a simple weather report table. You can save the weather report into a text or HTML files. MetarWeather can decode METAR reports from a text file, or download the latest reports directly from the Internet. HtmlDocEdit v1.02 HtmlDocEdit is a simple HTML designer/editor based on the Internet Explorer browser, that allows you to easily edit HTML files without any knowledge in HTML. With HtmlDocEdit you can change the font/color of selected text, add images, add links, add ordered and unordered lists, and more... ZipInstaller v1.21 The ZipInstaller utility installs and uninstalls applications and utilities that do not provide an internal installation program. You can use this utility to install and uninstall all other utilities in this Web site. IconsExtract v1.47 Extract icons and cursors from EXE, DLL, CPL, and OCX files and save them as ICO or CUR files. DotNetResourcesExtract v1.01 DotNetResourcesExtract is a small utility that scan dll/exe files of .NET applications, and extract all .NET embedded resources (Bitmaps, Gifs, HTML files, and so on) stored in them into the folder that you specify. c# source code is available. WinExplorer v1.30 WinExplorer is a utility that shows all system's windows in hierarchical display. For every window in the hierarchy, you can view its properties, like handle, class name, caption, size, position and more. You can also modify some properties, like Caption and Visible/Enable. Source code is included
ExeInfo v1.01 The ExeInfo utility shows general information about executable files (.exe), dynamic-link libraries (.dll), ocx files, and drivers files.
Source code is included pcANYWHERE Hosts Scanner v1.01 This small utility allows you to scan a TCP/IP network and get the list of all pcANYWHERE hosts within that network. The Visual Basic source code is included !
- Logiciels d’investigation numérique : a. Logiciels strictement d’investigation numérique : i. FTKi (FTK Imager) : · Fabricant : Access Data, version réduite de FTK (2500$US) · Avantages : Montage rapide et création/conversion d’image · Inconvénients : Affichage non récursif et limites « display » Ouvrir une image Convertir une image Obtain protected files Recherche RegEx Image mounting Create Disk Image Fonctionnalités à tester Fichiers affichables Capture memory Barre statut Export File, Hash, Directory Reset docked window Systèmes de fichiers chargeables Imager Custom et Path restore Volet combiné – Properties, Hex Int, Custom, Copy Volet affichage – Navigation et Copy… 12 Tableau 2410-3 - Sommaire des fonctionnalités importantes de FTK Imager ii. EnFI (Encase Forensic Imager) : · Fabricant : Guidance Soft., vers. réduite Encase (2500$US) · Avantages : Montage rapide et affichage récursif · Inconvénients : Non forensique et pas de clonage « Add… » device, File, Image Détection de bloqueurs Restore Create LEF et Acquire Fonctions de tri et d’affichage Physical et Process Memory Crossover (bootfloppy vient avec une licence régulière) Scan Disk config & LVM Device – Time zone settings et Hash Generate Encryption Key 13 Tableau 2410-4 - Sommaire des fonctionnalités importantes de Encase Forensic Imager iii. Autopsy : · Fabricant : The Sleuth Kit et Brian Carrier · Avantages : Gratuit, indexation, regex · Inconvénients : Pas d’affichage récursif Search by attributes Timeline Search by MD5 Results Keyword parser : regex, list, string Hash lookup Generate report Tags 14 Tableau 2410-5 - Sommaire des fonctionnalités importantes de Autopsy TSK Notes d’investigation numérique 2410 – Matériel et logiciels d’opération et de laboratoire 62 Version 2020d : 2 mai 2020 iv. DFF (Digital Forensic Framework) : · Fabricant : Arxsys (groupe français) · Avantages : Affichage récursif, regex, filtres · Inconvénients : Moins convivial, faiblesse NTFS Open evidence/device Bookmarks Sélection Affichage récursif Filtres vs Search Search Open with…Viewers…Statistics… Timeline et Filechart Tags 15 Tableau 2410-6 - Sommaire des fonctionnalités importantes de DFF v. HxD : · Fabricant : Maël Hörz · Avantages : Léger, lit disque RAM et image forensiquement · Inconvénients : Pas d’affichage d’arborescence Find…text, hex, int Wipe securely File compare Select Block Open…Disk, RAM, Logical Go To…offset Checksums 16 Tableau 2410-7 - Sommaire des fonctionnalités importantes de HxD vi. WinHex : · Fabricant : Stefan Fleischmann · Avantages : Richesse des fonction. Fait pour la forensique. · Inconvénients : Aucun. Renouvellement de licences ? ? ? Open Disk…RAM File Tools, Disk tools Effacer un bloc Navigation Profusion de fonctions et d’outils 17 Tableau 2410-8 - Sommaire des fonctionnalités importantes de WinHex b. Logiciels utilitaires : · FlexHex : Éditeur hexadécimal gratuit avec capacité de monter l’ensemble d’un média ou d’une partition en mémoire · HFS Explorer : Permet de naviguer sur HFS/HFS+ · Diskinternals : Permettent de naviguer sur HFS/HFS+, Ext#FS, Reiser, NTFS, FAT# et exFAT, formats courants de disques virtuels · Audacity et Gimp : Logiciels audio et images · dcode : Conversion de dates hexadécimales en format intelligible · Double commander : Gestion de fichier et de répertoires. Multiples plugins vers objets étranges. Notamment plugin Diskinternals, 7zip, Amiga, ISO. · Quick Hash : Empreinte numérique de texte, fichier(s), disque, partition. Copie « hashée ». Comparaison de répertoire. · Virtual Box : Hyperviseur type 2 pouvant lire plusieurs formats de disques virtuels · 7zip : Compresseur/décompresseur de fichier · Google Earth : Permet de « voir » les lieux en mode carte, satellite ou « street view ». Très utile pour voir sans se déplacer · MobaLive CD : Pour exécuter un ISO comme si on l’avait gravé sur DVD et exécuté Notes d’investigation numérique 2410 – Matériel et logiciels d’opération et de laboratoire 63 Version 2020d : 2 mai 2020 c. Logiciels d’extraction/d’interprétation : i. Extracteurs d’informations (« Viewers ») : · Json viewer · Thumbs viewer · Plist Editor · MFT viewer · Nir Sofer Cookies Viewer · Foxton History Browser · USBdeView · USB device Forensics · Advd. Prefetch Analyzer · GeoSetter : Métadonnées de jpg · Graphical Engine NTFS · Windows events parser · Asterisk password unmask ii. Régénérateurs de corbeilles : · Info2 · VW7 iii. Lecteurs de base de registre : · FRED · WRR · YARU (TZWorks) iv. Lecteurs de base de données de courriels : · Mail Viewer · Kernel for Outlook to pdf · Outlook pst · Exchange Edb v. Divers : · Open/Libre office · Cute Pdf Writer vi. Extracteurs d’informations des processus : · TMX · PS Tools vii. Interpréteurs de mémoire vive : · Mandiant Memoryze · Volatility · Volix II