1. Reinsel Kuntz Lesher, LLP

2.  Outline Overview  netstat -an (-ano will give the PID)  ftp  bin  mget  mput  telnet  telnet bobm.us 25  helo  mail from:name@address  rcpt to:enduser@address  data  attrib  +h +r +s  subst  /d  net view  tree  ipconfig/flushdns  systeminfo  uptime  computer model and s/n  Nics  dir search  dir win*/s/p  Snagit  Samurize

3.  Applications I carry on a USB Stick  Applications I have installed  All are free or FOSS

4.  Opens most zip archives  Very Small  Nice shell integration  Better compression  Tar / tgz in windows

5.  Displays Information about CPU / Memory  http://www.cpuid.com/cpuz.php  Very Small  No Installer / Portable  Can check DIMM Size

6.  Displays Information about Graphics Cards  http://www.techpowerup.com/gpuz/  Very Small  No Installer / Portable  Can check video memory

7.  Very small (15k)  Portable  Only need MAC Address  http://www.nyxbull.com/

8.  Portable  Auto – Updates  Kills rootkits to allow other software to run  http://combofix.org/

9.  Wireless Network Sniffing  Windows 7 Compatible  http://www.metageek.net/products/inssider http://www.metageek.net/products/inssider  Display SSID  Display S/N

10.  Network Scanner  Shows open ports on remote systems  www.insecure.org

11.  Provided free from sysinternals  http://technet.microsoft.com/en- us/sysinternals/bb896653.aspx http://technet.microsoft.com/en- us/sysinternals/bb896653.aspx  Lets you see image path  Advanced views  Portable

12.  Ability to do photo retouching and layers freely  Small Footprint  http://www.paint.net/

13.  Color codes tags for many formats  http://notepad- plus.sourceforge.net/uk/site.htm  Tabbed display  Side by side views

14.  http://www.microsoft.com/genuine/selfhelp/P KUInstructions.aspx  Windows XP  Change Keys Easy

15.  Allows recovery of product keys  http://magicaljellybean.com/keyfinder/  Small & Portable

16.  Disk Cleanup on Steroids  Cleans up all sorts of temp files  Registry Cleaner  Auto-Start Checking  www.ccleaner.com

17.  Easily clip small parts of the screen  Save to multiple file formats

18.  http://isorecorder.alexfeinman.com/  Allows for burning of ISO images easy  Small install  Windows XP

19.  I am *always* looking for new tools!

20.  Two technologies that can be used to manage  Free  Drop in replacement for cmd prompt

21.  Powershell 2.0   Requirements  -Windows Management Framework (Includes)  -Windows Remote Management  -Windows Powershell 2.0  -Background Intelligent Transfer Service (BITS) 4.0   The powershell team added approx. 100 new cmdlets

22.   On systems that you want to remotely execute powershell commands without interfacing WMI, you need to enable WinRM through powershell. To do this, run the following command:   Enable-psremoting   To disable run:   Disable-psremoting   To run a command on a remote machine that is fully running and accepting WinRM access, you can use the invoke cmdlet to execute scripts and/or commands like the following:   Invoke-Command –ComputerName “Remote PC” –ScriptBlock {get-hotfix}

23.  Also, you can download the Quest AD cmdlets from the following site http://www.quest.com/powershell/activeroles-server.aspx which will allow you to query AD for specific objects and/or attributes. http://www.quest.com/powershell/activeroles-server.aspx   For example, in your default Powershell profile script, you need to add the following………………….”Add- PSSnapin Quest.ActiveRoles.ADManagement” to the top of your profile script before you run any commands.   Then you can create a function similar to the following………..   \\creates the command to run from the shell \\creates   function ext ($user)  {  $user = read-host "Enter Part of Name or extension"  $final = "*$user*"  get-qaduser -DisplayName "$final" | select DisplayName  }

24.  Network Inventory  Network Management  Ticketing System  Custom email notifications