"Winternals", Dave Kleiman et al, 2006, 1-59749-079-2, U$49.95/C$64.95
%E Dave Kleiman dave@...
%C 800 Hingham Street, Rockland, MA 02370
%I Syngress Media, Inc.
%O U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience a Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 479 p.
%T "Winternals: Defragmentation, Recovery, and Administration Field
The foreword doesn't exactly state that the book is documentation for
the Winternals (commercial) and Sysinternals (free) programs, but that
seems to be the implication. (With the purchase of both entities by
Microsoft it is oddly the Winternals products that may be difficult to
obtain: the free Sysinternals utilities are currently still available
on Microsoft's Website.)
Chapter one covers the installation of, preparation for, and some
tools from ERD (Emergency Recovery Disk) Commander 2005. In dealing
with malware and rootkits it is important to know process and startup
information. The explanations for Process Explorer and Autoruns, in
chapter two, are sometimes verbose, but always well-written,
interesting, and clear. Some of the Sysinternals utilities are dealt
with in chapter three, but while the background material (say, on file
permission evaluation) is detailed, it is not always articulate. More
Sysinternals programs, for monitoring system activity, are in chapter
four. Chapter five is sometimes confusing as to which of the disk
utilities examined are free or commercial, or which are to be used
locally and which remotely. There are often lots of screenshots, but
sometimes little clarity in regard to execution or invocation of the
application. There are many screenshots in the descriptions of data
recovery tools in chapter six, but the pre-requisite tools and tasks
are listed in a straightforward and useful manner.
The system troubleshooting tools (all but one free) listed in chapter
seven present a lot of duplication of content from chapter four.
(There are, in fact, a number of sections in the book that repeat
material from other parts. In response to a draft of this review, the
editor noted that it was felt that this approach provided ideas on how
to use the tools for differing tasks.) Chapter eight deals with
network troubleshooting, but the text is primarily concerned with
lists of commands, rather than functional use. The same is true of
application examination tools in chapter nine (which would, in any
case, mostly be of interest to programmers and those involved with
software forensics). Chapter ten is also of interest to programmers,
noting the source code availability for a number of the tools. (Many
code fragments can be used in a variety of intriguing and oddball
applications.) Tools specific to Windows NT are listed in chapter
eleven. Chapter twelve describes some utilities created for fun (or
The Winternals/Sysinternals tools are powerful, but sometimes you need
some help to find out how best to use them. While some sections of
this book require digging and experimentation, there is useful advice
from those who have used the utilities extensively.
copyright Robert M. Slade, 2006 BKWNTRNL.RVW 20061117
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Son of man, prophesy against the shepherds of Israel; prophesy
and say to them: 'This is what the Sovereign Lord says: Woe to
the shepherds of Israel who only take care of themselves! Should
not shepherds take care of the flock?' - Ezekiel 34:2
Dictionary of Information Security www.syngress.com/catalog/?pid=4150