Tools that I use frequently which make a big difference. As the blog goes on I’ll be using this space for highlighting new things I’m checking out
Notepad++ has fully integrated into my daily computer life—I reach for it often and without thinking. I only consider myself a medium-adept user due to A)—having less than 50 unsaved tabs open and B)— using it for maybe 25% of what it can provide. Email headers, random Powershell snippets, ad-hoc lists, logs of any shape and size, PDFs even (a future post will be a PDF forensics story of mine). Syntax highlighting just mystically happens and I take it for granted. Twice as nice with the split view and tabs. If you have a repetitive process that can be done in a text editor, the macros feature is a game-changer.
Another thing I picked up is using a symlink to pipe the temp backup files into a folder in OneDrive. Oft-used and rarely considered is the tail feature, much like Microsoft’s CMTrace or SMSTrace. At the end of the day, it is simple and user friendly—while there might be better or flashier options, I’ve stuck with it.
Side question – what is your favorite font? My normal go-to is Fira Code. If I have to choose something built-in, Consolas all the way. What I really (read: only) need is the slashed zero—I can’t use a monospace font without it. It’s the little things.
Hands-down the best screen capture tool out there. I set non-standard hotkeys for capturing a rectangle (Alt+A), active object (Alt+W), and scrolling window (Alt+X) and have converted multiple workmates to the system. Learn the hotkeys for editing and adding arrows, rectangles, and text and you’ll be a master of your craft. The highlights for me are the tabbed interface and the ability to stitch together and combine different screenshots—a few examples of the latter are in this post.
One thing I do at the end of every day is export every screenshot I’ve taken into a PDF file. The option to save each image full-size/lossless ensures you won’t lose a pixel. The auto-name feature ensures a timestamped file. I can literally go back to any day I have worked in the past few years and find every screenshot I made—it has saved me multiple times. When in doubt: take a screenshot. Yes, I know Greenshot and ShareX are free, but in my mind they don’t hold a candle to FScapture, even with the small lifetime fee for a license.
Everything is a lightning-fast indexer for all your files. Windows Search? No thank you. You can point it at certain folders or drives and it will keep those in its database (think your entire OneDrive) and refresh on-the-fly. I spend the time to name my files appropriately when saving expressly so that future searches are light-speed. Searching something like “ps az per” will get you “AzureADApplicationPermissions.ps1”.
Another tool that is so integrated into my workflow I use it without conscious thought. CopyQ is a clipboard history program which records any snippet, picture, link, Excel worksheet, etc that you’ve Ctrl+C’d.
I have it set to 500 entries just for the off-chance I don’t save something I need in a more permanent medium. You can search through the entries after invoking the window, pin certain ones to the top, and edit previous entries. Another program I am sure I am not using at its full capability.
Not the hero we deserve, but the one we need. Tabbed interface in Windows Explorer. Can pin, clone, group, lock. Plenty of options that you can tune and tweak to your heart’s content. The only thing that’s off to me is it’ll close out and reset itself when you try to open Control Panel—small price to pay for an otherwise fantastic program.
Free from the Microsoft Store. Command prompt, Powershell v5, and v7 and more all in one window. Tabbed interface, with hot keys to open new ones on the fly. You can set different profiles and looks for each flavor (there’s even a retro mode). It makes me happy every time I use it. I have itset to copy to clipboard anything that I select, like PuTTY.
I am assuming you are familiar with Windows Event Logs. I also assume that you might’ve asked yourself at some point “this could be better, right?” Event Log Explorer is the answer. Tabbed interface (see the pattern yet?), description and multiple log filtering, custom rules, regex, Excel export, you name it. The ability to right-click an event, datestamp, or event level and be able to quick filter them is a godsend.
Available in a free edition for non-commercial use. In my opinion, the tool is worth it if you can sway the company to buy it. Spend any amount of time trying to correlate between machines or local event logs and you will see the light. Another cool note, apparently it is used in SANS forensic courses as they offer a special “Forensics edition” that you can get after verifying enrollment.
Yet another piece of software that has become my “normal”. Just like if you learn a language and you start dreaming in it, when I think of configuring AD in my mind, I see the Hyena options and menus. It is how AD should be, and something where I feel like I find something new each time I use it. Sorting, searching, exporting, custom views/attributes, bulk operations, it can handle it all. Highly recommend this tool if you can swing the price, which is reasonable for a business budget and what it can do.
Tabs. Registry. Uber-powerful free registry editor with tabs. You can open multiple tabs of the same local (or remote) registry, use multiple search options, export keys, save keys as favorites, and more. My most-used function is definitely the search – it is a joy to be able to go back and forth between the search and registry tabs, drilling down until you find what you’re looking for.
You must be logged in to post a comment.