Winternals: Defragmentation, Recovery, and Administration Field Guide [ILLUSTRATED] (Paperback)

by Dave Kleiman (Author), Laura Hunter (Author), Mahesh Satyanarayana (Author), Kimon Andreou (Author), Nancy G Altholz (Author), Lawrence Abrams (Author), Darren Windham (Author), Tony Bradley (Author), Brian Barber (Author)
Key Phrases: autostart locations, multiple filter match strings, remote recover, Process Explorer, Code Listing, Defrag Manager (more...)

Editorial Reviews

Product Description
The only book available for the market leading Winternals tools used in over 70,000 Microsoft networks worldwide.

The book begins with a chapter describing the most common challenges faced by system administrators related to system recovery, data backup and system performance enhancements. The next chapters introduce the readers to the complete suite of Winternals solutions including Recovery Manager, Defrag Manager, and the Administrator's Pak which repairs unbootable or locked-out systems, restores lost data, and removes malware from infected machines. Chapters on the Administrator' Pak detail all the components of this powerful suite of tools including: ERD Commander 2005, Remote Recover, NTFSDOS Professional, Crash Analyzer Wizard, FileRestore, Filemon Enterprise Edition, Regmon Enterprise Edition, AD Explorer, Insight for Active Directory, and TCP Tools. Each of these chapters details the complete functionality of all tools, and also provides detailed examples for using all tools in relatively simple to extremely complex scenarios. The chapters and companion Web site also include dozens of working scripts to automate many data recovery, backup, and performance enhancement tasks.

· Winternals tools are the market leading data recovery and system optimization tools for Microsoft Networks. These tools are deployed in more than 70,000 companies worldwide

· Despite the popularity of the Winternals tools, there are no competing books

· The companion Web site to the book will provide dozens of working scripts to optimize and enhance the performance of the Winternals tools

About the Author
Dave Kleiman (CAS, CCE, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE) has worked in the Information Technology Security sector since 1990. Currently, he is the owner of SecurityBreachResponse.com, and is the Chief Information Security Officer for Securit-e-Doc, Inc. Before starting this position, he was Vice President of Technical Operations at Intelliswitch, Inc., where he supervised an international telecommunications and Internet service provider network. Dave is a recognized security expert. A former Florida Certified Law Enforcement Officer, he specializes in computer forensic investigations, incident response, intrusion analysis, security audits, and secure network infrastructures. He has written several secure installation and configuration guides about Microsoft technologies that are used by network professionals. He has developed a Windows Operating System lockdown tool, S-Lok (www.s-doc.com/products/slok.asp ), which surpasses NSA, NIST, and Microsoft Common Criteria Guidelines. Dave was a contributing author to Microsoft Log Parser Toolkit (Syngress Publishing, ISBN: 1-932266-52-6). He is frequently a speaker at many national security conferences and is a regular contributor to many security-related newsletters, Web sites, and Internet forums. Dave is a member of several organizations, including the International Association of Counter Terrorism and Security Professionals (IACSP), International Society of Forensic Computer Examiners® (ISFCE), Information Systems Audit and Control Association® (ISACA), High Technology Crime Investigation Association (HTCIA), Network and Systems Professionals Association (NaSPA), Association of Certified Fraud Examiners (ACFE), Anti Terrorism Accreditation Board (ATAB), and ASIS International®. He is also a Secure Member and Sector Chief for Information Technology at The FBI's InfraGard® and a Member and Director of Education at the International Information Systems Forensics Association (IISFA).

Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA, A+, Network+, iNet+, CNE-4, CNE-5) is a Senior IT Specialist with the University of Pennsylvania, where she provides network planning, implementation, and troubleshooting services for various business units and schools within the university. Her specialties include Microsoft Windows NT and 2000 design and implementation, troubleshooting, and security topics.

Product Details

• Paperback: 512 pages
• Publisher: Syngress (September 4, 2006)
• Language: English
• ISBN-10: 1597490792
• ISBN-13: 978-1597490795
• Product Dimensions: 8.9 x 7 x 1.5 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars See all reviews (2 customer reviews)
• Amazon.com Sales Rank: #878,947 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #62 in

  Books > Computers & Internet > Programming > Software Design, Testing & Engineering > Performance Optimization

Customer Reviews

Most Helpful Customer Reviews

4 of 4 people found the following review helpful:

4.0 out of 5 stars Surprisingly good, even if you only use free Sysinternals tools, August 25, 2006

By	Richard Bejtlich "TaoSecurity.com" (Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

I starting looking at Winternals shortly after Microsoft acquired the Winternals company. I almost didn't read the book, because I do not use the commercial Winternals tools. When I saw the book covered tools available from Sysinternals, I decided to concentrate on information relevant to me. I'm glad I did -- Winternals is a remarkably helpful book.

The most surprising aspect of Winternals is the focus on malware detection and removal. I expected the book to basically explain the tools and their options. I did not imagine the authors would provide multiple examples of fighting malware with Sysinternals utilities. Some of the discussion of kernel-mode rootkit removal is a little naive and outdated, given recent advances in the field. However, I really liked seeing more-or-less real-world examples of proper tool usage.

My concerns with Winternals are the same ones I usually express when I read a book by multiple authors: internal redundancy. Ten authors and one technical editor wrote Winternals. As a result, the Windows registry is "introduced" several times in the book. The same goes for popular tools like FileMon, RegMon, and PsList. Removing these redundancies is the job of the lead author or editor. Since Winternals seems to feature neither party, the book is internally redundant.

In some cases I felt introductory material wasn't necessary. For example, I didn't need ot read about DNS and Whois in Ch 8. I imagine most people reading Winternals already know how those protocols work.

Minor problems include appearances of odd text formatting and some screenshots being too small to really decipher. I didn't see many obvious typos, although the mention of "Syng set" on p 334 should say "SYN sent."

Despite these issues, I liked reading Winternals. Windows-centric security analysts, incident responders, and desktop engineers who are beginning to use Sysinternals and Winternals tools will find this book invaluable.

1 of 2 people found the following review helpful:

5.0 out of 5 stars VERY VERY HIGHLY RECOMMENDED!!, December 9, 2006

By	John R. Vacca "Tech Write Independent Reviewer" (Pomeroy, Ohio) - See all my reviews (REAL NAME)

Are you a systems administrator? If you are, then this book is for you. Authors Dave Kleiman, Laura Hunter, Mahesh Satyanarayana, Kimon Andreou, Nancy G Altholz, Lawrence Abrams, Darren Windham, Tony Bradley and Brian Barber, have done an outstanding job of writing a book about the Winternals and Sysinternal tools in real-world situations that administrators can and will face on a daily basis.

Kleiman, Hunter, Satyanarayana, Andreou, Altholz, Abrams, Windham, Bradley and Barber, begin by showing you how to use Process Explorer and Autoruns to spot and eliminate malware autostarts, services, drivers, and processes. Then, the authors describe in detail, the tools developed by Sysinternals to illustrate this sort of advanced information and explain how to use them. Next, they show you how to use Sysinternals tools to monitor active sessions on a computer and how to discover which processes are accessing which resources. They also show you a better way to manage disk and file fragmentation on your volumes. The authors then continue by examining the data recovery tools made available to you by the Winternals team. Then, they show you how to make sense of the infamous Blue Screen of Death. Next, the authors show you how to monitor active socket connections. They also examine a few tools provided by the Winternals group that any software developer would find useful. The authors continue by discussing the available source code. Then, they cover topics ranging from advanced system optimization, to options available in a multiboot system with various versions of Windows, to data recovery for NT. Finally, the authors show you how to use screensaver with a perverted twist to it.

This most excellent book will show you how to bring dead systems back to life through the use of Winternals. Perhaps more importantly, Winternals software is capable of doing much more than that!