Install Sysinternals

Nov 21, 2023 by Thibault Debatty | 378 views

Windows Sysadmin Forensics

https://cylab.be/blog/310/install-sysinternals

Sysinternals is a collection of powerful utilities for Windows. They can be used by system administrators to perform local or remote system administration, and also by analysts to perform some forensics tasks. The tools were originally developed by Mark Russinovich, and are now maintained by Microsoft. Here is how to install them...

Download and install

Sysinternals is distributed as a simple zip archive. So:

  1. Download from https://download.sysinternals.com/files/SysinternalsSuite.zip
  2. Extract the ZIP archive
  3. Optional: move the directory to a better place. For this demo I moved the folder to %USERPROFILE%\App

sysinternals-directory.png

%PATH%

Sysinternals utilities are command line tools, so it's easier if their directory is added to the %PATH% environment variable. To modify your PATH:

  1. Open the Advanced System Settings

advanced-settings.png

  1. Click on the Environment variables button

environment-variables.png

  1. Select the Path variable and click on Edit

environemnt-variable-path.png

  1. Finally, add to the list the full path to Sysinternals directory

path-sysinternals.png

Test

To test your installation, you can for example open a terminal as Administrator, and run AutorunSC.exe utility. This utility will list all autorun programs on your system:

autorunsc.png

This blog post is licensed under CC BY-SA 4.0

Explore the SAM hive with Regedit (and Sysinternals)
The Windows Registry is a kind of database that stores a lot of important configuration parameters for Windows and installed applications. The specific of this database is that the data is actually stored in different files called hives. One of these is the SAM (Security Account Manager) hive, which stores, among others, user passwords. Let's explore this hive a little..
Nov 21, 2023 | 631 views
Install Eric Zimmerman's forensics toolkit
Eric Zimmerman has written a collection of powerful forensics analysis tools. The installation process requires some work, but here is a step by step guide to install the tools on a Windows 11 computer.
Oct 4, 2023 | 919 views
Changing Docker's default subnet IP range
Docker containers have become widely used to deploy and maintain critical parts of infrastructure. The problem is that sometimes some of the containers running may interfere with other parts of the network.
Jul 13, 2023 | 8385 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept