Install Sysinternals

Nov 21, 2023 by Thibault Debatty | 1272 views

Windows Sysadmin Forensics

https://cylab.be/blog/310/install-sysinternals

Sysinternals is a collection of powerful utilities for Windows. They can be used by system administrators to perform local or remote system administration, and also by analysts to perform some forensics tasks. The tools were originally developed by Mark Russinovich, and are now maintained by Microsoft. Here is how to install them…

Download and install

Sysinternals is distributed as a simple zip archive. So:

  1. Download from https://download.sysinternals.com/files/SysinternalsSuite.zip
  2. Extract the ZIP archive
  3. Optional: move the directory to a better place. For this demo I moved the folder to %USERPROFILE%\App

sysinternals-directory.png

%PATH%

Sysinternals utilities are command line tools, so it’s easier if their directory is added to the %PATH% environment variable. To modify your PATH:

  1. Open the Advanced System Settings

advanced-settings.png

  1. Click on the Environment variables button

environment-variables.png

  1. Select the Path variable and click on Edit

environemnt-variable-path.png

  1. Finally, add to the list the full path to Sysinternals directory

path-sysinternals.png

Test

To test your installation, you can for example open a terminal as Administrator, and run AutorunSC.exe utility. This utility will list all autorun programs on your system:

autorunsc.png

This blog post is licensed under CC BY-SA 4.0

Create your own plugin for RegRipper

Forensics Windows Linux

Oct 15, 2024 | 542 views
Explore the SAM hive with Regedit (and Sysinternals)

Windows Sysadmin Forensics

Nov 21, 2023 | 3755 views
Install Eric Zimmerman's forensics toolkit

Forensics Windows

Oct 4, 2023 | 2474 views
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept