Archive for the ‘Utilities Update’ Category

TurnedOnTimesView is a new tool that analyses the event log of Windows operating system, and detects the time ranges that your computer was turned on. For every period of time that the computer was turned on, the following information is displayed: Startup Time, Shutdown Time, Duration, Shutdown Reason, Shutdown Type, Shutdown Process, and Shutdown Code.

TurnedOnTimesView allows you to get this information from your local computer, and from remote computer on your network if you have enough privilege to read the event log of Windows remotely.

TurnedOnTimesView

TurnedOnTimesView

You can download this new tool from this Web page.

 

DNSQuerySniffer is a new network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records.
You can easily export the DNS queries information to csv/tab-delimited/xml/html file, or copy the DNS queries to the clipboard, and then paste them into Excel or other spreadsheet application.

DNSQuerySniffer works on any version of Windows, starting from Windows 2000, and up to Windows 8. Both 32-bit and 64-bit systems are supported.

DNSQuerySniffer

DNSQuerySniffer

You can download this new utility from this Web page.

The new version of WebBrowserPassView utility (v1.40) has the ability to extract the passwords stored by Internet Explorer 10.0
You might think that I added only one feature for this new release, but I actually added 2 features: one for supporting Internet Explorer 10.0 on Windows 8 and the other to support Internet Explorer 10.0 on Windows 7.

That’s because IE10 stores the passwords in completely 2 different ways. On Windows 7, it still stores the passwords like the previous versions of IE, under the following Registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
The passwords under this Registry key are encrypted with the URL string and thus  WebBrowserPassView needs to scan the browsing history of IE to decrypt these passwords. Due to the changes on IE10, WebBrowserPassView failed to read the IE history and thus it also failed to get the passwords. The new version of WebBrowserPassView reads the history of IE10 properly and thus the password decryption process also works properly.

On IE10 under Windows 8 it’s a completely different story: The passwords are now stored inside the ‘Windows Vault’, located in the file system under C:\Users\[User Name]\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
WebBrowserPassView extracts these passwords by using the undocumented Credential Vault Client Library  (vaultcli.dll)

The support for IE10 passwords is also added to the Password Security Scanner tool, and soon it’ll also be added to the IE PassView utility.

A few months ago, I released a new version of BrowsingHistoryView that extracted the history of Internet Explorer 10 from the locked WebCacheV01.dat (or WebCacheV24.dat) database file by using the ‘Volume Shadow Copy’ service.
The previous solution was not very successful, because it required full admin rights, it was very slow, and it also tend to fail on some systems.

The new version of BrowsingHistoryView (v1.30) provides much better solution to read the locked database of IE10. It locates the process that maintains the opened file, duplicates the file handle, and then uses the duplicated handle to copy the content of the locked database to into a temporary file. BrowsingHistoryView reads the history from the created temporary file and then deletes the temporary file.

So far, in all my tests, this method works very smoothly and it doesn’t require to run BrowsingHistoryView as admin.

If you have Internet Explorer 10, you are welcomed to download and test the new version of BrowsingHistoryView from this Web page.

 

TcpLogView is a new utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)

Be aware that TcpLogView creates the TCP log by taking a snapshot of currently open TCP connections, and comparing it to the previous snapshot, so if a TCP connection is opened for a very short time, then TcpLogView will not be able to capture it.

TcpLogView

TcpLogView

 

You can download TcpLogView from this Web page.

 

 

NetConnectChoose is a new utility that allows you to easily choose the default Internet connection that will be used by all Internet applications, when you have more than a single Internet connection on the same time. (Each connection on different network adapter)
It also displays extensive information about every active network/Internet connection, including network adapter name, MAC Address, Name Servers, MTU, Interface Speed, current incoming/outgoing data speed, number of received/sent packets, received/sent bytes, and more…

NetConnectChoose

NetConnectChoose

You can download this new utility from this Web page.

 

JumpListsView is a new utility that displays the information stored by the ‘Jump Lists’ feature of Windows 7 and Windows 8. For every record found in the Jump Lists, the following information is displayed: The filename that the user opened, the date/time of the file opening event, the ID of the application that was used to open the file, the size/time/attributes of the file on the time that the file was opened, and more…

JumpListsView

JumpListsView

 

You can download this new utility from this Web page.

 

NetworkInterfacesView is a new utility for Windows that displays the list of all network adapters/interfaces installed on your system. It displays network interfaces that are currently active, as well as network interfaces that have been installed previously, and now they are not connected (like USB wireless network adapters).
For every network interface found on your system, the following information is displayed (if it’s stored in the Registry): Device Name, Connection Name, IP Address, Subnet Mask, Default Gateway, DHCP Server, Status, MAC Address and more…
You can select one or more network interface items and then export them to xml/html/csv/tab-delimited file, or copy them into the clipboard and then paste them into Excel or other spreadsheet application.

NetworkInterfacesView

NetworkInterfacesView

You can download NetworkInterfacesView from this Web page.

 

ESEDatabaseView is a new utility that reads and displays the data stored inside Extensible Storage Engine (ESE) database (Also known as ‘Jet Blue’ or .edb file). It displays a list of all tables available in the opened database file, allows you to choose the desired table to view, and then when you choose a table, it displays all records found in the selected table. ESEDatabaseView also allows you to easily choose one or more records, and then export them into comma-delimited/tab-delimited/html/xml file, or copy the records to the clipboard (Ctrl+C) and then paste them into Excel or other spreadsheet application.

Be aware that currently ESEDatabaseView is somewhat a Beta version and thus it might fail to read field values with complex data structure.

ESEDatabaseView is available to download from this Web page.

ESEDatabaseView

ESEDatabaseView

A few utilities of NirSoft, including CurrPorts, SmartSniff, NetworkTrafficView, and CountryTraceRoute (which has been released just a few weeks ago) now supports the free IP geolocation database of MaxMind, in addition to the support of software77.net IP to country database.

The database of MaxMind is larger than the database of software77.net, and for some of the IP addresses, city information is also provided.

In order to start using the MaxMind database with the NirSoft utilities specified above, simply go to this Web page, download the GeoLite City database in binary/gzip format (The filename is GeoLiteCity.dat.gz), and then put this file in the same folder where the .exe files of NirSoft utilities are located.
When you run a utility that supports this database, it automatically loads the database and uses it to display the country/city information for every IP address.

CurrPorts with the GeoLite City database

CurrPorts with the GeoLite City database