BKWNTRNL.RVW 20061117 "Winternals", Dave Kleiman et al, 2006, 1-59749-079-2, U$49.95/C$64.95 %E Dave Kleiman dave@davekleiman.com %C 800 Hingham Street, Rockland, MA 02370 %D 2006 %G 1-59749-079-2 %I Syngress Media, Inc. %O U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597490792/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597490792/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597490792/robsladesin03-20 %O Audience a Tech 2 Writing 1 (see revfaq.htm for explanation) %P 479 p. %T "Winternals: Defragmentation, Recovery, and Administration Field Guide" The foreword doesn't exactly state that the book is documentation for the Winternals (commercial) and Sysinternals (free) programs, but that seems to be the implication. (With the purchase of both entities by Microsoft it is oddly the Winternals products that may be difficult to obtain: the free Sysinternals utilities are currently still available on Microsoft's Website.) Chapter one covers the installation of, preparation for, and some tools from ERD (Emergency Recovery Disk) Commander 2005. In dealing with malware and rootkits it is important to know process and startup information. The explanations for Process Explorer and Autoruns, in chapter two, are sometimes verbose, but always well-written, interesting, and clear. Some of the Sysinternals utilities are dealt with in chapter three, but while the background material (say, on file permission evaluation) is detailed, it is not always articulate. More Sysinternals programs, for monitoring system activity, are in chapter four. Chapter five is sometimes confusing as to which of the disk utilities examined are free or commercial, or which are to be used locally and which remotely. There are often lots of screenshots, but sometimes little clarity in regard to execution or invocation of the application. There are many screenshots in the descriptions of data recovery tools in chapter six, but the pre-requisite tools and tasks are listed in a straightforward and useful manner. The system troubleshooting tools (all but one free) listed in chapter seven present a lot of duplication of content from chapter four. (There are, in fact, a number of sections in the book that repeat material from other parts. In response to a draft of this review, the editor noted that it was felt that this approach provided ideas on how to use the tools for differing tasks.) Chapter eight deals with network troubleshooting, but the text is primarily concerned with lists of commands, rather than functional use. The same is true of application examination tools in chapter nine (which would, in any case, mostly be of interest to programmers and those involved with software forensics). Chapter ten is also of interest to programmers, noting the source code availability for a number of the tools. (Many code fragments can be used in a variety of intriguing and oddball applications.) Tools specific to Windows NT are listed in chapter eleven. Chapter twelve describes some utilities created for fun (or pranks). The Winternals/Sysinternals tools are powerful, but sometimes you need some help to find out how best to use them. While some sections of this book require digging and experimentation, there is useful advice from those who have used the utilities extensively. copyright Robert M. Slade, 2006 BKWNTRNL.RVW 20061117