Saturday, 19 March 2016

Monitoring and Diagnostics (NPMD) Magic Quadrant Report 2016

Gartner calls out the strengths of each vendor included in its Magic Quadrant report and how that vendor is impacting the marketplace. We’d like to take a moment to expand upon Gartner’s comments and discuss what we feel sets SevOne apart from other vendors:
  • Breadth and Volume of Data Collection: SevOne can scale to millions of objects and monitor the entire network, server, storage, cloud and virtual infrastructure with no practical limits. This includes collection of structured and unstructured data using 20+ protocols out of the box as well as an extensive library of certified devices. This comprehensive data collection includes metrics, flows, and logs to allow for complete performance visibility across the entire infrastructure from a single platform. For instance, one Communications Services Provider uses SevOne to collect 160 billion metrics per day using 30+ non-standard data sources.
  • Rapid Access to Actionable Data: SevOne excels in allowing teams to collect real-time data, including metrics/time-based data, flow, logs, and synthetics, and access it all from a single screen. Teams can also generate reports quickly with highly granular data, down to one-second intervals. An enterprise team at a Global 2000 company is able to use SevOne to shorten initial root cause analysis of critical issues from 10 minutes to just under 150 seconds without having to touch any other tool.
  • Time to Value: Teams who implement SevOne are able to deploy rapidly because it’s an all-in-one solution, deployed as a physical or virtual appliance. There’s no additional hardware, software, agents, or databases required. For monitoring new devices, applications, and technologies, SevOne provides a guaranteed 10 day SLA for device or app key certification. This has allowed the IT team from a large enterprise organization to replace its legacy tools in just 45 days. It now uses SevOne to support over 1 million objects, resulting in better data integrity.
  • Seamless Scaling: The patented SevOne Cluster consolidates monitoring technology into a single, effective platform. Its fully distributed architecture ensures there is no single point of failure and supports multiple topologies. SevOne returns reports in seconds, no matter how large the monitored domain. A financial services firm uses this technology to monitor thousands of flow interfaces in real-time across three continents.
  • Integrated intelligence: When teams are able to access associated metrics, flows, and logs in one place in real time, they’re able to reduce mean time to repair (MTTR). SevOne automatically builds a dynamic baseline of normal behavior for all performance indicators collected, so you can set threshold-based alerts for when actual performance levels deviate from historical norms. You can also use metadata to provide business context of performance data to ensure IT is aligned with business objectives. A Communications Services Provider uses custom calculations performed across multiple interface KPIs to provide a single metric for service‐level monitoring. Now its executives can review reports on market utilization and customer trends by region.
  • Open Platform: 100% of SevOne’s UI functions are available via APIs as well. This openness enables integration and orchestration with a company’s existing workflows, lowering deployment costs and leveraging existing investments in systems and processes. One enterprise team at a Global 2000 company improved event management by integrating SevOne with their ticketing system. Alerts that once took an average of 45 minutes to document, prioritize and escalate now take 7‐8 minutes, reducing risk of service outage.
    Internet of Things IoT
    I was at Mobile World Congress last week, and, as always, came home with my head abuzz and sore legs (from shuttling between Hall 1 and Hall 8, and also trying to find that perfect restaurant in the Gothic Quarter). So many cool projects and technologies, so little time!
    IoT seemed to be on everyone's lips – from niche manufacturers to major integrators to carriers. As I cruised the halls, I noticed two things. First - most of the IoT discussion was centered around extremely niche applications. Second - I found few compelling end-to-end stories that could easily be re-used. Parking meters, solar, mobile geo aware advertising, and many others all fell into one or both of these categories.
    The beauty of the Internet is that it is open. One can get data from a variety of sources to a variety of consumers to enable the creation of applications by many developers. This is not what we are seeing today. The applications seem to be cobbled together, not integrated along open interface lines.
    The sensor manufacturers talk to proprietary gateways, which expose the data through proprietary APIs. These are consumed through fairly purpose-built storage back ends, and exposed through purpose-built apps. The application architectures seem to be monolithic and closed, not intended to provide much public access to the data. Sure, using the app I can find a parking spot... but it’s not like the solutions are being designed to allow stream access to the feeds to third party developers to innovate the way the Internet does (…and allow someone to create the next parking AirBnB for example).
    So we have a very fragmented landscape. It’s full of promise, yet currently populated by point solutions not designed to integrate.
    So how do we move forward? I think two things are necessary – open access to the stream of the sensors and open access to the historical data. This needs to be powered by both public and private initiatives, just as the Internet was originally designed to be. This access may be free or monetized, or sponsored or whatever – but it just needs to be available.
    Security is going to be a huge factor here – not in access prevention, but in access facilitation and creating a flexible multi-tenant environment. It’s about ensuring that we can have authorization, authentication and accounting for both the users and the veracity of data. That will be huge.
    Today, the IoT landscape is one of fragmented applications using smart devices to provide point solutions that are often vendor-locked and don't facilitate secure interoperability. For IoT to reach its potential, we must focus on making sure that we keep it as open as possible, facilitating creativity through open access and well-documented secure and interoperable integration points.

5 Free Tools to Test and Benchmark Your Network Speed

Network connections are very common nowadays. Not only it is used in corporate environments but at home as well due to the affordable broadband connection offered by our Internet Service Provider. Even a low end computer motherboard would probably come with a built-in network adapter. Setting up a local area network is so much easier today thanks to the multiple port router where all you need is just plug in the network cable and it will work right after going through a simple wizard configuration. Even wireless connection can be quickly and easily established by pressing the WPS button that is found on most newer generation routers.
Whether you are a computer technician, engineer or even a normal user, it is important to make sure that your network connection is working properly in order to achieve the fastest file download or transfer speed and a stable connection for streaming purposes. Here are 5 free network benchmarking tools that can be used to test your network speed between computers.
Read More: https://www.raymond.cc/blog/network-benchmark-test-your-network-speed/1. LAN Speed Test (Lite)
LAN Speed Test
The Lite version is basically the free version of the shareware LAN Speed Test. It is an easy to use tool for measuring the speed on your LAN by copying a file to another computer that is located at the same local network. All you need to do is browse the location of another computer on the network where you have write access and click the Start Test button. You will then be prompted to set the file size of the dummy file to be transferred. The good thing about this tool is you don’t need to setup a master and client connectivity. You can also print the results at the end of the test.
If you are looking for a more powerful network tester, do take a look at the shareware version of LAN Speed Test that cost only $6 for a license. LAN Speed Test (Lite) is portable, small and works in Windows 2000 to Windows 7.
Download LAN Speed Test (Lite)

2. LANBench
LANBench
LANBench is also a free and portable utility that test the network using TCP only. You need to run LANBench on both computers, one as server and the other as client which will be the tester. The server part will only nee to click on the Listen button, while at the client side will require a bit of configuration such as specifying the server’s IP address from File > Configure. You can also define the test duration, packet size, connection and transfer mode. During benchmark you can see the live transfer rate and also the average performance.
Works on all Windows including 64-bit.
Download LANBench

3. NetIO-GUI
NetIO-GUI
NETIO is actually a command line application for benchmarking the network throughput and there is a portable GUI version that works as a frontend. After downloading, run the extractor and followed by running NetIO-GUI.exe. You will also need to run NetIO-GUI on both computers that you want to test, one as client-mode and the other as server-mode. The server will only require to click on the Start server button while for the client, you will need to enter the server’s IP address and optionally selecting the choosing the protocol (TCP or UDP) that you want to test. NetIO will then test the connectivity based on a few different packetsize.
Download NetIO-GUI

4. NetStress
NetStress
NetStress is a free and simple network benchmarking tool created as an internal tool by Nuts About Nets but is now being released to public. NetStress also requires to run on both computers that you want to test but the good thing about it is it can automatically find the receiver IP address. To run a test, click on the 0.0.0.0 beside the Remote Received IP and select the IP address that is listed in the window and click OK. The start button will then be enabled and clicking on it will start sending and measuring the TCP and UDP throughput.
A unique feature found in NetStress is the ability to change the MTU size where you can find in most internet optimization tool. My only gripe with NetStress is the inability to resize the window because it takes up the whole screen.
Download NetStress

5. AIDA32
AIDA32 is actually the first and free version of the popular hardware information and benchmarking tool known as EVEREST and now AIDA64. AIDA32 comes with Network Benchmark plugin that is weirdly no longer found in EVEREST nor AIDA64. To run the network benchmark, download, unzip and run aida32.exe. Then click on the Plugin menubar followed by AIDA32 Network Benchmark. Just like most of the network benchmarking tools, you need to run the network benchmark plugin on both computers that you want to test.
AIDA32 Network Benchmark
On one computer, select Master from the drop down list located at the bottom of the window, go to the Bandwidth tab and click on the Start button. On another computer, select Slave, enter the IP address of the Master, go to Bandwidth tab and click Start. The Save button allows you to save the bandwidth chart in bitmap format.
Download AIDA32
Additional Note: There is another network benchmarking tool found in the popular PerformanceTest by PassMark software that comes with an advanced network testing tool. It can test both IPv4/IPv6 and allowing you to set the data block size and enable UDP bandwidth throttling. The advanced network test tool can be accessed from Advanced > Network in the menubar. Although PerformanceTest is a shareware, it can actually be used without limitations for 30 days. The status area shows the amount of data sent to server, CPU load, average/minimum/maximum speed which is enough to determine the consistency of the network speed.
Passmark Advanced Network Test
Read More: https://www.raymond.cc/blog/network-benchmark-test-your-network-speed/

15 Application Performance Management Tools

Applications are the key to modern business processes, but they do far more than manage back-office tasks like accounting and payroll. Today’s enterprises are application-driven, relying on apps for automating and streamlining marketing, customer relations, and so much more. App performance management, therefore, is critical to business continuity and the productivity of many facets of an organization is dependent on optimal app performance. 
Application Performance Management (APM) tools have been the subject of some debate within the IT industry. With the application landscape shifting to the cloud and enterprise infrastructures now dramatically different than the traditional, APM tools face increased challenges to provide real performance benefits across systems with virtual perimeters, yet these very capabilities are more necessary than ever.
Some APMs have risen to meet this challenge, with full-stack visbility complete with diagnostics and actionable recommendations based on sophisticated data analysis. What’s more, much of this is completely automated, essentially freeing up an enterprise’s IT department to focus on other tasks that enhance revenue, while receiving instant alerts for rapid problem resolution. This enables providing consistent optimal performance without spending hours upon hours poring through line-by-line code and other data to identify potential problems before they become major concerns.
Modern enterprises require robust tools that can monitor resources used by applications, correlate that data with meaningful user insights, and align performance with business processes. Many of the following tools go far in accomplishing these goals in a single, central appliance, while others hone in on specific platforms or layers. Whatever your needs, there’s an APM here designed to meet your needs.
Note: The following 40 APMs are not ranked or rated in order of quality or importance. The numbering system is meant to provide an easy point of reference if, for instance, you’re passing it along to a colleague so they can quickly find the tool in question, or you want to refer back later and compare a few tools — you can do so easily. This list has been created to provide a short list of some of the most comprehensive APM tools available to save you research time if you’re frustrated with the constant tedious monitoring and analysis required to keep your applications running at optimal performance. The numbers shouldn’t be considered an implication that #1 is better than #38, however.
1. New Relic APM
@NewRelic
newrelic
New Relic’s APM solution has you up and running, monitoring your applications with full visibility, within five minutes. And there’s no additional infrastructure, support or configuration required on an ongoing basis. New Relic provides actionable insights into application data in an easy-to-understand format through an intuitive interface. New Relic APM collects data on a variety of parameters and offers custom dashboards so you can view the data that matters to you.
Key Features: 
  • Application Monitoring provides performance trends at-a-glance
  • Browser Monitoring gives insights from the user perspective
  • Track SQL statements responsible for slow performance
  • Full visibility into problem transactions
  • Low-impact production thread profiler
  • Code-level diagnostics
  • Cross-Application Tracing
  • Monitor critical business transactions independent of application
Cost: 
  • Lite: FREE (24-hour data retention)
  • Pro: $149/month/host (unlimited data retention, code-level visibility)
  • Enterprise: Contact for a quote (Full feature set)

2. AppDynamics
@AppDynamics
appdynamics
AppDynamics is more than just an APM. Self-described as an application intelligence platform, AppDynamics monitors application performance and then derives insights into how application performance is impacting business operations. From data collection to processing and then deriving knowledge from your data, AppDynamics provides full visibility into exactly how application performance is affecting your business.
Key Features: 
  • Monitor Java, .NET, PHP and more
  • Diagnose and eliminate problems at code-level
  • Visualize your entire application stack
  • Intuitive user interface
  • Dynamic transaction flow maps
  • Multi-dimensional, cross-correlated drill-down
  • Real-time business metrics
  • Performance metrics and business metrics correlated in real-time
  • Custom, drag-and-drop HTML5 dashboards
  • Query language for data discovery
  • Custom extensions for integration with third-party tools
Cost: 
  • Basic: FREE forever (after 15-day Pro trial)
  • Pro: Contact for a quote

3. Foglight
@DellSoftware
foglight
Foglight monitors and manages performance across multiple technologies, including Java or .NET, virtual and physical servers, databases and more, offering insight into how your users interact with your applications. Foglight helps you create a better user experience and ensures that your IT environment is adequately supporting your company’s needs. Offering a slew of products to cover everything from the most widely used technologies to the most unique, Foglight allows you to create a customized APM solution for end-to-end management.
Key Features: 
  • Manage the user experience from multiple perspectives
  • Application server monitoring and diagnostics
  • Monitor and manage databases
  • SLA monitoring and dashboards
  • Monitor your middleware environment
  • Monitor infrastructure from multiple perspectives
  • Select products by technology platform
  • Monitor custom and web-based applications
  • Solutions for ERP/CRM applications
  • Monitor employee productivity applications
  • Incident counts and mean-time-to-resolution (MTTR) of incidents
  • Improve compliance with end-user SLAs
Cost: Contact for a quote

4. SteelCentral for Performance Management and Control
@riverbed
riverbed
For rapid issue resolution, you need deep insights into application performance so you can quickly diagnose problems and pinpoint the origin. Riverbed’s SteelCentral for Performance Management and Control is a complete, end-to-end solution combining user experience, application and network performance management with centralized control.  A suite of tools for various environments, such as SteelCentral Web Analyzer for web-based applications and SteelCentral AppResponse for network-based application performance and monitoring, Riverbed’s SteelCentral meets the needs of any application environment.
Key Features: 
  • Real-time application performance monitoring
  • Monitor from end-user devices and browsers through datacenters
  • Four primary APM solutions:
    • SteelCentral Web Analyzer for web-based applications
    • SteelCentral AppResponse for network-based application performance and monitoring
    • SteelCentral AppInternals for transaction tracing and data analysis
    • SteelCentral AppMapper for runtime application delivery mapping
  • Use multiple applications in conjunction for complete visibility
Cost: Contact for a quote

5. Compuware APM
@CompuwareAPM
compuware
Compuware has rebranded its application performance management product line, re-labeling all products with a single brand name, Compuware APM. This lineup includes Compuware’s popular APM products, Gomez and dynaTrace, integrated and unified to provide a modern APM solution that meets the demands of the increasingly challenging application performance management landscape. By choosing the solutions that fit your environment and platforms, you get a customized application performance management solution providing comprehensive performance management tools without the added weight of extraneous tools.
Key Features: 
  • Java, .NET and PHP solution
  • End-to-end, code-level monitoring
  • Enterprise Tiers for transaction tracing
  • Traces through web servers and messaging frameworks
  • Distributed and mainframe applications
  • Production, testing and development tools
  • User-experience monitoring
  • Real and synthetic monitoring for enterprise apps
  • Application-aware network monitoring
  • Monitor application performance in public, private or hybrid clouds
Cost:  Contact for a quote


6. BMC Software APM 
@bmcsoftware
bmcsoftware
BMC Software provides the “APM for everyone,” meaning it offers insights from the end-user-experience perspective to code-level monitoring and diagnostics, monitoring applications in both SaaS and on-premise environments. Save time and expenses by quickly identifying root cause and rapidly implementing targeted solutions with BMC Application Diagnostics, and gain full visibility into application performance from the user perspective with BMC End User Experience Management.
Key Features: 
  • Identify errors before they impact end users
  • Trend and baseline normal performance
  • Differentiate general and intermittent slowdowns
  • Drill down into minute details
  • Define priorities based on severity or extent of impact
  • Isolate application problems
  • Code-level diagnostics
  • Monitor SQL statements
  • Integrated monitoring for on-premise, cloud and hybrid applications
  • Single, unified application performance console
  • Improve time to market; restore services faster
Cost: Contact for a quote

7. JenniferSoft APM
@JenniferSoftUS
jennifer
JenniferSoft offers a comprehensive APM providing deep insights into application performance, with a an approach to performance managment that outweighs both the bottom-up infrastructure approach and the top-down business processes approach: By honing in on the actual service transactions, JenniferSoft APM provides visibility into the performance metrics that are critical to both the business and IT perspective.
Key Features: 
  • 24-7 application monitoring
  • Real-time troubleshooting
  • Fast performance bottleneck resolution
  • Maximize application availability; reduce downtimes
  • Insightful charts and graphs for rapid pattern and error identification
  • Packaged solution with minimal installation and configuration
  • Proprietary Byte-Code implementation technology
  • Isolate problematic codes impacting performance
  • Isolate sectors in application logical process
  • All completed transactions in X-View
  • Manage overall and individual performance for all transactions
  • User-friendly GUI
  • Single-click access to granular transaction data
  • True real-time monitoring
Cost: Contact for a quote

8. ExtraHop
@ExtraHop
extrahop
A passive network appliance designed to help IT professionals maximize application performance in today’s complex and dynamic environments, ExtraHop provides visibility into application servers, databases, storage systems, and the full network in a streamlined delivery system. With true application response times and correlated visibility into network, web, VDI, database and storage performance, ExtraHop enables complete visibility and rapid response times to ensure optimal performance.
Key Features: 
  • Gain cross-tier visibility
  • Troubleshoot application performance problems
  • Intuitive dashboards
  • Customized, one-click reports
  • Objective performance analysis
  • Automatic device discovery and classification
  • Performance baselines
  • Trend-based alerts
  • True application response times
  • Application activity maps
Cost: 
  • Subscription or Perpetual Plans
  • Contact for a quote
  • Starts as low as $7,500 for a one-year subscription
  • Equates to about $4 to $12/server/month

9. Lucierna
@lucierna_inc
lucierna
Lucierna is a complete Enterprise Application Performance Management solution, ensuring your apps are running at peak performance for meeting business objectives. Every transaction by every user is tracked from end-to-end, across all tiers including end user, network, web-server and back-end tiers with complete visibility and within full business context. Gain insights into performance, availability and SLA compliance with an in-depth view of performance across the spectrum.
Key Features: 
  • Open solution with pre-built integrations
  • Supports agile methodologies
  • Unified view of transaction traces
  • End-user experience monitoring
  • Deep transaction monitoring
  • Single appliance for complete APM
  • Decision Analytics derives usable insights from data
  • GURU offers actionable recommendations
  • Complete view of real transactions, 24/7; no sampling
  • Auto discovery and baselining
  • Historical analysis and transaction trending by users
  • Supports performance management on mobile devices
Cost: Contact for a quote

10. CA Application Performance Management
@CAinc
catech
Delivering revenue-generating and productivity-generating business services while exceeding customer expectations with CA’s Application Performance Management solution, complete with application behavior analytics. CA APM offers visibility and management across physical, virtual, cloud and mainframe environments and multiple tiers for a complete picture of both networks and infrastructure and the impact they’re having on business.
Key Features: 
  • Advanced behavior analysis
  • Unified end-user-experience monitoring
  • Proactive cloud-based monitoring
  • Monitor browser response times
  • Gain transaction visibility into the mainframe
  • Intuitive, web-based user interface
  • Self-learning establishes baseline
  • Identify deviations from baseline performance
Cost: Contact for a quote

11. AppNeta
@Appneta
appneta
AppNeta offers full-stack monitoring for web applications, including code, end user and network monitoring for full visibility. A complete performance monitoring solution, AppNeta is the only monitoring tool you need to monitor web applications, SaaS apps and application networks from end-to-end. With four integrated models combined into a single, streamlined SaaS solution, monitoring your applications has never been simpler.
Key Features:
  • SaaS solution
  • Monitor web apps, SaaS apps and application networks
  • Monitor networks without disrupting production applications
  • Replay, string together commands and debug
  • Identifies applications and users beyond flow records
  • Code-level application performance monitoring
  • Synthetic transaction monitoring
  • Application-aware traffic analysis
  • Network health and performance
  • Store trending performance data up to one year
Cost: Contact for a quote
  • Project: FREE (1 web monitor)
  • Global: $179/monitor/month (unlimited web monitors)
  • Full Stack: $119/monitor/month (with TraceView Enterprise install)

12. AppEnsure
@appensure
AppEnsure
Need to manage the response time and throughput of your applications that you’re running in multiple locations? AppEnsure discovers, names and maps every application in every location, establishes baseline and measures response time, and delivers root cause analysis with event correlation — all automatically, with zero configuration.
Key Features: 
  • Discover, name and map applications
  • Monitors apps in every location
  • Measure app response time to the supporting infrastructure
  • Establish a baseline response time
  • Alert when response time exceeds defined thresholds
  • Root cause analysis with event correlation
  • Complete stack visibility from Layer 2 to Layer 7
  • Topology and event discovery
Cost: 
  • FREE version (download)
  • Subscription: $50/month/agent (SaaS)

13. AppFirst
@appfirst
appfirst
AppFirst is “the world’s only web-scale platform for IT to continuously see every event across the enterprise,” offering multi-tenant access to sub-second metrics, application footprints and proactive error resolution to enable optimal performance for end users. AppFirst’s complete visibility approach to managing applications and infrastructure is designed with the modern enterprise in mind, gathering vast amounts of data and delivering it in a streamlined, visual view for easy interpretation.
Key Features: 
  • Create custom KPI dashboards
  • Correlate data with visual timelines and overlays
  • Visualize data flows with server topology
  • View all network traffic and latency in a single glance
  • Alerts on any resource metric from any data set
  • Use tag-based server sets to tailor UI
  • Create a taxonomy and grouping of servers, processes and services
  • Automatically detects processes and components
  • Measure response time and resource utilization metrics on the same level
  • View log files in full-environment context
  • Log searching, log watch and deep drill-downs
Cost: 
  • SaaS Standard: $15/collector/month (500MB/col. daily data cap, one month data retention)
  • SaaS Pro: $25/collector/month (1GB/col. daily data cap, one year data retention)
  • Private SaaS: Contact for a quote
  • On-Premise: Contact for a quote

14. Neebula
@NeebulaSystems
neebula
Applications with suffering performance aren’t supporting business operations as they should. Neebula’s Service Performance Monitoring solution aims to keep your applications running at peak performance through mapping business services to applications, servers, middleware, networks and storage to provide insights into the end-to-end health of business services.
Key Features: 
  • Correlates monitoring and event data
  • Maps business services to servers, applications and other components
  • Top-down solution starts with business services
  • Real-time service technology discovery
  • Automatically deploys monitors to collect data
  • Intelligent platform identifies relevant data; filters out the rest
Cost: Contact for a quote

15. BlueStripe
@bluestripesoftware
bluestripe
Application, transaction and system monitoring in a single solution, BlueStripe offers solutions for IT Operations and enterprise application monitoring and infrastructure performance monitoring. FactFinder provides application management for IT operations, ranging from mapping to monitoring and ultimately identifying fixes at the individual component level. Microsoft System Center provides mapping, live dashboards and monitoring for Operations Manager, Orchestrator and Service Manager. With application management in public, private and hybrid cloud environments, BlueStripe is a compatible tool with modern enterprise environments.
Key Features: 
  • Process-level transaction tracing
  • Supports IaaS and PaaS platforms
  • Connects on-premise transactions with data center counterparts
  • Quick root cause identification
  • Service Level Alerts
  • Automate provisioning
  • Real-time, dynamic mapping of apps and transactions
  • Supports Windows, Linux, Solaris, and AIX based components
  • Automatic issue identification
  • Robust out-of-the-box dashboards
  • Easily share data in understandable format with non-technical stakeholders
  • Identify and isolate performance issues

Top 20 Free Digital Forensic Investigation Tools for SysAdmins

Here are 20 of the best free tools that will help you conduct a digital forensic investigation. Whether it’s for an internal human resources case, an investigation into unauthorized access to a server, or if you just want to learn a new skill, these suites and utilities will help you conduct memory forensic analysis, hard drive forensic analysis, forensic image exploration, forensic imaging and mobile forensics. As such, they all provide the ability to bring back in-depth information about what’s “under the hood” of a system.

This is by no means an extensive list and may not cover everything you need for your investigation. You might also need additional utilities such a file viewers, hash generators, and text editors – checkout 101 Free Admin Tools for some of these.
My articles on Top 10 Free Troubleshooting Tools for SysAdmins, Top 20 Free Network Monitoring and Analysis Tools for Sys Admins and Top 20 Free File Management Tools for Sys Admins might also come in handy since they contain a bunch of tools that can be used for Digital Forensic Investigations (e.g. BackTrack and the SysInternals Suite or the NirSoft Suite of tools).
Even if you may have heard of some of these tools before, I’m confident that you’ll find a gem or two amongst this list.

01 SANS SIFT

The SANS Investigative Forensic Toolkit (SIFT) is an Ubuntu based Live CD which includes all the tools you need to conduct an in-depth forensic or incident response investigation. It supports analysis of Expert Witness Format (E01), Advanced Forensic Format (AFF), and RAW (dd) evidence formats. SIFT includes tools such as log2timeline for generating a timeline from system logs, Scalpel for data file carving, Rifiuti for examining the recycle bin, and lots more.
01 SANS SIFT
When you first boot into the SIFT environment, I suggest you explore the documentation on the desktop to help you become accustomed to what tools are available and how to use them. There is also a good explanation of where to find evidence on a system. Use the top menu bar to open a tool, or launch it manually from a terminal window.

02 ProDiscover Basic

ProDiscover Basic is a simple digital forensic investigation tool that allows you to image, analyse and report on evidence found on a drive. Once you add a forensic image you can view the data by content or by looking at the clusters that hold the data. You can also search for data using the Search node based on the criteria you specify.
02 ProDiscover Basic
When you launch ProDiscover Basic you first need to create or load a project and add evidence from the ‘Add’ node. You can then use the ‘Content View’ or ‘Cluster View’ nodes to analyse the data and the Tools menu to perform actions against the data. Click the ‘Report’ node to view important information about the project.

03 Volatility

Volatility is a memory forensics framework for incident response and malware analysis that allows you to extract digital artefacts from volatile memory (RAM) dumps. Using Volatility you can extract information about running processes, open network sockets and network connections, DLLs loaded for each process, cached registry hives, process IDs, and more.
03 Volatility
If you are using the standalone Windows executable version of Volatility, simply place volatility-2.1.standalone.exe into a folder and open a command prompt window. From the command prompt, navigate to the location of the executable file and type “volatility-2.1.standalone.exe –f <FILENAME> –profile=<PROFILENAME> <PLUGINNAME>” without quotes – FILENAME would be the name of the memory dump file you wish to analyse, PROFILENAME would be the machine the memory dump was taken on and PLUGINNAME would be the name of the plugin you wish to use to extract information.
Note: In the example above I am using the ‘connscan’ plugin to search the physical memory dump for TCP connection information.

04 The Sleuth Kit (+Autopsy)

The Sleuth Kit is an open source digital forensics toolkit that can be used to perform in-depth analysis of various file systems. Autopsy is essentially a GUI that sits on top of The Sleuth Kit. It comes with features like Timeline Analysis, Hash Filtering, File System Analysis and Keyword Searching out of the box, with the ability to add other modules for extended functionality.
Note: You can use The Sleuth Kit if you are running a Linux box and Autopsy if you are running a Windows box.
1
When you launch Autopsy, you can choose to create a new case or load an existing one. If you choose to create a new case you will need to load a forensic image or a local disk to start your analysis. Once the analysis process is complete, use the nodes on the left hand pane to choose which results to view.

05 FTK Imager

FTK Imager is a data preview and imaging tool that allows you to examine files and folders on local hard drives, network drives, CDs/DVDs, and review the content of forensic images or memory dumps. Using FTK Imager you can also create SHA1 or MD5 hashes of files, export files and folders from forensic images to disk, review and recover files that were deleted from the Recycle Bin (providing that their data blocks haven’t been overwritten), and mount a forensic image to view its contents in Windows Explorer.
Note: There is a portable version of FTK Imager that will allow you to run it from a USB disk.
2
When you launch FTK Imager, go to ‘File > Add Evidence Item…’ to load a piece of evidence for review. To create a forensic image, go to ‘File > Create Disk Image…’ and choose which source you wish to forensically image.

06 Linux ‘dd’

dd comes by default on the majority of Linux distributions available today (e.g. Ubuntu, Fedora). This tool can be used for various digital forensic tasks such as forensically wiping a drive (zero-ing out a drive) and creating a raw image of a drive.
Note: dd is a very powerful tool that can have devastating effects if not used with care. It is recommended that you experiment in a safe environment before using this tool in the real world.
Tip: A modified version of dd is available from http://sourceforge.net/projects/dc3dd/ – dc3dd includes additional features that were added specifically for digital forensic acquisition tasks.
3
To use dd, simply open a terminal window and type dd followed by a set of command parameters (which command parameters will obviously depend on what you want to do). The basic dd syntax for forensically wiping a drive is:
dd if=/dev/zero of=/dev/sdb1 bs=1024

where if = input file, of = output file, bs = byte size
Note: Replace /dev/sdb1 with the drive name of the drive you want to forensically wipe and 1024 with the size of the byte blocks you want to write out.
The basic dd syntax for creating a forensic image of a drive is:
dd if=/dev/sdb1 of=/home/andrew/newimage.dd bs=512 conv=noerror,sync
where if = input file (or in this case drive), of = output file, bs = byte size, conv = conversion options
Tip: For additional usage info, from a terminal window, type “man dd” without quotes to bring up the help manual for the dd command.

07 CAINE

CAINE (Computer Aided INvestigative Environment) is Linux Live CD that contains a wealth of digital forensic tools. Features include a user-friendly GUI, semi-automated report creation and tools for Mobile Forensics, Network Forensics, Data Recovery and more.
4
When you boot into the CAINE Linux environment, you can launch the digital forensic tools from the CAINE interface (shortcut on the desktop) or from each tool’s shortcut in the ‘Forensic Tools’ folder on the applications menu bar.

08 Oxygen Forensic Suite 2013 Standard

If you are investigating a case that requires you to gather evidence from a mobile phone to support your case, Oxygen Forensics Suite (Standard Edition) is a tool that will help you achieve this. Features include the ability to gather Device Information (Manufacturer, OS Platform, IMEI, Serial Number, etc.), Contacts, Messages (Emails, SMS, MMS, etc.) and recovery of deleted messages, Call Logs, and Calendar and Task information. It also comes with a file browser which allows you to access and analyse user photos, videos, documents and device databases.
5
When you launch Oxygen Forensic Suite, hit the ‘Connect new device’ button on the top menu bar to launch the Oxygen Forensic Extractor wizard that guides you through selecting the device and type of information you wish to extract.

09 Free Hex Editor Neo

Free Hex Editor Neo is a basic hex editor that was designed to handle very large files. While a lot of the additional features are found in the commercial versions of Hex Editor Neo, I find this tool useful for loading large files (e.g. database files or forensic images) and performing actions such as manual data carving, low-level file editing, information gathering, or searching for hidden data.
9
Use ‘File > Open’ to load a file into Hex Editor Neo. The data will appear in the middle window where you can begin to navigate through the hex manually or press CTRL + F to run a search.

10 Bulk Extractor

bulk_extractor is a computer forensics tool that scans a disk image, file, or directory of files and extracts information such as credit card numbers, domains, e-mail addresses, URLs, and ZIP files. The extracted information is output to a series of text files (which can be reviewed manually or analysed using other forensics tools or scripts).
Tip: Within the output text files you will find entries for data that resemble a credit card number, e-mail address, domain name, etc. You will also see a decimal value in the first column of the text file that, when converted to hex, can be used as the pointer on disk where the entry was found (i.e. if you were analysing the disk manually using a hex editor for example, you would jump to this hexadecimal value to view the data).
10
Bulk_extractor comes as a command-line tool or a GUI tool. In the example above I set the bulk extractor tool to extract information from a forensics image I took earlier and output the results to a folder called “BE_Output”. The results can then be viewed in the Bulk Extractor Viewer and the output text files mentioned above.

11 DEFT

DEFT is another Linux Live CD which bundles some of the most popular free and open source computer forensic tools available. It aims to help with Incident Response, Cyber Intelligence and Computer Forensics scenarios. Amongst others, it contains tools for Mobile Forensics, Network Forensics, Data Recovery, and Hashing.
11
When you boot using DEFT, you are asked whether you wish to load the live environment or install DEFT to disk. If you load the live environment you can use the shortcuts on the application menu bar to launch the required tools.

12 Xplico

Xplico is an open source Network Forensic Analysis Tool (NFAT) that aims to extract applications data from internet traffic (e.g. Xplico can extract an e-mail message from POP, IMAP or SMTP traffic). Features include support for a multitude of protocols (e.g. HTTP, SIP, IMAP, TCP, UDP), TCP reassembly, and the ability to output data to a MySQL or SQLite database, amongst others.
12
Once you’ve installed Xplico, access the web interface by navigating to http://<IPADDRESS>:9876 and logging in with a normal user account. The first thing you need to do is create a case and add a new session. When you create a new session you can either load a PCAP file (acquired from Wireshark for example) or start a live capture. Once the session has finished decoding, use the navigation menu on the left hand side to view the results.

13 LastActivityView

I briefly touched on LastActivityView when pointing out the NirSoft suite of tools in my Top 10 Free System Troubleshooting Tools for SysAdmins article. LastActivityView allows you to view what actions were taken by a user and what events occurred on the machine. Any activities such as running an executable file, opening a file/folder from Explorer, an application or system crash or a user performing a software installation will be logged. The information can be exported to a CSV / XML / HTML file. This tool is useful when you need to prove that a user (or account) performed an action he or she said they didn’t.
13
When you launch LastActivityView, it will immediately start displaying a list of actions taken on the machine it is being run on. Sort by action time or use the search button to start investigating what actions were taken on the machine.

14 DSi USB Write Blocker

DSi USB Write Blocker is a software-based write blocker that prevents write access to USB devices. This is important in an investigation to prevent modifying the metadata or timestamps and invalidating the evidence.
14 DF

When you run DSi USB Write Blocker, it brings up a window that allows you to enable or disable the USB Write Blocker. Once you make changes and exit the application, you can keep an eye on the status from the padlock icon in the taskbar. When performing an analysis of a USB drive, enable the USB Write Blocker first and then plug the USB drive in.
Note: If you are looking for a command line alternative USB Write Blocker, check out ‘USB Write Blocker for ALL Windows’: http://sourceforge.net/projects/usbwriteblockerforwindows8/

15 Mandiant RedLine

RedLine offers the ability to perform memory and file analysis of a specific host. It collects information about running processes and drivers from memory, and gathers file system metadata, registry data, event logs, network information, services, tasks, and Internet history to help build an overall threat assessment profile.
15
When you launch RedLine, you will be given a choice to Collect Data or Analyze Data. Unless you already have a memory dump file available, you’ll need to create a collector to gather data from the machine and let that process run through to completion. Once you have a memory dump file to hand you can begin your analysis.

16 PlainSight

PlainSight is a Live CD based on Knoppix (a Linux distribution) that allows you to perform digital forensic tasks such as viewing internet histories, data carving, USB device usage information gathering, examining physical memory dumps, extracting password hashes, and more.
16
When you boot into PlainSight, a window pops up asking you to select whether you want to perform a scan, load a file or run the wizard. Enter a selection to begin the data extraction and analysis process.

17 HxD

HxD is one of my personal favourites. It is a user-friendly hex editor that allows you to perform low-level editing and modifying of a raw disk or main memory (RAM). HxD was designed with easy-of-use and performance in mind and can handle large files without issue. Features include searching and replacing, exporting, checksums/digests, an in-built file shredder, concatenation or splitting of files, generation of statistics and more.
17
From the HxD interface start your analysis by opening a file from ‘File > Open’, loading a disk from ‘Extras > Open disk…’ or loading a RAM process from ‘Extras > Open RAM…’

18 HELIX3 Free

HELIX3 is a Live CD based on Linux that was built to be used in Incident Response, Computer Forensics and E-Discovery scenarios. It is packed with a bunch of open source tools ranging from hex editors to data carving software to password cracking utilities, and more.
Note: The HELIX3 version you need is 2009R1. This version was the last free version available before HELIX was taken over by a commercial vendor. HELIX3 2009R1 is still valid today and makes for a useful addition to your digital forensics toolkit.
18
When you boot using HELIX3, you are asked whether you want to load the GUI environment or install HELIX3 to disk. If you choose to load the GUI environment directly (recommended), a Linux-based screen will appear giving you the option to run the graphical version of the bundled tools.

19 Paladin Forensic Suite

Paladin Forensic Suite is a Live CD based on Ubuntu that is packed with wealth of open source forensic tools. The 80+ tools found on this Live CD are organized into over 25 categories including Imaging Tools, Malware Analysis, Social Media Analysis, Hashing Tools, etc.
19 DF
After you boot Paladin Forensic Suite, navigate to the App Menu or click on one of the icons in the taskbar to get started.
Note: A handy Quick Start Guide for Paladin Forensic Suite is available to view or download from the Paladin website as well as the taskbar within Paladin itself.

20 USB Historian


USB Historian parses USB information, primarily from the Windows registry, to give you a list of all USB drives that were plugged into the machine. It displays information such as the name of the USB drive, the serial number, when it was mounted and by which user account. This information can be very useful when you’re dealing with an investigation whereby you need to understand if data was stolen, moved or accessed.
20 DF
When you launch USB Historian, click the ‘+’ icon on the top menu to launch the data parse wizard. Select which method you want to parse data from (Drive Letter, Windows and Users Folder, or Individual Hives/Files) and then select the respective data to parse. Once complete you will see information similar to that shown in the above image.

Top 20 Free Disk Tools for SysAdmins

This article lists 20 of the best free tools for partitioning, cloning, diagnostics, repair, recovery, encryption, wiping or drive information and is intended to supplement the list provided on 101 Free SysAdmin Tools. Even if you may have heard of some of these tools before, I’m confident that you’ll find a gem or two among this list.

1. TestDisk

TestDisk allows you to repair boot sectors, recover deleted partitions, fix damaged partition tables, and recover deleted data, as well as copy files from deleted/inaccessible partitions. It works on a number of different file systems including FAT/NTFS/exFAT/ext2.
Note: Bundled with TestDisk is a companion application called PhotoRec. PhotoRec recovers photos, videos and documents from different storage media by going beyond the file system and looking for specific data blocks (i.e. clusters) belonging to the missing file(s).
TestDisk
When you first run TestDisk you are asked to choose whether you want a log file to be created. You are then given a list of partition table types to choose from (this will allow the application to use the correct signature when reading the partitions on all available disks), before being presented with a list of available hard drive partitions to perform a selected action on. The choice of actions you can perform on each partition include:
(1)    analysing the partition for the correct structure (and repairing it accordingly if a problem is found)
(2)    changing the disk geometry
(3)    deleting all data in the partition table
(4)    recovering the boot sector
(5)    listing and copying files
(6)    recovering deleted files
(7)    creating an image of the partition

2. EaseUS Partition Master Free

EaseUS Partition Master Free is a partition manager that allows you to resize, move, merge or split paritions, convert disks, recover deleted or lost partitions, check the partition for errors, migrate the OS to another HDD/SSD, perform disk defragmentation, and more.

2 EaseUS

When you launch EaseUS Partition Master Free, use the operations listed on the left hand pane or the top menu to perform an action against the selected partition(s).

3. WinDirStat

WinDirStat is a disk usage and clean-up utility that allows you to visualize how data is distributed across a disk and what types of data or which locations are hogging up most space.
WinDirStat
Once you’ve loaded WinDirStat and chosen which drives you’d like to analyse, you are presented with a tree view of the files and folders contained on each drive as well as a graphical representation showing which files are taking up most space. Clicking on a box within the graphic will display the file in question within the tree view on the left hand pane of the window.

4. CloneZilla

CloneZilla is a disk imaging and cloning tool that is also packaged with Parted Magic but originally available as a standalone tool in two versions; CloneZilla Live and CloneZilla SE (Server Edition). CloneZilla Live is a bootable Linux distribution that allows you to clone individual machines and CloneZilla SE is a package that you install and configure on a Linux distribution that allows you to push images to multiple clients simultaneously over the network.
CloneZilla-Live

5. OSFMount

Using this utility you can mount image files as drive letters and then browse the data directly. OSFMount supports image files such as DD, ISO, BIN, as well as VMWare Images (*.VMDK) and Nero Burning ROM Images (*.NRG). A neat additional feature of OSFMount is its ability to create RAM disks, useful if you want additional security (since everything within RAM will be flushed when the machine is shutdown) or need to store data that requires fast access times (such as browser cache, database files, etc.).
OSFMount
After you run OSFMount, go to File > Mount new virtual disk… to get started. Remember to leave “Read-only drive” checked, otherwise you risk overwriting data within the image you’ve just mounted.

6. Defraggler

Defraggler is a lightweight yet powerful defragmentation tool that allows you to defrag whole drives or selected files/folders. It has an intuitive interface that helps you to quickly visualize how much of the drive is fragmented and which files are causing most fragmentation.
Defraggler
Once you’ve performed an Analysis of the drive, you can use the Drive map to see which files are fragmented. Hover your mouse over a particular square on the map and click on it to display the files associated with that particular colour (e.g. fragmented, not fragmented, etc.).

7. SSDLife

SSDLife displays information about your SSD drive, its health status and estimated lifetime – all useful for helping you to plan ahead and take action accordingly.
SSDLife
SSDLife automatically detects the model of your SSD drive and displays information about it instantly upon loading the application.
Tip: Each SSD manufacturer should have their own SSD drive management software which gives information similar to SSDLife Free. For example, the “Intel SSD Toolbox” can be used with the SSD shown in the screenshot above to display health status, detailed device information, and estimated life remaining.

8. Darik’s Boot And Nuke (DBAN)

DBAN is a bootable application that forensically wipes hard drives to prevent identity theft. This tool is useful when you are recycling or decommissioning a server/workstation.
DBAN
The two main options in DBAN are Interactive mode and Automatic mode. Interactive mode allows you to select which drives to wipe and which options to use when wiping them. Automatic mode will automatically wipe all discovered drives – no questions asked!

9. HD Tune

HD Tune can measure the read/write performance of your HDD/SSD, scan for errors, check the health status and display drive information.
HDTune
Once you start the application, select the drive from the drop down list and navigate to the appropriate tab to view the information you need or start a scan accordingly.

10. VeraCrypt

VeraCrypt is an open-source encryption application that can encrypt entire drives/partitions. It can also create an encrypted volume that appears as a normal file but is only accessible when mounted via VeraCrypt using the provided password. VeraCrypt is built upon the now defunct TrueCrypt but fixes many of the vulnerabilities and security concerns that plagued TrueCrypt.
10 veracrypt
When you launch VeraCrypt, start by selecting a drive letter and clicking the “Create Volume” button. This will launch the Volume Creation Wizard which walks you through the process of encrypting a partition or creating an encrypted container file.

11. CrystalDiskInfo

CrystalDiskInfo is a hard drive health monitoring tool that displays drive information, disk temperature and monitors S.M.A.R.T attributes. CrystalDiskInfo can be configured to trigger an alert (i.e. write to the event log, send an e-mail or make a sound) when a certain threshold is reached, so it can be left to actively monitor the HDD and notify you automatically.
CrystalDiskInfo
The bar at the top displays all active hard drives. Clicking on each one will display the information for that drive. The Health Status and Temperature icons change colour depending on their value.

12. Recuva

In a few simple clicks, Recuva allows you to recover files from your computer that were accidentally deleted or that have become damaged or corrupt. The Quick-Start Wizard walks you through the recovery process by asking a couple of simple questions about what you want to recover and where you want to recover it from and then initiating a quick scan. You can skip the wizard and go straight to the application if you wish.
Recuva
From the Recuva interface, select the drive to scan from the drop down box on the left hand side, choose a pre-defined file type filter from the drop down box on the right hand side and then click “Scan” to get started. The filters can be edited to add or remove file types by extension. The Options button allows you to modify options such as enabling a Deep Scan (instead of a Quick Scan), changing the viewing mode, as well as increasing the secure overwriting method (how many times to overwrite a block of data).

13. TreeSize

An alternative to WinDirStat is a lightweight application called TreeSize. TreeSize quickly scans drives or folders and displays the folder sizes in descending order (by default) to help you pinpoint which folders are taking up most space. The NTFS Compression flag can be enabled directly from within the application.
Once installed, TreeSize can also be started from the context menu by right clicking on a drive or folder and selecting “TreeSize Free” which will automatically open an instance of the application and display the details for that drive or folder.
Note: When you have Defraggler, Recuva and TreeSize installed at the same time, you can initiate the Defraggler and Recuva features directly from within TreeSize for a given folder – all three applications integrate seamlessly.
TreeSize
Using the menu bar or the icons across the taskbar you can select options such as sorting by size or name, showing values in GB/MB/KB, displaying the percentage/file size/file count of the listed folders, and choosing which drives you wish to display details for.

14. HDDScan

HDDScan is a hard drive diagnostic utility used to test for disk errors, show S.M.A.R.T attributes, monitor disk temperature and perform a read/write benchmark.
HDDSCan
When you launch HDDScan, select the drive you wish to perform an action on from the drop down box on the left. Once selected, click the icon in the middle to get started.

15. Disk2vhd

Disk2vhd allows you to create a Virtual Hard Disk (VHD) of a live machine for use with Microsoft Virtual PC or Microsoft Hyper-V. This is a great tool for simulating your live environment within a virtual environment for testing purposes or if you wish to have a virtualized backup of your live environment for redundancy purposes.
Disk2VHD
Use of this tool is simple. Choose a name and location for the VHD file to be stored, select which volumes to include and click “Create”. Disk2vhd also has some command line options, allowing you to script the creation of VHD files.

16. NTFSWalker

NTFSWalker allows you to perform a low-level analysis of all records (included deleted data) within the MFT table of an NTFS drive. You can examine the properties of each record and extract its contents out to a file.
NTFSWalker
When you load NTFSWalker, you are first asked to select a disk to scan. Once you select the disk and confirm which partition you wish to view, the MFT records are displayed on the left hand pane and the details are displayed on the right hand pane. From the right hand pane, you can view the record properties, preview the file or review the contents in raw format (Hex Data).

17. GParted

GParted is an open-source application for managing partitions. Using GParted you can manipulate partitions (i.e. create, delete, resize, move, copy) and attempt to recover data from lost partitions on a vast amount of file systems.
GParted
GParted comes as a bootable CD which loads a Linux distribution containing the GParted application. When you download the ISO file you will need to burn the image onto a CD or follow the instructions to install it onto a bootable USB drive. When you launch GParted, you are presented with a list of partitions to choose from. Select the desired partition and choose an option to perform by right clicking on it, pressing an icon on the taskbar or navigating to an option on the menu bar.

18. SpeedFan

SpeedFan is a useful diagnostic utility that allows you to view details about the health of your machine, including hard disk temperatures and S.M.A.R.T (Self-Monitoring, Analysis and Reporting Technology) attributes.
SpeedFan
When you launch SpeedFan, the main tabs you will use for hard drive information are the Readings tab and the S.M.A.R.T tab. The Clocks tab can be used to compare temperature, voltage or fan speeds between two or more objects.

19. MyDefrag

MyDefrag is a disk defragmentation and optimization utility that offers fast performance with little overhead and a number of actions tailored towards different disk uses (e.g. an action specifically for defragging the system disk, an action specifically for defragging flash memory drives, or the ability to only analyse the disk). MyDefrag also allows you to create or customize your own scripts and has a command line version so you can schedule the running of the application at given times.
MyDefrag
When you launch MyDefrag, you are presented with a series of scripts to choose from. Each script performs a given action against the disk(s) chosen from the bottom pane. Once you’ve selected a script and checked the desired disk(s), hit “Run” to initiate the action.

20. DiskCryptor

An alternative to TrueCrypt is DiskCryptor. DiskCryptor is an easy-to-use open-source application that allows you to encrypt whole partitions using the TwoFish / AES / Serpent algorithms, or a combination of any of the three. DiskCryptor supports FAT12, FAT16, FAT32, NTFS and exFAT file systems, allowing encryption of internal or external drives.
DiskCryptor
When you launch DiskCryptor, select a partition and click “Encrypt” to get started. You will then need to select which encryption algorithm to use and will be asked to enter a password. The encryption process will begin as soon as you press “OK”.