Handle v4 : Handle is a command-line utility that can show which processes have a handle to a file or other resource open, or show all open handles. Version 4 now works with standard-user rights, allowing standard users to identify the handles open by...

Autoruns v12.02 : This fixes a bug that could cause Autoruns to crash on startup, updates the image path parsing for Installed Components to remove false positive file-not-found entries, and correctly reports image entry timestamps in local time instead...

Sysmon v1.0 : We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp...

Mark's Latest Novel, Rogue Code : The third book in Mark’s Jeff Aiken technothriller series was published on May 20. In Rogue Code , Jeff is hired to penetration test the New York Stock Exchange. When he reaches the heart of the trading engine...

Autoruns v12.0 : This release of Autoruns, a Windows application and command-line utility for viewing autostart entries, now reports the presence of batch file and executable image entries in the WMI database, a vector used by some types of malware. ...

AccessChk v5.2 : This release of AccessChk, a security command-line utility that reports the effective access and permissions of files, registry keys, processes, and more, adds support for file and printer shares. In addition, it adds filtering options...

Process Explorer v16.02 : This minor update adds a refresh button to the thread’s stack dialog and ensures that the Virus Total terms of agreement dialog box remains above the main Process Explorer window. Process Monitor v.3.1 : This release...

Process Explorer v16.0 : This release fixes a bug that could cause a crash when the VirusTotal column is added to the process view, and another that could cause a crash when verifying digital signatures. Sigcheck 2.02 : This release fixes a bug that...

Process Explorer v16.0 : Thanks to collaboration with the team at VirusTotal, this Process Explorer update introduces integration with VirusTotal.com, an online antivirus analysis service. When enabled, Process Explorer sends the hashes of images and...

Disk2vhd v2.01 : This update fixes a bug that could result in Disk2vhd crashing when converting to VHDX format and adds a command-line switch, -c, to have Disk2vhd use online copy instead of Volume Shadow Copy. PsPing v2.0 : This is a major release...

Coreinfo v3.21 : CoreInfo is a command-line tool for reporting processor topology, NUMA performance, and processor features. The v3.21 release adds microcode reporting. Disk2vhd v2.0 : Disk2vhd, a utility for performing physical-to-virtual conversion...

RAMMap v1.32 : This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8. Sigcheck v2.01 : This update fixes a bug in the handling of the -u option that sometimes resulted in Sigcheck reporting signed files.

RAMMap v1.31 : This update fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.

PsExec v2.0 : PsExec, a popular utility for executing processes on remote systems, introduces a new option, -r, that specifies the name PsExec assigns to its remote service. This can improve performance when multiple users are interacting concurrently...

Autoruns v11.70 : This release of Autoruns, a powerful utility for scanning and disabling autostart code, adds a new option to have it show only per-user locations, something that is useful when analyzing the autostarts of different accounts than the...

Autoruns v11.62 : This release fixes a bug in version 11.61’s jump-to-image functionality.

Mark’s TechEd Sessions Available On-Demand : Mark delivered four top-rated sessions at Microsoft’s TechEd US conference two weeks ago, and the recordings are available now for on-demand viewing. In Windows Azure Infrastructure Services, he...

Autoruns v11.6 : Autoruns is a utility for enumerating and disabling executables and DLLs configured to activate in dozens of autostart registration points. This update fixes some minor bugs and adds Authenticode SHA1 and SHA256 hash reporting to Autorunsc...

AccessChk v5.11 : AccessChk, a command line utility for dumping the effective permissions and security descriptors for files, registry keys, processes, tokens, object manager objects, now prefixes Windows 8 application container SIDs with the word “Package”...

Autoruns v11.5 : This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic...

Pendmoves v1.2 : This update to Pendmoves adds support for 64-bit directories. Process Explorer v15.3 : This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups...

Autoruns v11.42 : This release fixes a bug in the parsing of network file paths introduced in v11.41.

Autoruns v11.41 : This Autoruns update reports the hosting image target of link shortcut references. Handle v3.51 : This minor update to Handle, a command-line utility that dumps process handle tables, fixes a bug in its file share drive letter formatting...

Autoruns v11.4 : Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12 : This Procdump update fixes a...

ZoomIt v4.41 : This update fixes a bug in ZoomIt v4.4 that prevented it from running on 32-bit Windows XP.