• Windows XP / Vista / 7: missing, lost or not found DVD drive

    19 July 2011 Author: Stefano Prenna
    No comment yet

    One of the most common issues using Windows 7 is that sometimes it seems that your CD/DVD drives disappears and there is no way to have them back!

    This not only used to happen on Vista previously, but it was happening in Windows XP as well…

     

    Missing CD or DVD

    So, how do you fix this in XP?

    Easy, you open the Registry Editor and in the navigation pane, locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4D36E965-E325-11CE-BFC1-08002BE10318}

    In the right pane, you should have UpperFilters. Click on it. You may also see an UpperFilters.bak registry entry but you do not have to remove it. Click UpperFilters only. On the Edit menu, click Delete and confirm the deletion by choosing “Yes“. If you do not see the UpperFilters registry entry, you still might have to remove the LowerFilters registry entry. Again, click on Edit and delete it.

    At the end you can close the Registry Editor and reboot the machine. Problem solved…

    How do you fix that in Vista? Well, in the same way… And how do you fix it in Windows 7? Mmm, again, in the same way.

    So why is this happening? Is something that has not been properly fixed by Microsoft?

    To be honest these keys are not normally created on a standard Windows 7 machines, but are actually related to Filter Drivers that allow the existing Microsoft CD/DVD drivers to use external modules to perform specific operations. Typical example is the filter driver installed by burning software. This kind of software needs to perform special operations that are not covered by the standard Microsoft drivers and that’s why they need to extend those functionalities.

    In fact by deleting those keys you may then notice that some function of your 3rd party burning software is not performing as expected or that is not working at all. Reinstallation of the software will restore those keys and fix the driver (module) used to extend the standard Microsoft’s driver.

  • How to: copy the text of a Windows message box in the clipboard

    17 June 2011 Author: Stefano Prenna
    No comment yet

    Paper & Pen

    Ever had the need to copy the text of a message box into the clipboard to send it to somebody via email, chat or maybe your favourite ticket management tool?

    If the answer is yes and you’ve always copied manually the text or taken a screenshot, maybe it will be interesting for you to know that there is a faster/better way to do it: CTRL+C

    Yes, if you press CTRL+C on the message box window the box title, text and even button text will be copied to the clipboard…

    Let’s see an example with the sample message box below:

    Sample Error Message Box

    Now make sure your window is active and press CTRL+C. If you now open a notepad and paste (CTRL+V) the content of the clipboard you’ll see:

    —————————
    – Test Box –
    —————————
    This is a test

    message box
    —————————
    OK
    —————————

    As you can see, the text is divided in three sections (separated by “—————————”) where the first one is the title, the second one is the message itself and the last one is the button content.

    I’m sure that this little tip will be very useful for you at some point… Support life is filled with message boxes and error messages that must be copied in search engines, knowledge bases, ticket tools…

  • Tutorial: computer forensic analysis – how to recover lost or hidden data (on both Win/Ubuntu)

    19 May 2011 Author: Stefano Prenna
    No comment yet

    Magnifying Glass

    No matter what but if you work in the IT support business you will have to deal with user’s data. You will have some interesting tasks assigned like:

    1. Recover data from somebody else’s pc (Live Capture);
    2. Restore deleted data (Data reconstruction);
    3. Network Investigation;
    4. Wipe data.

    We need to remember that the machines we use in a corporate environment are property of the company which bought them. Even the data located on those machines are property of the same company. This means that you can receive some requests that look like something that should be done by a computer forensics expert.

    In this article I will list some of the most used freeware tools for both Windows and Linux to recover data from a forensic point of view.

    What we can recover?

    There are software available to recover almost every kind of file (images, music, video, documents like word, excel, etc).

    The basic idea is that every kind of file has one or more parts in common (like the header, just to give an example). This means that if we are looking for a specific kind of file we can use the right tool to not only undelete files, but to focus on the ones we really need and try to better recover the ones which have been partially overwritten.

    Headache

    From where we can recover?

    The options we have are basically two:

    1. Recover lost information from RAM (if the machine has not been turned off)
    2. Recover lost information from DISK (file has been deleted from OS)

    How do we recover?

    There are different toolsets, frameworks and even small freeware utilities available. Some of them are free others are quite expensive. I’ll put a small list here and I’ll try to cover each one of them in a different, specific article during the next days.

    Caine: www.caine-live.net/

    MDD: http://sourceforge.net/projects/mdd/

    The Volatility Framework: https://www.volatilesystems.com/default/volatility

    Windows Forensics Toolchest: http://www.foolmoon.net/security/wft/screenshots.html

    PTK: http://ptk.dflabs.com/

    Ocfa: http://sourceforge.net/apps/trac/ocfa

Previous Page Next Page