Computer Forensics

The tools I use for computer forensics.

Windows

  • Recuva – Excellent at recovering data from Windows partitions and free to boot.
  • UFS Explorer – Not free, but is able to recover from linux partitions (Recuva is better for FAT/NTFS)
  • explore2fs – Access linux partitions from Windows. Free.
  • HFSExplorer – Access Mac partitions from Windows

Linux

  • Hiren’s Boot CD – Contains an impressive lineup of programs for computer forensics, but its legal status is often debated.
  • Trinity Rescue Kit – A live distro with backup programs, Midnight Commander, testdisk, shell and other good stuff. Legal!

Too Many Connections to Terminal Server

If enough remote desktop users end their sessions by just closing the window instead of clicking Log Off you can run into the following error:


The terminal server has exceeded the maximum number of allowed connections

Here is how you can resolve the situation by ending the hanging connections.

Type the following in a dos prompt:

mstsc /v:<ip to remote machine> /admin

Once logged in, go to Start -> All Programs -> Administrative Tools -> Terminal Services Manager

Now on click on the name of the remote machine in the left panel and the logged in users will be shown in the right panel.

Right-click on each one and click Reset.