In my older post I talked about various things one can do to speed up case processing – this post is a quick follow up with some more hints; again, it is very Windows-centric.

Let’s start with simple things:

• Use multiple computers with one keyboard and mouse – use Synergy to control them
• Use multiple monitors
• Use VNC to peep at the guest system if you use VMware – it’s often faster
• Use VirtualKD to work faster with windbg/vmware
• Rename tools – change long names to shorter e.g.

• grep -> g
• strings -> s
• hexview ->h
• and so on and so forth
• If you do the same task more than once, write quick and dirty batch files, scripts (bat, cmd, vbs, vba, powershell, autoit, etc.) and keep them all in a repository so you can always leverage the snippets; you don’t need to build libraries, simple copy&paste is often good enough

• example: if you often unpack SQLITE databases, avoid dumping the databases manually; write a batch file e.g. u_sql.bat and put there sth along the lines

md unpacked
for %%k in (*.*) do echo .dump|sqlite3 "%%k" > "unpacked\%%k.txt"

when ran, it will dump the databases into text files that can be easily grepped

• another example: if you often unpack archives, avoid clicking the GUI; write a batch file e.g. u_arc.bat and put there sth along the lines

md unpacked
for %%k in (*.*) do "c:\program files\winrar\winrar.exe" -IBCK x -r -y "%%k" "unpacked\%%k\"

when ran, it will unpack all archives into unpacked\archive_name

• Record macros and replay them (for mundane tasks – eg. if you need to fill in some stupid forms multiple times)
• Learn to efficiently use Excel, in particular:
• keyboard shortcuts (go ahead, and try: CTRL+`, CTRL+1, CTRL+;, CTRL+SHIFT+8, CTRL+PAGE DOWN, CTRL+PAGEUP, and then go to Excel help and read about all shortcuts)
• Pivot tables (great for histograms and quick statistics)
• Excel formulas e.g. VLOOKUP, HLOOKUP, CHAR, LEFT, FIND, etc.
• Useful functions like Copy Formulas, Copy with Transposition, Copy Values only
• Sorting and Advanced filtering
• The same applies to Word
• Learn about styles and stylesheets
• Avoid changing default settings
• Disable irritating functions
• Avoid lower-quality software
• You will lose time fighting with random crashes, badly designed UI, and lots of imperfections that steal your time; good (bad) example is OpenOffice – it is good for simple editing tasks, but it does not solve problems that MS Office solved many years ago and productivity-wise is way behind
• Avoid tools that are NOT ready to be used immediately after downloading
• The rule of a thumb is that you want to use the tool, not waste your time compiling/fixing bugs, etc.
• If you are into research it’s of course fine, but if you want to do your work faster – AVOID wasting time on it; if it doesn’t compile, don’t try to build it and fix bugs
• Set up environment to include paths to all your tools; if you run a tool and Windows Explorer pops up instead, you are doing it wrong 🙂 and your PATH should be fixed
• Use PATHEXT to run scripts directly from command line w/o specifying the interpreter
• Use Registry tweaks to disable animations, and other fancy stuff
• Autostart all the tools/services you frequently use and kill all the tools you don’t use (be brutal with services.msc or autoruns)
• Use Registry tweaks to have a decent context menu that you use to quickly run some tool over the analyzed file e.g.:
• HKEY_CLASSES_ROOT\*

as seen in the Regedit:

• HKEY_CLASSES_ROOT\exefile

as seen in the context menu

That’s all for today.