{"id":2200,"date":"2013-11-25T03:10:29","date_gmt":"2013-11-25T03:10:29","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=2200"},"modified":"2013-11-25T03:14:30","modified_gmt":"2013-11-25T03:14:30","slug":"doing-things-faster","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2013\/11\/25\/doing-things-faster\/","title":{"rendered":"Doing things faster"},"content":{"rendered":"<p>Every once in a while I ask myself a question &#8211; what can I do to work faster?<\/p>\n<p>I strongly believe that complacency a.k.a. resting on one\u2019s laurels is the biggest enemy of the productivity; therefore, once in a while I go on a journey to hunt for the tips and tweaks that can improve my work environment. These come in a variety of forms &#8211; better hardware, newer software, alternative software, or&#8230; changing habits.<\/p>\n<p>Here is a bunch of tips that you may find useful\u00a0 &#8211; some are old, some are new, but these are tested and work in practice (note: these are all workstation- and Windows-centric). This is a direct continuation of my 2 older posts on how to <a title=\"Speeding up case processing\" href=\"https:\/\/www.hexacorn.com\/blog\/2012\/04\/20\/speeding-up-case-processing\/\">speed up<\/a> <a title=\"Speeding up case processing, part 2\" href=\"https:\/\/www.hexacorn.com\/blog\/2012\/05\/21\/speeding-up-case-processing-part-2\/\">case processing<\/a> and obviously, some repetitions are unavoidable \ud83d\ude42<\/p>\n<p>Here it goes&#8230;<\/p>\n<ul>\n<li>See more\n<ul>\n<li>Use at least two computer screens; I can&#8217;t imagine working with a single screen anymore. Whether it is a programming, forensic analysis or reversing session &#8211; it&#8217;s always good to have more space for information<\/li>\n<\/ul>\n<\/li>\n<li>See less\n<ul>\n<li>If you do a lot of multitasking, use virtual desktops &#8211; there are lots of programs that help creating virtual desktops, but the one that IMHO nails it is <a href=\"http:\/\/virtuawin.sourceforge.net\/\">VirtuaWin<\/a><\/li>\n<li>If you use multiple computers, use RDP instead of separate screens<\/li>\n<li>If you work at night, use <a href=\"http:\/\/justgetflux.com\/\">f.lux<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Multiple computers\n<ul>\n<li>If you must use multiple computers, you can use <a href=\"http:\/\/synergy-foss.org\/\">Synergy<\/a> to share one keyboard and mouse<\/li>\n<\/ul>\n<\/li>\n<li>Speeding-up data transfers\n<ul>\n<li>Invest in fast CPU, more memory<\/li>\n<li>Invest in SSD, USB 3.0<\/li>\n<\/ul>\n<\/li>\n<li>Killer-apps\n<ul>\n<li>Kill your Windows Explorer &#8211; this is the worst GUI interface to work with files; use <a href=\"http:\/\/www.ghisler.com\/\">Total Commander<\/a>, or <a href=\"http:\/\/www.farmanager.com\/\">FAR<\/a><\/li>\n<li>Use <a href=\"http:\/\/stevemiller.net\/puretext\/\">PureText<\/a> to copy &amp; paste text w\/o formatting<\/li>\n<li>Use <a href=\"http:\/\/www.brianapps.net\/sizer\/\">Sizer<\/a> to resize any window to an exact, predefined size &#8211; this is handy when you write reports and want to use normalized screenshots&#8217; sizes<\/li>\n<li>Migrate most of your tools to their portable versions; it&#8217;s very handy when you change the computer or travel (can always have the most up to date version of your software\/settings w\/o relying on cloud)<\/li>\n<\/ul>\n<\/li>\n<li>Virtualization\n<ul>\n<li>Build a fresh clone of your &#8216;working&#8217; image once in a while &#8211; not only a good chance to update software, but also set up\/fix settings that you find annoying (if you catch yourself doing the same thing over and over again after you revert to a snapshot -&gt; fix the image!)<\/li>\n<li>Move the most frequently used images to SSD drive<\/li>\n<li><a href=\"http:\/\/kb.vmware.com\/selfservice\/microsites\/search.do?language=en_US&amp;cmd=displayKC&amp;externalId=1664\">Turn the speaker off<\/a> for all virtual machines &#8211; this is pretty annoying and the link I provide allows to disable it for all images<\/li>\n<\/ul>\n<\/li>\n<li>SSD optimization\n<ul>\n<li>Remove hibernation file &#8211; if you don&#8217;t use hibernation, just run powercfg -H OFF &#8211; this may give you a few good GiBs back<\/li>\n<li>Remove pagefile.sys file &#8211; if you have enough memory, you don&#8217;t need pagefile<\/li>\n<li>Use junctions &#8211; for some reason Microsoft drops tones of rarely used files on the %SystemDrive% e.g. inside %SystemRoot%\\Installer or %SystemDrive%\\ProgramData\\ or their subfolders &#8211; these files can&#8217;t be simply deleted, but they &#8216;steal&#8217; the precious SSD space; in order to gain that space back, you can use junctions to move all this rarely used stuff to a slower partition (use mklink)<\/li>\n<li>Install less-often used software to other partitions<\/li>\n<li>Do a clean up once in a while<\/li>\n<\/ul>\n<\/li>\n<li>Regionalization\n<ul>\n<li>Change date\/time format to YYYY-MM-DD hh:mm:ss in both Regional Setting of your OS and forensic software e.g. Encase; it makes a HUGE difference when you look at timelines<\/li>\n<\/ul>\n<\/li>\n<li>Fonts\n<ul>\n<li>If you code, use <a href=\"http:\/\/hivelogic.com\/articles\/top-10-programming-fonts\">programming fonts<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Reading\n<ul>\n<li>If you read PDFs, swap Acrobat with <a href=\"http:\/\/blog.kowalczyk.info\/software\/sumatrapdf\/download-free-pdf-viewer.html\">Sumatra<\/a><\/li>\n<\/ul>\n<\/li>\n<li>.NET decompiling\n<ul>\n<li><a href=\"http:\/\/ilspy.net\/\">ilspy<\/a> does it pretty well<\/li>\n<\/ul>\n<\/li>\n<li>Regedit\n<ul>\n<li>Add Favorites to most commonly used registry keys &#8211; you can use <a href=\"http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb963880.aspx\">RegJump<\/a> from Sysinternals to quickly navigate to the specific key<\/li>\n<\/ul>\n<\/li>\n<li>IDA, Hex-Rays Decompiler &amp; OllyDbg\n<ul>\n<li>Build a habit of collecting plugins and scripts &#8211; sometimes even if not immediately useful, a source code of an existing script\/plug-in can save you a lot of time of coding;\u00a0 <a href=\"https:\/\/www.hex-rays.com\/contests\/index.shtml\">Hex-Rays Plug-In Contest<\/a> is a good start to pick up a few plugins (note: some of them crash randomly &#8211; it&#8217;s not a production-ready code, so best is to have them disabled by default and enable when you need it; some of these plugins also slow down the decompiling)<\/li>\n<\/ul>\n<\/li>\n<li>Procmon\/Regmon\/Filemon\n<ul>\n<li>Build a list of filters and save it<\/li>\n<li>Add highlighting for operations that modify stuff (e.g. write operation)<\/li>\n<\/ul>\n<\/li>\n<li>Process Explorer\n<ul>\n<li>Let&#8217;s face it &#8211; it has to be retired as it&#8217;s way behind <a href=\"http:\/\/processhacker.sourceforge.net\/\">Process Hacker<\/a><\/li>\n<li>If you really need to use it &#8211; if you use a 64-bit system Process Explorer (which always starts as a 32-bit process) extracts the 64-bit version of Process Explorer and then runs it; you can extract this 64-bit version directly from the 32-bit .exe and rename it as procexp.exe; the alternative way is to run Process Explorer 32-bit, then copy the 64-bit version from the Temp folder &#8211; next time you run procexp.exe, you will run the 64-bit version directly &#8211; always one process less to run<\/li>\n<\/ul>\n<\/li>\n<li>Temp folder\n<ul>\n<li>Clean up temp. folder regularly; some forensic software drops large files into your temp and it just stays there<\/li>\n<\/ul>\n<\/li>\n<li>Chrome cache\n<ul>\n<li>If you use Chrome and download large files &#8211; the temp\/cache files end up stored in the program&#8217;s directory forever; it&#8217;s a good habit to have a look at it once in a while and remove it (look for a &#8216;File System&#8217; folder)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Every once in a while I ask myself a question &#8211; what can I do to work faster? I strongly believe that complacency a.k.a. resting on one\u2019s laurels is the biggest enemy of the productivity; therefore, once in a while &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2013\/11\/25\/doing-things-faster\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/2200"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=2200"}],"version-history":[{"count":4,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/2200\/revisions"}],"predecessor-version":[{"id":2204,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/2200\/revisions\/2204"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=2200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=2200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=2200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}