AccessChk v5.11: AccessChk, a command line utility fordumping the effective permissions and security descriptors for files, registrykeys, processes, tokens, object manager objects, now prefixes Windows 8application container SIDs with the word “Package”, and includes several minor bug fixes. Procdump v6.0: Procdump is an advanced utility forcapturing process memory dumps based on a variety of triggers including CPUusage, memory usage, performance counter values, and exceptions. Version 6.0 isa major upgrade that adds the ability to specify multiple filters, attach to aprocess by service name, and display/filter on the message text of a CLR orJScript exception. RAMMap v1.22: RAMMap is a graphic utility that showsthe breakdown of physical memory usage across different dimensions. Thisrelease fixes a bug that could cause a crash when accessing the cached filespage when a cached file’s name exceeded a certain length. Strings v2.51: This update to Strings, a command-lineutility that prints a file’s embedded Unicode and ASCII strings, fixes a signedfile offset printing bug.
Autoruns v11.5: This update to Autoruns, a utility for managing autostarting applications and components, now reports the image timestamp of executables and the last-modified timestamp of other file types and autostart locations to help with forensic analysis. The jump-to-entry feature is also improved to navigate directly to files rather than their parent directory. Disk Usage (Du) v1.5: Du, a command-line utility for reporting the disk space consumed by directories and their files, has expanded CSV output that includes file and directory counts, as well as an option for tab-delimiting, which is a format more convenient for import into Excel than comma-delimited. ProcDump v5.14: This release of Procdump, a command-line utility that enables the capture of process dumps based on numerous trigger types including on-demand, doesn’t report process exceptions unless the exception trigger is specified. Process Monitor v3.04: Procmon, a power system activity monitor, now includes support for new Windows 8 file information query types and fixes a bug in the tooltip handling. Registry Usage (RU) v1.0: Ru (Registry Usage) is a new command-line utility that reports the size, value and subkey counts of registry keys. Like its Sysinternals Du (Disk Usage) counterpart, Ru can help you find the keys that contribute to registry bloat.
Pendmoves v1.2: This update to Pendmoves adds support for 64-bit directories. Process Explorer v15.3: This major Process Explorer release includes heat-map display for process CPU, private bytes, working set and GPU columns, sortable security groups in the process properties security page, and tooltip reporting of tasks executing in Windows 8 Taskhostex processes. It also creates dump files that match the bitness of the target process and works around a bug introduced in Windows 8 disk counter reporting. Sigcheck v1.91: This update to Sigcheck prints the link time for executable files instead of the file last-modified time, and fixes a bug introduced in 1.9 where the –q switch didn’t suppress the print out of the banner. Zoomit v4.42: Zoomit now includes an option to suppress zoom-in and zoom-out animation to better support remote RDP sessions and fixes a bug that caused static zoom to snap to the top and left side of the screen in some cases.
Autoruns v11.42: This release fixes a bug in the parsing of network file paths introduced in v11.41.