LiveKd v5.4This update to Livekd, a tool that enables live kernel debugging for Windows systems and Hyper-V guest Windows virtual machines, now includes ‘live dump’ support for generating fast-snapshot crash-consistent kernel dump files using support introduced in Windows 8.1 and Windows Server 2012 R2. Autoruns v13.2In addition to bug fixes to CSV and XML output, Autorunsc introduces import-hash reporting, and Autoruns now excludes command-line and other host processes from the Microsoft and Windows filters. Sigcheck v2.2This release of Sigcheck, a command-line tool that reports file version, code signing, and hash information, introduces import-hash reporting and support for files larger than 4 GB. Process Explorer v16.05Process Explorer now includes a Protection column that shows process protection status.
Autoruns v13.01 This release fixes a bug in v13 that caused autostart entry lines not to show when you enter a filter string into the toolbar's filter control
Autoruns v13.0 This major update to Autoruns, an autostart execution point (ASEP) manager, now has integration with Virustotal.com to show the status of entries with respect to scans by over four dozen antimalware engines. It also includes a revamped scanning architecture that supports dynamic filters, including a free-form text filter, a greatly improved compare feature that highlights not just new items but deleted ones as well, and file saving and loading that preserves all the information of a scan
Sysmon v2.0This major update to Sysmon, a service that records process activity to the Windows event log for use by incident detection and forensic analysis, includes driver load and image load events with signature information, configurable hashing algorithm reporting, flexible filters for including and excluding events, and support for supplying configuration via a configuration file instead of the command line. AccessChk v5.21This update to Accesschk, a command-line utility that shows effective and actual permissions for registry keys, files, services, kernel objects, and more, adds an option to report permissions as SDDL strings, adds new process permission types, and fixes a bug with showing process security descriptors. RU v1.1RU (Registry Usage), a command-line tool that shows registry usage by key, now supports loading hive files (with the side-effect of compressing them when done) and reports last write timestamp in CSV output.