Folks it just occured to me that I haven't formally introduced you to a colleague of mine, Tim Rains.Tim Rains is also a tech-lead on the PSS Security team and is an avid C++ coder (un-like me who despises the language). In fact Tim has a long and distinguished track record of writing a number of useful utilities over the years (some even more well known than my Autodump+ vbscript! <G>) many of which are used every day by PSS and some of which are used every day by PSS Security.
He has recently released a new tool to the web - Promqry (we've gotta work on his tool name creativity). You can read more about it here:http://www.entmag.com/news/article.asp?EditorialsID=6557
Tim also maintains his own blog located here that I highly recommend checking out:http://blogs.msdn.com/tim_rains/
In the future I'm going to try and get the other tech-leads on the PSS Security team to publish informative posts like the ones I have done on recent interesting hacking cases we've been involved in so that I do not become a single point of failure in the sharing process. :) Maybe I can convince them to start a dedicated PSS Security blog that anyone from the team can post to . . . hmmmm.
Tim is currently in the process of taking WOLF (Windows Online Forensics - our live response toolkit that we use to collect data from customers systems) to the next level with numerous improvements that only moving to compiled code can give you (it will no longer be a batch file).
As a finaly FYI before you ask - no, WOLF is not available for public download for many reasons. One of the better reasons is that we redistribute numerous 3rd party tools (with permission of course) and per the terms of our licensing agreement we are allowed to send WOLF to customers on an as-needed basis but we are not allowed to post WOLF for public download. As we continue to improve the data collection piece of our incident response process this may change in the future but right now we are not allowed to distribute WOLF broadly or post it for public download - sorry.