NTP supports several different packet types. Typically, NTP clients and Simple Network Time Protocol (SNTP) clients send client mode request packets to an NTP server. The NTP server responds with a server mode packet. To configure the W32time service to send symmetric active mode packets instead of client mode packets to an NTP server, open a command prompt, type the following command, and then press Enter: How to configure an authoritative time server in Windows Server
Windows Incident Response I've run across a number of tools recently, some directly related to forensics, and others more related more to IR or RE work. I wanted to go ahead and put those tools out there, to see what others think... Memory Analysis There have been a number of changes recently on the memory analysis front. For example, Mandiant recently released their RedLine tool, and HBGary released the Community Edition of their Responder product. While we're on the topic of memory analysis tools, let's not forget the erstwhile and formidable Volatility. Also, if you're performing memory dumps from live systems, be sure to take a look at the MoonSol Windows Memory Toolkit.
Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption Luigi Auriemma Application: Microsoft WINS service http://www.microsoft.com Versions: <= 5.2.3790.4520 Platforms: Windows