Windows Server includes W32Time, the Time Service tool that is required by the Kerberos authentication protocol. The Windows Time service makes sure that all computers in an organization that are running the Microsoft Windows 2000 Server operating system or later versions use a common time. To guarantee appropriate common time usage, the Windows Time service uses a hierarchical relationship that controls authority, and the Windows Time service does not allow for loops. By default, Windows-based computers use the following hierarchy: How to configure an authoritative time server in Windows Server
Windows Incident Response I've run across a number of tools recently, some directly related to forensics, and others more related more to IR or RE work. I wanted to go ahead and put those tools out there, to see what others think... Memory Analysis There have been a number of changes recently on the memory analysis front. For example, Mandiant recently released their RedLine tool, and HBGary released the Community Edition of their Responder product. While we're on the topic of memory analysis tools, let's not forget the erstwhile and formidable Volatility. Also, if you're performing memory dumps from live systems, be sure to take a look at the MoonSol Windows Memory Toolkit.
Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption Luigi Auriemma Application: Microsoft WINS service http://www.microsoft.com Versions: <= 5.2.3790.4520 Platforms: Windows