WMI

If you haven't played with WMI yet, check out these ISC diary articles by Mr. Incident Response himself, Ed Skoudis. Ed is top of the field in incident response and forensics, a fantastic teacher for SANS and a pretty funny guy to boot! But I digress... WMI, which stands for Windows Management Instrumentation, is a framework built into Windows XP Pro and above, for managing local and remote nodes. It has some really useful functionaility as a reporting tool for investigating security issues on the box. Read and enjoy...


http://isc.sans.org/diary.html?date=2006-03-30
https://isc.sans.org/diary.html?storyid=2376
http://isc.sans.org/diary.html?storyid=1622