New at NirSoft

[billon]

Added to the database, please vote

[billon]

EdgeCookiesView

https://www.nirsoft.net/utils/edge_cookies_view.html

EdgeCookiesView is a tool for Windows that displays the cookies stored by newer versions of Microsoft Edge Web browser (Starting from Fall Creators Update 1709 of Windows 10). It also allows you to select one or more cookies and then export them to tab-delimited, csv file, html file, or to a file in cookies.txt format. You can read the cookies from the current running system or from the WebCacheV01.dat database on external hard drive.

EdgeCookiesView vs IECookiesView

IECookiesView is very old tool originally developed in 2002 (!) and it still works with earlier versions of Edge Web browser that store the cookies in text files, exactly like Internet Explorer. But starting from Fall Creators Update 1709 of Windows 10, the cookies of Microsoft Edge Web browser are stored in the WebCacheV01.dat database together with the history and cache information, so IECookiesView cannot read the cookies of Edge anymore.
EdgeCookiesView is a new tool designed to read the cookies from the WebCacheV01.dat database.

[billon]

Added to the database, please vote

[billon]

AppReadWriteCounter

https://www.nirsoft.net/utils/app_read_ ... unter.html

AppReadWriteCounter is a tool for Windows that counts and displays the current file read/write operations of every application running on your system. It displays the number of read/write bytes, the number of read/write operations, current calculated read/write speed, and the details about the application (product name, product version, and so on) that makes the file read/write operations.

[billon]

Added to the database, please vote

[billon]

ProcessTCPSummary

https://www.nirsoft.net/utils/process_tcp_summary.html

ProcessTCPSummary is a simple tool for Windows that displays a summary of all process that have TCP connections or listening UDP ports. For every process, this tool displays the total number of TCP connections, number of TCP connections for each status (Established, Listening, Syn-Sent, Syn-Received...), number of IPv4 TCP connections, number of IPv6 TCP connections, common port numbers, and more...
If you run ProcessTCPSummary as Administrator, you can also watch the number of TCP/UDP bytes sent and received by every process as well as the current send/receive speed.

[billon]

Added to the database, please vote

[webfork]

Added to the database, please vote[/url]

Voted for both, thanks for adding. Great to see NirSoft is still putting together some really great Windows analysis tools.

[billon]

FileActivityWatch

https://www.nirsoft.net/utils/file_activity_watch.html

FileActivityWatch is a tool for Windows that displays information about every read/write/delete operation of files occurs on your system. For every file, FileActivityWatch displays the number of read/write bytes, number of read/write/delete operations, first and last read/write timestamp, and the name/ID of the process responsible for the file operation.

[billon]

Added to the database, please vote

[billon]

AllThreadsView

https://www.nirsoft.net/utils/all_threads_view.html

AllThreadsView is a simple tool for Windows that displays a list of all running threads from all processes on your system in one table. For every thread, the following information is displayed: Thread ID, Creation Time, Kernel Time, User Time, Duration, Start Address, Priority, Base Priority, Context Switch Count, Context Switch Change (Since the last refresh), Wait Reason, Process ID, Process Path.

[billon]

Added to the database, please vote

[billon]

OfflineRegistryFinder

https://www.nirsoft.net/utils/offline_r ... inder.html

OfflineRegistryFinder is a tool for Windows that allows you to scan Registry files from external drive and find the desired Registry keys/values/data according to the search criteria you define. After OfflineRegistryFinder displays the search result, you can easily select one or more items and then export them into a .reg file that can be used to import in the RegEdit tool of Windows.

OfflineRegistryFinder can also be used for Registry scan of your running operating system. You simply have to create a Registry snapshot, and then scan this snapshot with OfflineRegistryFinder. Searching in a Registry snapshot is usually much faster then searching in the Registry of running system.

Search in the Registry of your running operating system

If you want to search in the Registry of your running operating system, simply click the 'Create Registry Snapshot' button, choose the folder to create the snapshot and the Registry hives to dump, and then click the 'Create Snapshot' button.
After the snapshot is created, the snapshot folder is filled in the folder field and then you can run your searches.
Be aware that creating a Registry snapshot requires elevation (Run As Administrator).

Searching in older version of the Registry

If you accidentally deleted a Registry key/value, you can try to find it by searching in a shadow copy. If you have shadow copy on your system, it'll be added to the top combo-box (It looks like \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 )
Simply choose the shadow copy in the top combo box, click the 'Automatic Fill' button and then run your search. Be aware that for searching in HKEY_LOCAL_MACHINE of a shadow copy, you must run OfflineRegistryFinder as Administrator.

[billon]

Added to the database, please vote

[billon]

LiveTcpUdpWatch

https://www.nirsoft.net/utils/live_tcp_udp_watch.html

LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system. Every line in the main table of LiveTcpUdpWatch displays the protocol (TCP/UDP/IPv4/IPv6), local/remote IP address, local/remote port, number of sent/received bytes, number of sent/received packets, connect/disconnect time (For TCP only), and the process (ID and path) responsible for this activity.

LiveTcpUdpWatch vs CurrPorts vs NetworkTrafficView

This tool may look very similar to other tools of NirSoft - CurrPorts and NetworkTrafficView, but every tool behave differently and uses different technique to extract the network information.

• CurrPorts displays the current table of active TCP connections and TCP/UDP listening ports. but this technique has some disadvantages, for example, if UDP packets are sent from your computer to remote network address, you won't see it with CurrPorts, because with UDP there is no really a connection and the UDP table contains only listening UDP ports. The advantage of CurrPorts is the ability to use it without elevation (Run As Administrator).
• NetworkTrafficView uses network sniffing technique - It analyzes every packet sent/received by your network card and displays extensive summary according to the display mode you choose. The disadvantages of this tool: You have to choose a network card and capture method for activating the network sniffer.
• LiveTcpUdpWatch uses event tracing API to get live information from Windows Kernel about every TCP/UDP packet sent/received on your system. As opposed to CurrPorts, it captures all UDP activity with process information, but without the need of using a network sniffer.