Registry Editor
You can use Registry Editor to access and change the registry of the Windows operating system that you are analyzing or repairing. This includes adding, removing, and editing keys and values, and importing registry (.reg) files.
Locksmith
The Locksmith Wizard lets you set or change the password for any local account on the Windows operating system that you are analyzing or repairing. You do not have to know the current password. However, the password that you set must comply with any requirements that are defined by a local Group Policy object. This includes password length and complexity.
You can use Locksmith when the password for a local account, such as the local Administrator account, is unknown. You cannot use Locksmith to set passwords for domain accounts.
Crash Analyzer
Use the Crash Analyzer Wizard to quickly determine the cause of a computer crash by analyzing the memory dump file on the Windows operating system that you are repairing. Crash Analyzer examines the crash dump file for the driver that caused a computer to fail. Then, you can disable the problem device driver by using the Services and Drivers node in the Computer Management tool.
The Crash Analyzer Wizard requires the Debugging Tools for Windows and symbol files for the operating system that you are repairing. You can include both requirements when you create the DaRT recovery image. If they are not included on the recovery image and you do not have access to them on the computer that you are repairing, you can copy the memory dump file to another computer and use the stand-alone version of Crash Analyzer to diagnose the problem.
Running Crash Analyzer is a good idea even if you plan to reimage the computer. The image could have a defective driver that is causing problems in your environment. By running Crash Analyzer, you can identify problem drivers and improve the image stability.
File Restore
File Restore lets you try to restore files that were accidentally deleted or that were too big to fit in the Recycle Bin. File Restore is not limited to regular disk volumes, but can find and restore files on lost volumes or on volumes that are encrypted by BitLocker.
Disk Commander
Disk Commander lets you recover and repair disk partitions or volumes by using one of the following recovery processes:
Restore the master boot record (MBR)
Recover one or more lost volumes
Restore partition tables from Disk Commander backup
Save partition tables to Disk Commander backup
Disk Wipe
You can use Disk Wipe to delete all data from a disk or volume, even the data that is left behind after you reformat a hard disk drive. Disk Wipe lets you select from either a single-pass overwrite or a four-pass overwrite, which meets current U.S. Department of Defense standards.
Computer Management
Computer Management is a collection of Windows administrative tools that help you troubleshoot a problem computer. You can use the Computer Management tools in DaRT to view system information and event logs, manage disks, list autoruns, and manage services and drivers. The Computer Management console is customized to help you diagnose and repair problems that might be preventing the Windows operating system from starting.
Explorer
The Explorer tool lets you browse the computer’s file system and network shares so that you can remove important data that the user stored on the local drive before you try to repair or reimage the computer. And because you can map drive letters to network shares, you can easily copy and move files from the computer to the network for safekeeping or from the network to the computer to restore them.
Solution Wizard
The Solution Wizard presents a series of questions and then recommends the best tool for the situation, based on your answers. This wizard helps you determine which tool to use when you are not familiar with the tools in DaRT.
TCP/IP Config
When you boot a problem computer into DaRT, it is set to automatically obtain its TCP/IP configuration (IP address and DNS server) from Dynamic Host Configuration Protocol (DHCP). If DHCP is unavailable, you can manually configure TCP/IP by using the TCP/IP Config tool. You first select a network adapter, and then configure the IP address and DNS server for that adapter.
Hotfix Uninstall
The Hotfix Uninstall Wizard lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool when a hotfix or service pack is suspected in preventing the operating system from starting.
SFC Scan
The SFC Scan tool starts the System File Repair Wizard and lets you repair system files that are preventing the installed Windows operating system from starting. The System File Repair Wizard can automatically repair system files that are corrupted or missing, or it can prompt you before it performs any repairs.
Search
Before reimaging a computer, recovering files from the local hard disk is important, especially when the user might not have backed up or stored the files elsewhere.
The Search tool opens a File Search window that you can use to find documents when you do not know the file path or to search for general kinds of files across all local hard disks. You can search for specific file-name patterns in specific paths. You can also limit results to a date range or size range.
Standalone System Sweeper
The Standalone System Sweeper can help detect malware and unwanted software and warn you of security risks. You can use this tool to scan a computer for and remove malware even when the installed Windows operating system is not running. When the Standalone System Sweeper detects malicious or unwanted software, it prompts you to remove, quarantine, or allow for each item.
Malware that uses rootkits can mask itself from the running operating system. If a rootkit-enabled virus or spyware is in a computer, most real-time scanning and removal tools can no longer see it or remove it. Because you boot the problem computer into DaRT and the installed operating system is offline, you can detect the rootkit without it being able to mask itself.
Remote Connection
The Remote Connection tool in DaRT lets you remotely run the DaRT tools on an end-user computer. After certain specific information is provided by the end user (or by a helpdesk professional working on the end-user computer), the IT administrator can take control of the end user's computer and run the necessary DaRT tools remotely.
