Process Explorer

One of the key tools that allows for detailed examination of malware as it is executing is the Process Explorer. This tool is made as part of the Windows Sysinternal suite of tools and provides a no cost platform for analysts to gain a sense of what each process is running, their parent process as well as examining CPU usage. Simply download the application from the following site: https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx. Extract the contents and then double-click the version of Process Explorer (32-bit or 64-bit version) that is applicable. The following window will appear:

As can be seen, there ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.