5 Investigating Suspicious Process Execution Using Windows Event Logs

Everything in the Windows environment is tied to a Windows process, including attackers’ actions and activities. The running processes in a Windows system may be legitimate processes related to normal Windows and user activities such as system startup, browsing, updates, and so on, or they may be malware processes. As a SOC analyst, incident responder, or threat hunter, it is crucial to learn how to differentiate between legitimate Windows processes and malware processes as well as how to investigate the process attributes.

The objective of this chapter is to teach you what a process is; the relationships between processes; process types; the most common Windows standard processes; ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

5

Investigating Suspicious Process Execution Using Windows Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly