Chapter 21. Understanding system behavior
Unlike those in the last several chapters, the cases in this chapter aren’t about troubleshooting failures, but about explaining normal (or at least harmless) observed behavior. Two of the cases demonstrate using Microsoft Windows PowerShell to analyze and extract data from Procmon traces saved as XML.
In “The Case of the Q: Drive,” three lesser-known tools—DiskExt, WinObj, and SigCheck—are brought to bear to explain a mysterious drive letter.
“The Case of the Unexplained Network Connections” is explained ...
Get Troubleshooting with the Windows Sysinternals Tools now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.