Windows SysInternals Suite
Description
Windows OS usually comes with a nice set of administrative tools to help diagnose problems and suspicious activity within the system. However, available for download is an additional admin tool suite that offers so much more. Not to mention. It's free.
SysInternals includes some of the following utilities:
Process Explorer - Task manager on steroids
Process Monitor - Monitors for network activity from almost any process
Autoruns - Specifics on startup processes
AND MORE...
Basically any reputable Windows troubleshooter will be using these tools.
Personal Review
SysInternals is great. It's a bunch of free tools to help you go deeper into your Windows forensic analysis that you thought possible. It would be nice if there could be one tool that sort of combines all the features but hey, for free, I really have no reason to be complaining... and I'm not. I have found SysInternals to be EXTREMELY helpful but there are still A LOT of tools in the suite that I haven't used and am still unfamiliar with. I guess that's because you can still accomplish a lot with just the big ones. I hope to become more familiar with the other tools over time.
Personal Usage Notes
When using Windows SysInternals take some time to go to the site and learn about each of the tools. Often there are options inside each tool that can help expand your information depending on your investigation. Watch some tutorial videos so you know and can recognize which tools will help you best in which situations.
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletephysical evidence forensic science
ReplyDeletephysical evidence forensic science
physical evidence forensic science
Physical Forensics Lab
Physical Forensics Lab