![]() ![]() There should only be one system process running.Created by ntoskrnl.exe via the process manager function, which creates and terminates processes and threads.On this article, Patrick Olsen has developed a simple list of base processes, focused on Windows 7: Idle and System Useful in forensics analysis and incident responseĭuring the analysis phase, after (for example) a system compromization, is very important to know the standard Windows processes, in order to have a ‘baseline’ useful to make a ‘diff’ with the compromised system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |