We’ll start with an introduction on what happens when a process request something form the OS and then we’ll dive into procmon and how we can use some of its features to understand and hunt malware. ![]() To keep the documentation simple, I’ve used the easiest example so that an end-user understands clearly how to efficiently track registry and file system events using Process Monitor & generate the log file.In this third part, we’ll be taking a look at the powerful “Process Monitor” or “procmon” for short. Also, don’t forget the compress (.zip) the log file first. If you’re going to send me a Process Monitor log, make sure you enable the All Events option when saving the log file. Look at the graphic below. You certainly want to zip the log file before sending it to someone.Įditor’s note: I usually suggest my clients save the log with the All events option so that the diagnosis can be more accurate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |