Know your Windows Processes or Die Trying | System Forensics

I have been talking with quite a few people lately tasked with
“security” inside their organizations and couldn’t help but notice their
lack of understanding when it came to Windows process information.


I figured if the people I have talked with don’t understand then
there are probably a lot more people that don’t understand. I’m guessing
quite a few people that consider themselves “experts” as well.


I decided to write this post in an effort to help the individuals
that may not have the knowledge, free time, training budgets, etc. to
explore Windows processes. For about $50 – $75 (few books) and some free
time you can learn pretty much everything needed to know about Windows
processes.


My goal isn’t to dive very deep into each of the processes. I figured
a bulleted “cheat sheet” vs. wordy descriptions will be best for my
intended audience.


The people that want to dive deeper can buy themselves a copy of
Windows Internals, 6th Edition Part I and II, fire up Process
Explorer/Process Hacker, start reading the great documentation by the
Volatility team (references below).





Know your Windows Processes or Die Trying | System Forensics