SOC Experts Community - Beta
0 like 0 dislike
83 views
in Use Cases by (1.8k points)

1 Answer

0 like 0 dislike
by (5k points)
Process Monitor is a powerful tool for investigating and troubleshooting application issues, as well as malware forensics and analysis tasks.
It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more.
Process Monitor lets you ‘peek under the hood’: Display files, registry, network and image loading activities in real-time; all of the output can be exported to an external file for later viewing. The tool is using a device driver and Event Tracing for Windows (ETW) for tracking these activities.

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses

Categories

...