THE DFIR BLOG
Menu

Windows Forensics

Key Windows Process

3/26/2019

 
Picture
Overview:
An application consists of one or more processes. A process, in the simplest terms, is an executing program. One or more threads run in the context of the process. A thread is the basic unit to which the operating system allocates processor time. A thread can execute any part of the process code, including parts currently being executed by another thread.

Each process provides the resources needed to execute a program. A process has a virtual address space, executable code, open handles to system objects, a security context, a unique process identifier, environment variables, a priority class, minimum and maximum working set sizes, and at least one thread of execution. Each process is started with a single thread, often called the primary thread, but can create additional threads from any of its threads.

System
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:
svchost.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

smss.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

csrss.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:
services.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

isaiso.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

explorer.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

wininit.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:
winlogon.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

lsass.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

taskhostw.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:
wininit.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:
Runtimebroker.exe
  • path:
  • parent process:
  • Number of instance:
  • User Account:
  • Start Time:
  • Information:

    Archives

    September 2019
    August 2019
    July 2019
    June 2019
    March 2019
    March 2018

    Categories

    All
    ATA
    Detection
    Forensics
    Microsoft
    Rules
    Windows
    Windows Foreniscs

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me