The only flaw that i can see is that you have to install a file to make the 'pslist' and other commands associated with it. when it comes to digital forensics and crime scenes, you cant install anything on the computer being investigated.
While command line looks cool, using the program Process Explorer from sysinternals will show you all the running processes, dll files in use, strings, handles, tcp/ip connections, ACLs and files actual location, how much cpu a particular process is using, breakdowns of resources in use by a process, and if it's a generic service container (such as svchost) it will show what services it is hosting. You can also manipulate the process and easily identify what process a window belongs to.
The only flaw that i can see is that you have to install a file to make the 'pslist' and other commands associated with it. when it comes to digital forensics and crime scenes, you cant install anything on the computer being investigated.
PADDYzIRISHzMAN 2 months ago
@PADDYzIRISHzMAN open cmd and type tasklist its the same thing
FlaverFx 2 months ago
Good video though, it's obvious you know your stuff.
Tafaer 2 months ago
While command line looks cool, using the program Process Explorer from sysinternals will show you all the running processes, dll files in use, strings, handles, tcp/ip connections, ACLs and files actual location, how much cpu a particular process is using, breakdowns of resources in use by a process, and if it's a generic service container (such as svchost) it will show what services it is hosting. You can also manipulate the process and easily identify what process a window belongs to.
Tafaer 2 months ago