Windows Investigation - Sysmon and Process Monitor
In this room you will learn how to investigate a suspicious activities and network traffics in Windows environment using Microsoft Sysinternal tools: Process Monitor, Registry file, and Sysmon log.
By CyberTask ยท Easy level
7
Tasks
2
Sections
35
Points
1 hr
Duration
What You'll Learn
- Investigate suspicious Windows activities using Sysinternal tools
- Analyze Sysmon logs to trace malware behavior
- Use Process Monitor to identify malicious network connections and persistence mechanisms
Prerequisites
- Basic Windows administration
- Understanding of system processes
Tools & Technologies
Sysmon
Process Monitor (ProcMon)
Windows Event Viewer
Sysinternal Suite
Ready to Begin?
Sign in or create an account to start this lab and earn points.