Amazing Tasklist Utility!

Posted June 4th, 2006 by admin

by Chetan Gupta, NII Consulting

I was looking for a utility which allows me to remotely access running processes’ list of a suspect machine running Windows OS. I found this wonderful utility which allows to not only view the processses and their PIDs but also filter the processes according to the certain criteria such as username, memory usage, loaded modules, services, status of the services and even Windows title! Read the rest of this entry »

XP Built-in monitoring feature

Posted May 2nd, 2006 by admin

by Chetan Gupta, NII Consulting

Windows XP has a built-in feature – UserAssist, that acts as a monitoring tool and greatly aids in the forensic investigation of Windows operating systems. UserAssist records user access of specific objects on the system, such as executables, Control Panel applets, shortcut files, etc. This is stored in the registry under the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\UserAssist

Read the rest of this entry »