Sysinternals - KadeTheKade/ForensicTools GitHub Wiki

The Sysinternals suite is a collective of tools for the management, diagnosis, troubleshooting and monitoring of Windows environments. Created in the early 1990's, it is still useful today in getting diagnostic information from Windows systems in as simple a way as running a single executable. Some of the tools we have used thus far include:

• PsLoggedOn

Used to determine who is currently logged into locally and remotely, or using resources of the computer. You can also search the network neighborhood to see if a specific user is logged on.

• PsList

Lists the processes currently running on the system and statistics on those processes. There are flags that can be used to get extra details ranging from thread, memory, tree order, and specific processes.

• PsService

Lists the services currently running on the system and controls for those services. It displays the status, configuration, and dependencies of services and allows the user to start, stop, pause, resume and restart them.

• Psfile

Displays the files on the local system that are open by remote systems and allows the user to close opened files either by name or by a file identifier.

• Process Explorer

A task manager type program that shows extra information on processes like what program has a particular file or directory open. It can even be configured to show the threat level comparison of each running program against the wide array of antivirus databases on TotalVirus.com.