Processes and Disks Lab - Zacham17/my-tech-journal GitHub Wiki

SYS140 - Week 7

Process Explorer

1. Which process (other than System Idle) is using the most CPU? (Click on the CPU tab to sort by the most used) How much is it using? NOTE: This will change in real-time so use whatever is showing up the most often. NOTE: System Idle Process is not a real process. It is how idle your Processor is on the system.

Chrome.exe is using the most CPU. It is using .82 of the CPU.

2. Which Process is using the most memory (Private Bytes and Working Set combined)? How much of each?

Chrome.exe is using the most memory. It is using 451,236K for Private Bytes, and is using 483,316K for Working Set.

3. What are “Private Bytes” and “Working Set?” How are those relevant to the question in this assignment?

Private Bytes is the amount of memory that the process is asking for to be reserved. The Working Set is the amount of memory that the process is actually using.

CITE the source(s) where you found the response to the question above.

https://stackoverflow.com/questions/5405693/help-understanding-windows-memory-working-set#:~:text=Simply%20said%2C%20the%20working%20set,out%20(i.e.%20in%20RAM).&text=If%20your%20program%20uses%20more,are%20not%20necessarily%20%22gone%22.

https://stackoverflow.com/questions/1984186/what-is-private-bytes-virtual-bytes-working-set#:~:text=Private%20Bytes%20refer%20to%20the,files%20(i.e.%20shared%20DLLs).

4. What options does Process Explorer offer that Task Manager does not?

Process explorer offers the ability to show you the Signer, Version, Image Path, Company Name, Window Title, Session, Command Line, Comment, Autostart Location, VirusTotal, DEP Status, Integrity Level, if the program is virtualized, ASLR Enabled, UI Access, and Enterprise context of a process, which Task Manager doesn’t show.

Autoruns

1. Look through the entries.

2. Click the Logon Tab. How many “Auto Entry” results do you see?

13

3. Look through all of the entries that startup at Logon. Find three to do some research on. What information can you find out about those processes after performing an online search?

CCleaner Smart Cleaning: This is a feature of CCleaner. This can analyze files to see if there is any ‘junk’ taking up space, and can be removed.

Ibtusb: This is a driver. It is the Intel(R) Wireless Bluetooth(R) Filter driver.

IntcDAud: this is a windows driver. It is an intel audio driver. The full name is the Intel Display Audio Driver

NOTE: This is to help you start the process of learning to find out how to analyze your computer system.

CITE the source(s) where you found the response to the question above.

https://support.piriform.com/hc/en-us/articles/360015058012-What-is-the-Smart-Cleaning-feature-

https://www.freefixer.com/library/file/ibtusb.sys-113011/

https://www.file.net/process/intcdaud.sys.html

4. Right-click on a startup entry. What options are available to you? What do they mean? In the screenshot below, I did a right-click on the entry “Java” the questions “What do they mean?” is asking what the options in the context menu mean (“Delete”, “Copy”, etc.)

I right clicked on the igfx(Intel Graphics Kernel Mode Driver). The options that appeared were, Delete, Copy, Jump to entry, Jump to Image, Verify Image, Check VirusTotal, Process explorer, search online, find, and properties. These option jump to entry brings you to a regedit entry. The jump to image option opens the file location . Verify Image does exactly that, and verifies the image. Check VirusTotal scans the file. ProcessExplorer shows the details in process explorer. Search online searches the process on the internet. Find lets you find a process. Properties shows the properties of the process.

5. Export the results of autoruns into a CSV file (you will need to download the commandline version of autoruns). Upload the CSV file as a separate file when you submit your link for this assignment

NOTE: Why is it important to save the data to a CSV file? Comma-separated Values (CSV) provides a format that makes it easy to view the data in a spreadsheet so it can be sorted and searched. CSV also provides a unified format to make it easy to parse using scripting and programming languages. NOTE: Even though it is called “Comma-separated Values,” you can have the data separated by other values besides a comma.

Take a moment to look inside the file to see the formatting.

DU

Preparation:

1. Download DU from the sysinternals website

2. Open the folder where you extracted the du program. In the URL bar, type:

cmd This is just one of the best CPUs on the market right now.

and that will open the command prompt in the current directory to complete this lab.

Paste the following line into the command prompt:

du –c “c:\Program Files*”

3. What information does this give you? How useful is this? Only handwritten submissions are required here. (1 point)

This provides the Path, CurrentFileCount, CurrentFileSize, FileCount, DirectoryCount, DirectorySize, and DirectorySizeOnDisk. This is useful because it shows how many files are in the folder you specify, and how much space they are taking up.

4. Add a 2 level search by adding “–L 2” to the command line after the command you typed in #2

5. Is this more useful? How would you use this tool to track down where your disk is filling up?

I don’t think this is more useful because nothing is shown other than the categories, but no numbers for any of the categories, so you don’t really learn anything from it. The command in general is useful though because you could use it to see which folders and files are taking up a lot of space on the hard drive.

SUBMISSION SUMMARY: • Answers to questions #1 through #4 in ‘Processes’ • Answer to questions #3 and #6 in ‘Autoruns’ • CSV file from question #5 in ‘Autoruns.’ Upload it along with the link to your GitHub submission for this week. • Answers to questions #3 and #5 in ‘Disk Utilities’