PsTools Suite - crupper/Forensics-Tool-Wiki GitHub Wiki

#PsTools Suite From Windows Sysinternals

#####Source: Get PsTools Here

##Description PsTools provide a collection of various executables. They are very valuable for System Administrators and Forensic Investigators. Below is a list of the tools included in the suite:

• PsExec
• PsFile
• PsGetSid
• PsInfo
• PsPing
• PsKill
• PsList
• PsLoggedOn
• PsPasswd
• PsService
• PsShutdown

##My Thoughts and Uses The PsTools suite was very useful during a forensic analysis of a compromised Windows XP system. PsLoggedOn was able to give me a list of users currently logged onto the system. PsList was then useful to show me a list of running processes. To find the running services I used the PsService. PsFile showed a list of open files on the system (similar to lsof on Linux).

When it comes to a Windows system, using the PsTools will help quite a bit. They do their job well, and are easy to put in one's Live Response ToolChain.