This is a short video on Windows 10 core processes I have tried to cover all of the basic information through visual representation of the process hierarchy. Being an Incident responder I do know the importance of the ability to distinguish between normal and abnormal behavior of processes during investigation. Hence I have discussed all the normal characteristics of processes and tried to highlight the important points about them. Further in the later part of video there will a proof of concept where we will see the characteristics of processes in live windows 10 virtual machine using Sysinternal Process Explorer.
For miscellaneous details:
- Session 0: securityinternals.blogspot.com...
- Sessions, Windows and Desktops: securityinternals.blogspot.com...
- System Idle Process: securityinternals.blogspot.com...
- Windows 10 Core Processes: dfir-world.tumblr.com/post/66...