Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views7 pages

CF Pract5

Uploaded by

ayusjuly27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views7 pages

CF Pract5

Uploaded by

ayusjuly27
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Name: -Rohan Sunar Roll no.

:- CS21028
Cyber Forensics
Practical No. 5

Aim :- Using Sysinternals tools for Network Tracking and Process Monitoring:

 Check Sysinternals tools


 Monitor Live Processes
 Capture RAM
 Capture TCP/UDP packets
 Monitor Hard Disk
 Monitor Virtual Memory
 Monitor Cache Memory

Make sure to Download SysinternalSuite for Windows


Then
Check SysInternals Tools
Windows Sysinternals tools are utilities to manage, diagnose, troubleshoot, and monitor a Microsoft
Windows environment.
The following are the categories of Sysinternals Tools:
1. File and Disk Utilities
2. Networking Utilities
3. Process Utilities
4. Security Utilities
5. System Information Utilities
6. Miscellaneous Utilities

Monitor Live Processes


Process Monitor is an advanced monitoring tool for Windows that show real-time file system.
Registry and process/thread activity. It combines the features of two legacy SysInternals utilities,
Filemon and Regmon, and adds an extensive list of enhancements including rich non-destructive
filtering, comprehensive event properties such as session IDs and user names, reliable process
information, full thread stacks with integrated symbol support for each operation, simultaneous
logging to a file, and much more.

Step 1 :- SysinternalSuite  procmon


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Then allow the permissions and then Select all the processes to be viewed

Capture RAM
RAMMap is an advanced physical memory usage analysis utility for Windows Vista and higher. It
presents usage information in different ways on its several different tabs:
 Use Counts: usage summary by type and paging list.
 Processes: process working set sizes.
 Priority Summary: prioritized standby list sizes.
 Physical Pages: per-page use for all physical memory.
 Physical Ranges: physical memory addresses.
 File Summary: file data in RAM by file.
 File Details: individual physical pages by file.

Step 1 :- SysinternalSuite  RAMMap


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Allow the Permission and will Open RamMap

Capture TCP/UDP packets


TCPView is Windows program that will show you detailed listening’s of all TCP and UDP endpoints on
your system, including the local and remote addresses and the state of TCP connections.

Step 1 :- Go to SysinternalSuite  TCPview


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Opens TCPView

Monitor Hard Disk


DiskMon is an application that logs and displays all hard disk activity on a Windows system

Step 1 :- Go to SysinternalSuite  Diskmon


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Runs as Administrator

Monitor Virtual Memory


VMMap is a process virtual and physical memory analysis. It shows a breakdown of a process’s
committed virtual memory types as well as the amount of physical memory working set assigned by
the operating system to those types

Step 1 :- Go to SysinternalSuite  VMMap


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Run the VMMap

Monitor Cache Memory


CacheSet is an applet that allows you to manipulate the working the set parameters of the system
file cahce. Unlike CacheMan, CacheSet runs on all versions and will work without modifications on
new Service Pack releases.

Step 1 :- Go to SysinternalSuite  Cacheset


Name: -Rohan Sunar Roll no.:- CS21028

Step 2 :- Run Cacheset

You might also like