Checking Windows Computers

In this section we will go through some of the basic steps to take when checking a suspected Windows computer. Following are the tools (with links to their respective download pages) we are going to demonstrate here:

• Sysinternals Autoruns produced by Microsoft.

• Sysinternals Process Explorer produced by Microsoft.

• CrowdInspect produced by CrowdStrike.

• Sysinternals TCPView produced by Microsoft.

• pcqf (originally SnoopDigg) produced by Claudio Guarnieri. (Last updated in 2021.)