LetsDefend Academy

Online practicing and training platform for blue team members









Process

It can be checked is there any malware by examining active processes. The list can be accessed from the "Task Manager" process tab.

If you want to make a list with cmd, you can use the "tasklist" command.

During an incident response, we usually need more detailed information. For example: parent process, child process information, network activities performed by the process, memory dump etc. The "Process Hacker" tool can be used to get such extra data.