-
Will fill this section more appropriately later on
-
Log files reside in: (windows event viewer)
C:\Windows\System32\winevt\Logs
-
Event viewer > Windows Logs > System
-
Sysinternals (tools for monitoring)
- TCPView #tool
- shows TCP and UDP endpoints on system
- includes local and remote addresses
- TCP connection states
- Process Explorer #tool
- has two windows
- top window:
- shows list of currently active processes
- names of owning accounts,
- bottom window:
- different modes
- handle mode: view handles taht the process selected in the top window has opened
- DLL mode: view DLLs and memory-mapped files that process has loaded