Security Engineers often do not have the time to perform the in depth study of a system in order to determine if malware, Trojans and bot software has been installed on a PC. Given the limited amount of time we all have, we must find creative ways to determine if a breach of security on our systems have occurred. I suggest that one way to quickly determine if a system is actively compromised is through the use of the procmon.exe package included in Sysinternals.
Many security professionals have the need to perform analysis when Malware, Trojans or strange behavior is reported on a system. Lets take a look at the Sysinternals autorun.exe for performing this analysis. The goal of this blog posting is to try demonstrate the benefits of the application. Today, I’ll install Sysinternals onto my system in order to properly execute my startup analysis.