TechED 2012: Mark Russinovich’s Malware Hunting with the Sysinternals Tools

This was one of the interesting session that I was looking for… Usually I follow Mark’s blog and read the related info. So I was super excited to watch this one. Ok, let me switch back… the session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. Mark Russinovich demonstrates their malware-hunting capabilities by presenting several real-world cases that used the tools to identify and clean malware, and concludes by performing a live analysis of a Stuxnet infection’s system impact.

Hope you enjoyed it!!