Microsoft Sysinternals Tools

The Sysinternals toolset can help you investigate various anomalous behaviors and connections taking place on an endpoint. Below are a few of the tools you may be asked to run, each are linked to their respective Microsoft download page and usage guide.

• TCPView: This tool can help you identify the process that is opening a port or communicating across it.

• Process Explorer: This tool can help you identify handles and DLLs that are attached to processes and their location.

• Process Monitor: For processes or problems that appear to be intermittent or hard to catch, process monitor can capture all processes over time so that you can identify potential periodic issues.