CurrProcess – Tool to Display Currently Running Processes

0
0

CurrProcess utility is another nirsoft product that you can use among your toolkit for incident response. This tool will display list of all processes currently running on your system. For each process, you can view the list of all modules (DLL files) that the process loads into memory. for all processes and modules, additional useful information is also displayed: product name, version, company name, description of the file, the size of the file, and more.

CurrProcess v1.13 - Tool to Display Currently Running Processes

CurrProcess v1.13 – Tool to Display Currently Running Processes

In addition, CurrProcess allows you to do the following actions:

  • Change the priority of a process.
  • Kill a process.
  • Dump memory of process into a text file.
  • Create HTML report containing information about a process with the list of all modules that it loads into memory.
  • Save the list of all running processes into text or HTML file.
  • Copy process or module information to the clipboard.

Generally using several tools and sources for extracting artifacts is highly recommended even when the windows build-in utility provide such information. You can use this tool when you are looking to perform a livebox forensics analysis and it will allow you to find information you need to identify suspicious or malicious process. This utility is a standalone executable, so it doesn’t require any installation process or additional DLLs. Just run the executable (cprocess.exe) and start using it.

You can read more and download this tool over here: http://www.nirsoft.net/utils/cprocess.html

Share