CST - Guided Tour


Home About Us Who We Are What We Do Management Products OnLineDFS OnLineDFS Architecture OnLineDFS Guided Tour P2P Marshal Training OnLineDFS Training P2P Marshal Training Enterprise Resellers News Contact Us

Tour Background
1. Logging into OnLineDFS
2. Creating an inquiry
3. Logging into the target system
4. The initial acquisition
5. Analyzing data
6. Acquiring state data
7. Acquiring files
8. Displaying data
9. Continuing the investigation
10. Logging out

OnLineDFS: A Guided Tour

Background | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10

5. Analyzing Data (continued)

Miller immediately notices something out of the ordinary. One of the running processes on the target is WINWORD.EXE, the executable name for Microsoft Word. This is odd, because the standard company document editor is Word Perfect. Wallace would have had to specifically install Microsoft Word on his computer in order for it to appear as a running process. Miller decides to examine the process WINWORD.EXE in detail. By clicking on a process name in the running process table, he can get more information about that process, as shown in Figure 11. This information includes the owner, open network ports, running threads, open DLLs and open handles.

Figure 11 - Detailed Process Information (WINWORD.EXE)

Figure 11 - Detailed Process Information (WINWORD.EXE)

free website hit counter