DFSP # 472 - Windows Usual Suspects

04/03/2025 16 min

Listen "DFSP # 472 - Windows Usual Suspects"

Descargar episodio Ver en sitio original

Episode Synopsis

Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS, CSRSS, WININIT, and WINLOGON. Recognizing expected behaviors and anomalies in these steps is crucial for detecting potential system compromises. This episode demystifies the Windows 10/11 process flow and provides context for effective triage and analysis.

More episodes of the podcast Digital Forensic Survival Podcast

DFSP # 499 Linux top 10 09/09/2025

DFSP # 498 Windows top 10 02/09/2025

DFSP # 497 ticket to ride 26/08/2025

DFSP # 496 Signed, Sealed, Exploited 19/08/2025

DFSP # 495 Corrupted from within 12/08/2025

DFSP # 494 the request is out there 05/08/2025

DFSP # 493 Stop, Share, and Listen 29/07/2025

DFSP # 492 A Bit of TCP 22/07/2025

DFSP # 491 INF-ltration: The Subtle Art of “Fetch and Execute” 15/07/2025

DFSP # 490 Unveiling the USN Journal 08/07/2025

Ver todos los episodios

ZARZA We are Zarza, the prestigious firm behind major projects in information technology.

DFSP # 472 - Windows Usual Suspects

Listen "DFSP # 472 - Windows Usual Suspects"

Episode Synopsis

More episodes of the podcast Digital Forensic Survival Podcast

Increase the rate of email delivery

Telecommuting for employees of trust

Bandwidth: Broadband or Narrowband?

Personnel recruitment via Web

Deep web or Invisible Internet

Subdomains, a glance with the experts!

Free Internet, a prediction in Nostradamus style

Educational Technology: From traditional to digital

Localhost, there’s no place like 127.0.0.1

Googling with breathtaking tricks you ignore

Internet Predators on the prowl

Gray Hat Hacking, those with ambiguous ethics…

Dot COM: The Internet’s dominant TLD