We help IT Professionals succeed at work.
Get Started

implication of MS sysinternals not supported & components of sysinternals that capture evidences for forensics

389 Views
Last Modified: 2018-03-25
In a Cyber Security training, the trainer/consultant from UK has recommended to my colleague (I did not attend the training) to use MS sysinternals.

Our role is to capture the evidences/artefacts using Sysinternals.

a) an End User IT support told me that sysinternals is not supported by MS, it's given as it is for use.
    Concern is : has MS been updating the version of sysinternals for use on Win 7, 8, 10 and Win2008 R2, Win 2012 R2, Win 2016
    so that it can be run / used on these versions of Windows (both 32bit Win7 as well as 64 bits Windows)?   I felt if sysinternals
    could run & capture evidences/artefacts on these platforms/versions of Windows, it's good enough  or is there any concern
    since MS is not supporting it?    We do have MS Premier support contract including MS Security escalation, so I guess MS
    will still analyse dumps captured using sysinternal or won't MS do it?

b) our role is to capture the evidences/artefacts in the event of compromises/attacks & we'll engage external forensics
     experts to analyse.  Which of the tools/components in sysinternals offer these capturing?  Will need to elaborate a
     bit for this one.  Example for "Process Explorer", we can select the specific process & "Create Full Dump" or take its
    hash & submit to Virustotal if any of the 60+ security products in Virustotal reported the hash as malicious
Comment
Watch Question
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
Unlock 5 Answers and 10 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE