Abstract
Sometimes the antivirus and antispyware software does not catch everything and computer starts to behave suspiciously, leaving one to believe that someone has compromised his/her computer. Using the standard tools that come with Windows can provide only an inkling of what may be happening, and learning more requires a more in-depth view of the problem. Additionally, finding information that is a bit more detailed or advanced is possible only if one happens to be a system programmer or has an access to tools developed by a system programmer. This chapter addresses sysinternals tools like AccessEnum, EFSDump, PendMoves, MoveFile, ShareEnum, and RootkitRevealer. These tools enables one to perform tasks, such as viewing the security settings of resources, listing users who can access encrypted files, moving or deleting files in use on reboot, investigating suspicious local files, and searching for installed rootkits. It emphasizes on determining who has what kind of access to system resources, how to examine Encrypting File System (EFS) encrypted files, and how to verify the validity of suspicious local files. It also discusses how to use the available Winternals tools to move an unmovable file and to list files that are already marked to be moved and finally it discovers a simple way to check for rootkits on a system.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
