Your best bet here might be to search for Windows-based digital forensics articles. SANS puts out a classic poster with some key system processes to keep tabs on: https://digital-forensics.sans.org/blog/2014/03/26/finding-evil-on-windows-systems-sans-dfir-poster-release
Pretty much anything that loads up by default from beneath C:\windows is worthy of watching. You might even just open Task Manager, add the column named “Image path name” and look at each process that’s running out of C:\Windows\*.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.