This allows the analyst to use custom filters for either hiding “boring” entries or checking the log file for the presence of “interesting” events.Īfter creating a custom filter with Ctrl+L, you can save it using the Filter > Save Filter… menu option. The good news is that the tool allows the analyst to not only define custom filters-it also includes the ability to save filters as independent entities. As you can see, the tool comes with several pre-defined filter to eliminate a small set of common Windows events:Įven with the default filters, there is usually too much noise in Process Monitor’s log file.
You can define the filters by pressing Ctrl+L in Process Monitor or through the Filter > Filter. The thoroughness of the tool is also weakness, as the amount of data captured by Process Monitor can easily overwhelm the analyst.įilters for Sifting Through Process Monitor Dataįinding meaningful events in Process Monitor’s voluminous log file is simpler by using the tool’s filtering capabilities, which allow the analyst to conditions for determining whether records should be shown or hidden. It’s an invaluable tool for troubleshooting Windows problems as well as for malware forensics and analysis tasks. Process Monitor is a free tool from Microsoft that displays file system, registry, process, and other activities on the system.
0 kommentar(er)
