Episode
Defrag Tools: #3 - Process Monitor
In this 2 part episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Monitor. Process Monitor allows you to view the File, Registy, Network, Process and Profiling details of the processes running on the computer. The logging allows you to go from a holistic view all the way down to the function in the stack that initiated an event. Process Monitor can be used to troubleshoot nearly all types of issues. As coined by David Solomon - "When in doubt, run Process Monitor".
Part 1 (this week) covers the tool itself.
Part 2 (next week) goes though a wide variety of examples showing how different techniques are required for different investigations.
Resources:
Sysinternals Process Monitor
Timeline:
[01:03] - Episode Overview
[01:55] - www.sysinternals.com
[03:30] - Launching & EULA
[04:00] - Events traced
[06:28] - Sysinternals Administrator's Reference - [Amazon]
[07:00] - File Menu - Open, Save, Backing Files/Pagefile, Capture Events and Configuration
[10:34] - Edit Menu - Copy, Find, Highlight, Bookmarks, Auto Scroll and Clear Display
[14:52] - Events Menu - Jump To, Search Online, (Quick) Filtering, Filemon/Regmon heritage, Highlight &Filter dialogs
[22:48] - Filter Menu - Advanced Output, Load/Save/Organize Filters, Drop Filtered Events
[25:02] - Tools Menu - Next episode...
[25:28] - Options Menu - Symbols, History Depth, Profiling and Network Addresses
[28:47] - Command Line - Refer to the book, help file and the dialog
[29:08] - Columns - in particular, the Relative Time and Duration columns
[31:48] - Next episode, examples...
In this 2 part episode of Defrag Tools, Andrew and I walk you through Sysinternals Process Monitor. Process Monitor allows you to view the File, Registy, Network, Process and Profiling details of the processes running on the computer. The logging allows you to go from a holistic view all the way down to the function in the stack that initiated an event. Process Monitor can be used to troubleshoot nearly all types of issues. As coined by David Solomon - "When in doubt, run Process Monitor".
Part 1 (this week) covers the tool itself.
Part 2 (next week) goes though a wide variety of examples showing how different techniques are required for different investigations.
Resources:
Sysinternals Process Monitor
Timeline:
[01:03] - Episode Overview
[01:55] - www.sysinternals.com
[03:30] - Launching & EULA
[04:00] - Events traced
[06:28] - Sysinternals Administrator's Reference - [Amazon]
[07:00] - File Menu - Open, Save, Backing Files/Pagefile, Capture Events and Configuration
[10:34] - Edit Menu - Copy, Find, Highlight, Bookmarks, Auto Scroll and Clear Display
[14:52] - Events Menu - Jump To, Search Online, (Quick) Filtering, Filemon/Regmon heritage, Highlight &Filter dialogs
[22:48] - Filter Menu - Advanced Output, Load/Save/Organize Filters, Drop Filtered Events
[25:02] - Tools Menu - Next episode...
[25:28] - Options Menu - Symbols, History Depth, Profiling and Network Addresses
[28:47] - Command Line - Refer to the book, help file and the dialog
[29:08] - Columns - in particular, the Relative Time and Duration columns
[31:48] - Next episode, examples...
Have feedback? Submit an issue here.