Question about Lspd.pl

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 18 years ago

2 Posts

2 Users

0 Reactions

464 Views

RSS

mwade

(@mwade)

Trusted Member

Joined: 18 years ago

Posts: 77

Topic starter 21/04/2007 3:11 am

I was reading in Harlan Carvey's latest book about Lspd.pl. I see where this pl script will reveal the command that was executed to spawn the PID of interest. My question (and hopfully Harlan is out there reading this), does this include processes that are created automatically, say from malware etc.

Thanks in advance.

Mark

Quote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

21/04/2007 4:12 am

"I was reading in Harlan Carvey's latest book about Lspd.pl. I see where this pl script will reveal the command that was executed to spawn the PID of interest. My question (and hopfully Harlan is out there reading this), does this include processes that are created automatically, say from malware etc."

First, thanks for purchasing the book!

Now, lspd.pl will return, as part of its output, the command line used to launch a process. If you look at the output of the tool provided with the book, you'll see that there are number of processes that are created automatically that lspd.pl will return their command line.

A malware process will be no different.

Hope that helps,

Harlan

ReplyQuote

Android Forensics

I have conducted a logical and partial extraction of a ...

By SgtAndroid , 15 hours ago
Article: The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency

Can digital forensic labs cut backlogs without cutting ...

By Zoe , 2 days ago
Prefetch Question

Hello All, I have a question regarding Windows prefet...

By Forensic_Tester , 2 days ago

8 Forums
15.7 K Topics
92.3 K Posts
187 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed