This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malwarehunting capabilities through several realworld cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.

Filmed at TechEd 2013