So in this scenario the malicious svchost is not actually a service it’s just a malicious process pretending to be a svchost? as it was not spawned from services.exe
Hello thanks for this video great job. It seems to me, however, that in the latest version of windows 10 taskhostw.exe has for parent svchost.exe and not services.exe
Jean François BOBO You are correct. In Windows 10 things have changed. See the updated description in this video as I have added a new version of the diagram. I will probably create a short update video that shows the new version of the SANS poster, new diagram, and a couple differences in Windows 10.
This is a genuinely fascinating video, and you've presented it perfectly.
Cheers mate.
Lambda Videos Thanks - much appreciated!
Great video. I am currently studying for my sans 508. Exam in two months. This explains things so clearly. Great job!!!
Great content as usual. I'm really amazed by this very high quality of your videos. Keep flying to the stars ♥
After searching a lot on youtube, finally found the Holy Grail.
These memory forensic videos are really helping, keep it up and many thanks
you are the best forensics instructor i have ever seen.
this was very helpful, thanks
This is amazing! No idea how 23 minutes passed by. When can we expect more?
Umer Khalid Thanks! Plenty of similar videos on the channel, and I usually release at least 1 to 2 new videos each month.
Yup, exploring the channel right now :) I have to say... Great job!
Thank you for not saying "processies."
Haha indeed!
So in this scenario the malicious svchost is not actually a service it’s just a malicious process pretending to be a svchost? as it was not spawned from services.exe
surfa exe You got it.
great video, thanks
Question for memory forensics do you need to take a computer science operating systems course or know C programing?
Hello thanks for this video great job.
It seems to me, however, that in the latest version of windows 10 taskhostw.exe has for parent svchost.exe and not services.exe
Jean François BOBO You are correct. In Windows 10 things have changed. See the updated description in this video as I have added a new version of the diagram. I will probably create a short update video that shows the new version of the SANS poster, new diagram, and a couple differences in Windows 10.
Yeah OK sorry i didnt show it. Good job
could we discuss in private way please ?
Jean François BOBO Sure - DM me on Twitter @davisrichardg