The Windows Performance Toolkit comes with the Windows Assessment and Deployment Kit (Windows ADK). See where you can grab the latest ADK and what to select in order to grab just the Windows Performance Toolkit. After installation is completed, observe where to locate the Windows Performance Recorder User Interface (WPR-UI) and the Windows Performance Analayzer (WPA). This is your toolbox that will help us analyze malware and find out how it ticks.
- The malware we see in this course is popular enough that professional hackers use it. Even though malware can take many forms, the end goal is usually theft or harassment. Hi, I'm Thomas Pantels and even though that sounds like some pretty scary stuff we face threats like this every time we're online in today's digital golden age. Most users rely on anti-virus and anti-malware programs as a means to measure how safe their system is. But these programs can and do miss malware. When this malware slips past your security programs, it remains on your system, harvesting your credentials and passing private information off to the remote attacker.
The Windows Performance Toolkit is a collection of powerful tools like the Windows Performance Recorder which is used to record system events and the Windows Performance Analyzer which is used to inspect those events. I'll demonstrate how to use these two tools to find malware that is undetected by most anti-virus programs. If you suspect a process of being malicious, you can use the Windows Performance Toolkit to analyze the behavior of that process. Now let's get started.
- Analyzing malware
- Reviewing the overall structure of the malware
- Collecting malware data
- Finding and analyzing keylogger patterns
- Analyzing screen recordings
- Analyzing webcam recordings
- Analyzing microphone recordings
- Recording prevention tips