—In order to detect and triage malicious processes on
Windows machines, efficient and automated techniques need to be
developed. Using a comprehensive suite of open-source tools and
available python libraries, this research project presents an innovative
approach for automating the analysis of Windows machines. The
primary objective is to enhance the capabilities of analysts by
providing them with a program that can swiftly identify and analyze
various security parameters, such as process PID-PPID relationships,
network activities, and process command lines. By leveraging opensource tools, the proposed solution aims to streamline the triaging
and analysis process, thereby addressing the challenge faced by
analysts when encountering machines infected with malicious
programs.