When you are tasked with analyzing a issue in detail on a PC running Windows, a malware attack for example, it is often necessary to look beyond the obvious and use tools that provide you with a detailed low-level view of what is going on.
While some recommend to start clean by formatting the PC and installing Windows anew, if you want to analyze what happened, you need specialized tools for that purpose.
PC Hunter is one of those tools and while it may not be the easiest tool to use, it provides you with an extensive amount of information that comes close to the likes of Autoruns, Process Explorer or comparable tools.
The application is being made available as a portable 32-bit or 64-bit version that you can run right after you have extracted the archive.
It displays all running processes on start and more than ten additional tabs that list extensive information of their own.
The process explorer lists all processes by name and process ID, the process path, and the company that signed the file. A tree structure is used to visualize dependencies, and non-system (read Microsoft) processes are highlighted in blue for easier recognition.
A right-click on any process listed here opens a long context menu that displays many different actions to you. From verifying process signatures over suspending or killing processes to searching for information online or opening the folder of the process in Windows Explorer.
The next two tabs, Kernel Module and Kernel display information about loaded drivers, filters, worker threads or Direct IO.
The information that PC Hunter makes available can be overwhelming at times. That does not mean that they are not useful, quite the contrary, but most users may find some of the information more useful than others.
The network tab displays all current network connections for example which can be quite useful in determining which programs connect to local or remote services.
The network monitor leaves little to be desired as it offers a total of nine different sub-tabs for you to explore. From port information over the Hosts file to Internet Explorer specific data such as the list of Browser Helper Objects.
The startup tab too can be useful. It lists all programs and services that run on system start as well as scheduled tasks.
You can disable or enable items here, or even delete them which can be useful if you get a file not found error for some of them.
The other tab offers heaps of information as well. Here you find listed all file associations for example with options to repair associations or open the Registry Editor to manage the association manually.
Here you find listed all firewall rules, again with options to repair, manage or delete, users, IME/TIP information and options to enable or disable certain features of the operating system such as Registry Tools or Safe Boot.
You can generate a report under Examination. This adds information from all areas that the program covers -- and that you have selected -- to a text file which you can export.
PC Hunter offers extensive system information. Some of the information that it makes available are highly specialized, while others are useful to users of -- nearly -- all experience levels.
Inexperienced users may on the other hand prefer tools that are easier to use and don't display that many information to them.
This article was first seen on ComTek's "TekBits" Technology News