SysInternal: A Tool for Every IT Administrator

April 9, 2018 | Views: 5547

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I will not be surprised if don’t have any idea about Microsoft “Sysinternals”. But it is not something that you should miss if you’re working in Security/Networking/Linux as an Administrator. 

Why Sysinternals?

I know It is good to know all CMD Commands but sometimes you may get confused between commands. If you’re a beginner then you have yo learn them, right?

So here SysInternal comes into play. It is a collection of advanced system utility. SysInternals can do pretty advanced stuff without any hassle and it has a size of just a few MBs  You should go and explore some of the SysInternal utilities that I have recommended below. 

Sysinternals Suite Is an entire set of Sysinternals Utility under a single zip.

Now, let’s get started…

  • Process Explorer: This tool is same as task manager but it includes a vast list of features when compared to task manager. We can view details(CPU Usage, PID, Verified Signer, Company Name for the process) about each process and verify it from Virus Total (Which is a popular Malware detection Engine) and much more.
  •  TCP View: This tool is very useful when it comes to a process connection view. eg. We can analyze which process is working on which port and making a connection to which Foreign Address (IP and Port No.) It also tells us the state of the connection, Metric of the data packet sent or received.
  • RamMap: By the name, it is clear that it maps the utilization of your physical memory, how much ram does a kernel or any other Application Utilizes.
  •  AccessChk: This is a great utility if you’re an administrator because this utility tells you regarding the permission (r, w, x) that an account holder for a file, folder, registry, and application etc. 
  •  ShellRunas: This utility lets you run as another user under different accounts.
  • PsList: It is a process Utility which will list all current process statistics where you can view details of thread, memory, process tree.
  • Disk2vhd: It creates Virtual Hard Disk (VHD) version of your Physical Hard Disk. These can be used in VM’s (Hyper-V, Oracle VB, VMWare).
  • Process Monitor: This utility is a combination of two utility FileMon and RegMon. This is an advanced monitoring tool for process, file system, the registry in real time. With help of this tool, people are able to search internal behavior of a process

We can also run Sysinternals Live at

I hope this will give you some insight on Sysinternals Utilities. However, there are around 140 utilities available on which are developed by Microsoft and keeps updating on a regular basis.

Wish you all the best with learning! 

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. good reminder on these useful resources.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?