A tool used to captures:
- Process state changes
- Registry changes
- Network changes
- Thread activity
Filters can be applied to narrow down events.
Filtering
Filter > Filter
- Apply a filter for a syscall
- Apply a filter for a process
Default filters are: - Registry
- File System
- Process Activity
- Network