adam's notes

Memory and Process Consumption

  • High CPU and memory utilization are indicators of abnormal behavior
    • but not clear indication of malware, need careful inspection
  • legitimate causes of high resource utilization:
    • malware scanners
    • software updaters
    • office productivity files
    • optical character recognition software
    • etc.

Windows

Processor Usage

  • monitoring the per-process percentage of CPU time to locate problems
  • can monitor on Windows using Task Manager and Performance Monitor

Memory Consumption

  • overall percentage of memory usage is not necessarily an IoC
  • Windows is optimized to make as much use of memory as possible
  • per-process use of memory is useful but varies widely
  • view typical memory usage of applications at shouldiblockit.com or search engine queries

Linux

free Command

free is a Linux command that outputs a summary of memory utilization.

  • it retrieves this info from /proc/meminfo
  • displays info on physical and swap memory
  • by default shows:
    • total memory available plus the amount used and unused (free)
    • amount of memory used by temporary file systems (shared)
    • amount of memory used by kernel buffers and the page cache
    • amount of estimated memory available for new processes, including the page cache

top Command

The top command creates a scrollable, real-time table of every running process.

  • table includes:
    • process ID
    • user
    • CPU percentage used
    • memory percentage used
    • execution time
    • and information about each process
  • Can sort output with:
    • Shift+P to sort by CPU usage
    • Shift+M to sort by memory usage
    • Shift+T to sort by execution time
    • Shift+N to sort by PID
  • htop utility provides similar functionality, plus mouse support and more easily readable output

Graph View

Backlinks