The Get Process List feature available from the IR menu in ProDiscover Incident Response edition allows users to more deeply investigate running processes on a remote system. After connecting to a remote system running the PDServer remote agent and selecting "Get Process List" from the IR menu, the running processes dialog box will appear displaying the running processes on the remote system. After highlighting a specific process in the top view window, all library modules being utilized by the specific process will be displayed in the bottom display window. Users are provided with the capability of adding processes and their dependant dll's (libraries) to the project report and/or adding the process and its associated dll binary file to the report as evidence of interest.
Note: processes hidden by second and third generation rootkits through kernel shimming or dll injection may not be detected by the "Get Process List" function. To detect processes hidden by advanced rootkits users should utilize the "Find Unseen Processes" function from the IR menu.