Skip to content
Log in

Process tree

Definition

A structured representation of running processes showing each process alongside its parent. Malware frequently spawns command shells or other processes from unexpected parents, such as a web server process or a document reader. The tree makes these anomalies visible where a flat list would hide them.

Related terms

ARP cache
A table held in memory that maps IP addresses to hardware (MAC) addresses for recently contacted hosts on the local network. ARP...
DNS resolver cache
A temporary store of DNS query results held by the operating system. Entries reveal which domain names a host has recently resolved,...
Live response
The process of collecting evidence and triage data from a running system without first powering it down. Preserves volatile artefacts that would...
Order of volatility
The sequence in which digital evidence should be collected, ranked from most to least transient. Defined in RFC 3227. CPU registers and...
Trusted response kit
A portable collection of statically compiled, cryptographically verified forensic tools stored on write-protected media. Used during live response to avoid executing potentially...

Explained in

  • Live Network State and Process CaptureA structured representation of running processes showing each process alongside its parent. Malware frequently spawns command shells or other processes from un...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account