**https://hec-ker.tistory.com/194
**
The analysis will be conducted on the given 'foren.raw' file in the previous step.

We already know OS information (imageinfo), so let's check the list of processes through 'pslist'.