Fibratus
Fibratus is a tool for researching and tracking the Windows kernel . It allows you to intercept system-wide events, such as the process lifecycle, file system I/O, registry changes or network requests, as well as many other monitoring signals.
In short, Fibratus allows you to get deep operational visibility of the Windows kernel, as well as processes running on top of it.🤔
▫does not require drivers and third-party software.
Events can be sent to a wide range of output receivers or saved to capture files for local verification and forensic analysis.
A powerful filtering mechanism allows you to penetrate into the insides of the event stream, and the rules mechanism is able to detect hidden enemy attacks and sophisticated threats.