I read something very interesting in “Windows via C/C++” today: starting with Windows Vista, CreateProcess can start a program where you specify the parent process! This is something forensic investigators must be aware of when they analyse processes running on a Windows machine. Normally the parent process of a new process is the process that … Continue reading Quickpost: SelectMyParent or Playing With the Windows Process Tree