Microsoft Sysinternal suite is commonly used by digital forensics and incident response teams as a cheap and easy-use approach for incident investigation and forensics in Windows systems. Cybereason Research Lab found that commonly used traditional Microsoft monitoring tools miss common attacker behavior such as privilege escalation. Privilege escalation is a commonly used technique by hackers that was believed to be used in the Home Depot breach. It is important for Incident Investigation and SOC teams to be aware of common tools limitations in capturing such common behavior.”]