We want to capture the activity of both Logs.exe and GoodLog.exe. To do this we will start WPR and record an execution of Logs.exe and GoodLog.exe afterwards. We will then analyze the results using WPA, concentrating on the Disk activity and compare the results with Task Manager.
To do this you can follow the steps below or the video.
Can you guess why there is disk activity, but WPA does not show it?