winninit.exe is a legitimate process on a Windows workstation ?

RAM needs to go through CPU and Cache to query Data on Disk ?

In volatility 3, the isfinfo plugin helps you to get the version of the OS and the time of the dump ?

If I see this string "/krbtgt:09267d27ac91294c4d423dbf642187cb" in a commandline parameters, I should :

pslist and psscan plugins are doing the same thing, they give same results except psscan gives the parent/ child relationships ?

mimikatz is a tool that helps attackers creating a Golden Ticket ?

scvhost.exe is a legit process on Windows systems ?

In RAM analysis, there is always multiple ways to detect something malicious or to get a specific information such as the private IP address or hostname og the machine ?