Computer & OS Fundamentals · beginner · ~10 min
Distinguish the storage tiers and explain what a process actually is.
CPU (registers/cache) → RAM (volatile working memory) → disk (persistent, slow). A process is a running program with its own virtual memory, handles, and security context; threads share a process's memory.
Knowing what runs as which user, what's resident in memory, and how processes are isolated underpins privilege escalation, credential harvesting from memory, and understanding why race conditions exist.
Memory hierarchy. Registers → cache → RAM → disk, each far slower than the last. Volatile vs persistent. RAM is lost on power-off; disk survives. Process. Program + virtual memory + handles + security context. Thread. Shares the process's memory — fast but race-prone.
Performance and behaviour come from how these four pieces interact.
The speed gap is enormous: registers are sub-nanosecond, RAM tens of nanoseconds, disk thousands of times slower. This is why "swap to disk" tanks performance.
A process is a running program plus its state: its own virtual memory (code, stack, heap), open file handles, environment, and a security context (which user it runs as). The OS gives each process the illusion of having the machine to itself via virtual memory.
A process can have multiple threads — independent execution paths sharing the same memory. Shared memory is fast but is exactly why race conditions and data corruption happen.
Process listings (ps, Task Manager), the user a process runs as, and what's loaded in memory are all reconnaissance and privilege-escalation signals. A process running as root with a vulnerability is a path up.
The storage tiers trade speed for persistence; a process is a running program with isolated virtual memory and a user identity, and threads share that memory. The user a process runs as is a recurring privilege-escalation signal.