Chapter 5 Windows Ports and Services

A large part of conducting a network investigation is identifying items that are out of place. Just as an investigator at the scene of a burglary might look for items that have been moved, broken, or left behind by the burglar as potential evidence, so too must the network investigator survey the digital crime scene, looking for items that are out of place. For the burglary investigator, these items may include windows or doors that were left open or burglary tools that were left behind. When examining a computer that may have been involved in a crime, the concept remains the same; instead of examining open windows, we will examine open ports, and the tools we find left behind will be files or processes rather ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 5

Windows Ports and Services

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly