O'Reilly logo

Practical Windows Forensics by Konstantin Sapronov, Ayman Shaaban

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Network-based data collection

Nowadays, it is difficult enough to find computers that don't have any network connections. This is almost impossible in the enterprise environment. Network connections reflect the interaction of computers with the outer world. Also, the network is the main source of threats. Today, the Internet is a very aggressive environment. Threats of various levels from spam to APT often penetrate computers via networks.

So, in almost every incident, computers have network activities that are related to the incident. There are a lot of examples of such events from receiving e-mails with malicious attachments and visits of a malicious URL. However, sometimes to have only host-based evidence to get a whole picture about an incident ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required