Definitions
Before we continue, we need to present a couple of definitions for the purpose of clarity.
A process is an executing program. The program itself is usually an executable file on the system, most often with an .exe file extension. The image becomes a process when the system loads and executes the image file. At this point, the file goes from just occupying space on the hard drive to also consuming memory and CPU cycles.
A port is an aspect of a network connection. Every computer system is capable of opening multiple (more than 65,000) ports, and each port is simply a number in the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) header. From a network perspective, ports offer a potential means for accessing the system, ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
