Chapter 9. Scanners and Sniffers
In many cases, an investigator may be able to collect valuable information about an incident from the network rather than from the compromised system itself. In order to do this, the investigator will need specialized tools, specifically port scanners and network protocol analyzers, more commonly known as sniffers.
This chapter will present several port scanners and sniffers and describe their use. The list of each of these tools is representative of what is available and should not be considered comprehensive. There are a great number of port scanners available; some have GUIs, and others run from the command line. The same is true with sniffers. This chapter will focus on a few of each and address their use. ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
