Port Scanners

Port scanners allow an administrator or investigator to determine which ports are open on a remote system. Port scanners may be used in conjunction with an investigation in order to determine if there are any open ports that do not appear in the output of netstat.exe or process-to-port mapping tools such as openports.exe.

If the investigator detects open ports using a port scanner but does not find any indication of that same port being open and using tools on the system itself, this may indicate suspicious activity on the system. In other cases, the output of a port scanner can be the first indication that something may be amiss. If the administrator or investigator discovers an unusual port open on a system, it may indicate the ...

Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.