Summary
There may be cases in which some of the information necessary for the investigator to do her job does not reside on the “victim” computer systems themselves. The investigator may need to perform a port scan of the “victim” system, looking for other infected systems. Remember that some network backdoors listen on ports, awaiting connections from the attacker. If one backdoor is found on a system, the investigator can quickly scan other systems in the infrastructure for the same open port.
The investigator may decide to capture network traffic in order to monitor an attacker's activity or to determine if other systems on the network are also being attacked. By monitoring the activity that occurs in relation to one system and understanding ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
