Most malicious programs perform some network activity, either to download additional components, to receive commands from the attacker, to exfiltrate data, or to create a remote backdoor on the system. Inspecting the networking activity will help you determine the network operations of the malware on the infected system. In many cases, it is useful to associate the process running on the infected system with the activities detected on the network. To determine the active network connections on pre-vista systems (such as Windows XP and 2003), you can use the connections plugin. The following command shows an example of using the connections plugin to print the active connections from a memory dump ...