Chapter 5: Windows Ports and Services

Explain the role of open and active ports in a network investigation. Ports represent ways to communicate with a system. Open ports are those that are bound to a listening process and that can be used to receive and process some type of communication. To an attacker, an open port represents a possible way onto a system. Investigators must know which ports are in use on a victim system in order to examine each for possible rogue use and to help determine how an attack may have occurred.
Master It You are called to investigate a suspected computer intrusion at a private company. Upon examining the ports that are open on the victim system, the administrator noted that TCP port 4444 was listening on one of his ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.