O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using Ports as Evidence

Since attackers have so many uses for ports, it becomes necessary for us as investigators to focus on their evidentiary value. When we examine a compromised system, the ports that are active on it can tell us a great deal of valuable information; however, in order to get the most out of this information, we must have a baseline to which to compare. For example, we may locate a competent system administrator who knows which ports were open on the box prior to the incident under investigation. Alternatively, we may compare our target system to others that are reportedly configured identically (such as may occur in a server farm when multiple machines are placed into service simultaneously). We can also make some determinations ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required