O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Monitoring Communication with the Victim Box

In addition to running live-analysis tools on the target system, you can monitor the network traffic coming from and going to the system. While a rootkit may conceal the presence of a communication channel from live-analysis tools, if the channel exists and is being used to communicate with another system, that traffic must pass across the network cable connected to the victim computer at some point. Hacker tools, such as bots, will frequently send periodic communications to a server or chat room monitored by the hacker. In this way the hacker can keep tabs on which machines she owns at any given moment.

By monitoring the traffic into and out of the target system, you can determine which IP addresses ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required