Third Dream

Andy found himself sitting at his desk again. This time, he had a sense that he'd already talked to Dave. As he thought about the situation for a moment, it occurred to him that he really didn't have a whole lot of information. Sure, he had the IP address of the system in question, and Dave had told him that the traffic that had been detected was TFTP and IRC. Andy knew that the network engineers identified network traffic by the ports that were used, particularly the destination ports. This meant that the outbound traffic was to UDP port 69 and to TCP port 6667, respectively. So he had the source IP address for the traffic (i.e., the system in question) as well as the destination ports. He decided that the best thing to do was to ...

Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.