hi, i've just noticed that netstat as an option (-b) that allow to list port and the processes which are binded to. fport (-foundstone free utility-) allow just to see processes and local ports.
Netstat -b allow to see processes (and dlls involved in the TCP/IP connection), local ports and remote ports and remote IP address ! Remote IP address and remote ports could be useful when investigating. Why any of the famous books related to windows forensics (Incident responsw & computer forensics -FOundstone-, Windows Forensics -Carvey-, ...) doesn't talk about the -b option ? i'm going to update my Automated response script with netstat -b ! Greetings.
