On Dec 1, 2005, at 1:27 PM, [EMAIL PROTECTED] wrote:
hi,i've just noticed that netstat as an option (-b) that allow to list port and the processes which are binded to. fport (-foundstone free utility-) allow just to see processes and local ports.Netstat -b allow to see processes (and dlls involved in the TCP/IP connection), local ports and remote ports and remote IP address ! Remote IP address and remote ports could be useful when investigating.Why any of the famous books related to windows forensics (Incident responsw & computer forensics -FOundstone-, Windows Forensics - Carvey-, ...) doesn't talk about the -b option ?
Because it's non-standard. It's not on my version, for example.
i'm going to update my Automated response script with netstat -b !
Then your scripts won't be portable.
Greetings.
smime.p7s
Description: S/MIME cryptographic signature
