I have used TCPview for over 2 years. Yet I have not realized that it is a forensics tool in Windows system forensics especially in an online environment. The reason is that it tells which ports are opened,established and the remote IP addresses connecting to different ports. The most important information is that it gives which programs are using which ports. This helps to identify the existence of back-door or Trojan horses in online Windows servers.
Surprise, Microsoft TechNet recommends the use of TCPview in conjunction with netstat:
(http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx)
No comments:
Post a Comment