Notifications

Clear all

find exe, process, that produced network traffic

General (Technical, Procedural, Software, Hardware etc.)

Last Post by allend 15 years ago

3 Posts

3 Users

0 Reactions

429 Views

RSS

jot49

(@jot49)

Active Member

Joined: 18 years ago

Posts: 16

Topic starter 16/11/2010 8:21 pm

All,

is it possible to determine which process, executable,… produced network traffic if you only have a image of the hdd.
I have got no memory dump and no Live Response data.
It´s a Win7 64-bit.

Thanks

Quote

joachimm

(@joachimm)

Estimable Member

Joined: 17 years ago

Posts: 181

16/11/2010 8:27 pm

Sometimes it is possible. I would say start with making an elaborate time-line.

ReplyQuote

allend

(@allend)

Active Member

Joined: 15 years ago

Posts: 17

16/11/2010 9:15 pm

You can view the executables which have a windows firewall exception policy here

HKLM\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

I'm not sure how much that helps your situation, but that may be a place to start.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
190 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed