find exe, process, that produced network traffic
is it possible to determine which process, executable,… produced network traffic if you only have a image of the hdd.
I have got no memory dump and no Live Response data.
It´s a Win7 64-bit.
Sometimes it is possible. I would say start with making an elaborate time-line.
You can view the executables which have a windows firewall exception policy here
I'm not sure how much that helps your situation, but that may be a place to start.