Looking for windows command lines

DFORENSICS1 used Ask the Experts™
Could someone please point me to a good source, GUI or not, for Windows Command Lines. Looking for any command lines that might help ID active root kits or open and listening ports, especially any ports not normally used. Also, anyone who thinks they have other good command lines that might help with forensic analysis of a running, live, windows machine.  Not necessarily a RAM dump, but anything that a forensic examiner could use that might not seem so obvious. We would like to catch people listening in on people if we can. We are finding mostly soon to be ex husbands taking advantage of their soon to be ex wife's limited knowledge of how computers work. They may have SpectorPro or something similar running, or a home built bug or root kit installed and listening.

I know this is a big question and not so precise either. I hope someone can work with it. Thank you.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi take a look at following utilities from Microsoft which might help:

Process Explorer:
(tool to analyse files, registry, dlls and network connections from the PC)


TCP View:
(tool to check connections established from the systems)

What kind of windows systems are we talking about here? If your working for forensics you should already be used to Encase(GUI), Responder(GUI), FGET(Console), Volatility(Console), and DD(Console).

The tools available are a lengthy list. The above tools should get you what you need along with a kernel debugger.


Thank you!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial