While doing security incident response you might want to gather information as you can to come out with the proper finding.
Personally I have come across a lot of incident where I’m required to capture the ports open on the infected machine.
This is a not a difficult task, however with the current emerging of technology, the hacker get smarter too. They design the malware to hide their process from being captured by the task manager, netstat commands and other system admin useful commands. Rootkits is one of the example malware which sits on the handle use by the windows to hide itself from “netstat”.
TCPView is a Sysinternal product which allows you to capture all the relevant ports and its protocols with detail overview of its attached processes. This program has an advance future. It allows you to capture the malware ports or connection hidden from a normal Windows “netstat” program.