I did a memory and volatile data acquisition with Helix.<br>While using the enscript version of volatility I found on the blog, I ran it against the memorydump and the TCP network connections scan showed a connection:<br><br>
<a href="http://192.168.1.104:1142">192.168.1.104:1142</a>        81.169.145.x:80                3852<br><br>The strange thing is, I cant find the process accociated with processid 3852 in the enscript version with pslist.<br>
When I run the volatility program from a linux commandline I cant see any connection at all (with the options connscan and connscan2) and there is no process in plist with id 3852. <br>In the volatile data report of Helix this connection isnt showing either.<br>
<br>Of course I want to know what kind of process this is, can anyone help me?<br><br>Thanks a lot,<br>K Bertens<br>