lsof

Case 1. IP Theft Linux Investigation

Nearly all IP (intellectual property) are recreated by a competitor. Investigate the development machine

Running netstat, see the weird python script with established connection to some remote host: Grab the executable: lsof -p 2082 and ps aux grep 2082.