Analysis of Tools for Detecting Rootkits and Hidden Processes
Document Type
Conference Proceeding
Publication Date
2007
Abstract
Rootkits pose a dilemma in forensic investigations because hackers use them surreptitiously to mislead investigators. This paper analyzes the effectiveness of online and offline information analysis techniques in detecting rootkits and determining the processes and/or files hidden by rootkits. Five common rootkits were investigated using a live analysis tool, five rootkit detection tools (RDTs) and four offline analysis tools. The experimental results indicate that, while live analysis techniques provide a surprising amount of information and offline analysis provides accurate information, RDTs are the best approach for detecting rootkits and hidden processes. Abstract © Springer
DOI
10.1007/978-0-387-73742-3_6
Source Publication
IFIP — The International Federation for Information Processing, vol 242
Recommended Citation
Todd, A., Benson, J., Peterson, G., Franz, T., Stevens, M., & Raines, R. (2007). Analysis of Tools for Detecting Rootkits and Hidden Processes. In P. Craiger & S. Shenoi (Eds.), Advances in Digital Forensics III. DigitalForensics 2007 (IFIP, vol. 242, pp. 89–105). New York: Springer. https://doi.org/10.1007/978-0-387-73742-3_6
Comments
© International Federation for Information Processing 2007
The "Link to Full Text" on this page loads the PDF of the chapter, furnished through the Springer Nature SharedIt content-sharing initiative. The publisher retains permissions to re-use and distribute this chapter from IFIP vol. 242.
Funding note: This research was sponsored by the Anti-Tamper Software Protection Initiative Technology Office, Sensors Directorate, U.S. Air Force Research Laboratory.