Title

Analysis of Tools for Detecting Rootkits and Hidden Processes

Document Type

Conference Proceeding

Publication Date

2007

Abstract

Rootkits pose a dilemma in forensic investigations because hackers use them surreptitiously to mislead investigators. This paper analyzes the effectiveness of online and offline information analysis techniques in detecting rootkits and determining the processes and/or files hidden by rootkits. Five common rootkits were investigated using a live analysis tool, five rootkit detection tools (RDTs) and four offline analysis tools. The experimental results indicate that, while live analysis techniques provide a surprising amount of information and offline analysis provides accurate information, RDTs are the best approach for detecting rootkits and hidden processes. Abstract © Springer

Comments

The "Link to Full Text" on this page loads the PDF of the chapter, furnished open-access through the Springer Nature SharedIt content-sharing initiative. The publisher retains permissions to re-use and distribute this chapter from IFIP vol. 242.

DOI

10.1007/978-0-387-73742-3_6

Source Publication

IFIP — The International Federation for Information Processing, vol 242

Share

COinS