Analysis of Tools for Detecting Rootkits and Hidden Processes
Rootkits pose a dilemma in forensic investigations because hackers use them surreptitiously to mislead investigators. This paper analyzes the effectiveness of online and offline information analysis techniques in detecting rootkits and determining the processes and/or files hidden by rootkits. Five common rootkits were investigated using a live analysis tool, five rootkit detection tools (RDTs) and four offline analysis tools. The experimental results indicate that, while live analysis techniques provide a surprising amount of information and offline analysis provides accurate information, RDTs are the best approach for detecting rootkits and hidden processes. Abstract © Springer
IFIP — The International Federation for Information Processing, vol 242
Todd, A., Benson, J., Peterson, G., Franz, T., Stevens, M., & Raines, R. (2007). Analysis of Tools for Detecting Rootkits and Hidden Processes. In P. Craiger & S. Shenoi (Eds.), Advances in Digital Forensics III. DigitalForensics 2007 (IFIP, vol. 242, pp. 89–105). New York: Springer. https://doi.org/10.1007/978-0-387-73742-3_6
© International Federation for Information Processing 2007
The "Link to Full Text" on this page loads the PDF of the chapter, furnished through the Springer Nature SharedIt content-sharing initiative. The publisher retains permissions to re-use and distribute this chapter from IFIP vol. 242.