Timely Rootkit Detection During Live Response

Authors

Daniel Molina
Matthew A. Zimmerman
Gregory R. Roberts
Marnita T. Eaddie
Gilbert L. Peterson, Air Force Institute of TechnologyFollow

Document Type

Conference Proceeding

Publication Date

2008

Abstract

This paper describes a non-intrusive rootkit detection tool designed to support forensic investigations that involve the live analysis of computer systems. The tool, which does not require pre-installation, correlates outputs from multiple system data gathering utilities. Test results indicate that the tool successfully detects several well-known rootkits, including Hacker Defender, AFX, Vanquish, FU and FUto. Abstract © Springer

Comments

The "Link to Full Text" on this page loads the PDF of the chapter, furnished through the Springer Nature SharedIt content-sharing initiative. The publisher retains permissions to re-use and distribute this chapter in IFIP vol. 285.

© IFIP International Federation for Information Processing 2008

DOI

10.1007/978-0-387-84927-0_12

Source Publication

IFIP — The International Federation for Information Processing, vol. 285

Recommended Citation

Molina, D., Zimmerman, M., Roberts, G., Eaddie, M., & Peterson, G. (2008). Timely Rootkit Detection During Live Response. In I. Ray & S. Shenoi (Eds.), Advances in Digital Forensics IV. DigitalForensics 2008. (pp. 139–148). Boston: Springer. https://doi.org/10.1007/978-0-387-84927-0_12