Skip to main content
Conference ProceedingsOPEN ACCESS

Analysis of tools for detecting rootkits and hidden processes

IFIP International Federation for Information Processing (2007) 242 89-105
DOI: 10.1007/978-0-387-73742-3_6
7Citations
Citations of this article
17Readers
Mendeley users who have this article in their library.

Abstract

Rootkits pose a dilemma in forensic investigations because hackers use them surreptitiously to mislead investigators. This paper analyzes the effectiveness of online and offline information analysis techniques in detecting rootkits and determining the processes and/or files hidden by rootkits. Five common rootkits were investigated using a live analysis tool, five rootkit detection tools (RDTs) and four offline analysis tools. The experimental results indicate that, while live analysis techniques provide a surprising amount of information and offline analysis provides accurate information, RDTs are the best approach for detecting rootkits and hidden processes. © 2007 International Federation for Information Processing.

Author supplied keywords

Cite

CITATION STYLE

APA

Todd, A., Benson, J., Peterson, G., Franz, T., Stevens, M., & Raines, R. (2007). Analysis of tools for detecting rootkits and hidden processes. In IFIP International Federation for Information Processing (Vol. 242, pp. 89–105). https://doi.org/10.1007/978-0-387-73742-3_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free