Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IJDE
2006
2006
Exploiting the Rootkit Paradox with Windows Memory Analysis
Rootkits are malicious programs that silently subvert an operating system to hide an intruder's activities. Although there are a number of tools designed to detect rootkits, these programs are competing with the rootkit for system resources and allowing the rootkit to actively evade detection. By taking a memory image of the system, a forensic examiner can conduct a more thorough search for rootkits and even without discovering one directly, infer the presence of one. This paper explores how an examiner can create such a memory image and use the inherent properties of rootkits to find them in those memory images. Background Rootkits are programs designed to hide processes, files, and activity from the operating system and legitimate users of a computer. Normally used only by intruders, they subvert the operating system and prevent it from functioning normally. The rootkit can modify, delete, or insert data into any of the operating system's processes, and as a result, have c...
Real-time TrafficRelated Content
| Added | 12 Dec 2010 |
| Updated | 12 Dec 2010 |
| Type | Journal |
| Year | 2006 |
| Where | IJDE |
| Authors | Jesse D. Kornblum |
Comments (0)
Researcher Info
|
