Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Rootkits > Rootkits - Pg. 422

422 Chapter 9 · DIY Malware Analysis Rootkits The biggest problem when collecting volatile data is the amount of trust you have to put in the infected machine. Malware authors have learned to go to extreme lengths to hide their creations from the system owner, and recent developments and take up of rootkit and stealthkit technology have truly deserved the meaning of the word stealth. One of the first steps when performing a forensic analysis on an infected machine is to determine if there are any rootkits installed on the machine.This does not necessarily have to be done as a first step, but if there is a rootkit installed on the machine, you will have to stop it before collecting volatile data, otherwise it will almost certainly not be complete and you will miss crucial information about the malware. Are You 0wned? Rootkit Detection It is very difficult to detect beyond all doubt whether a rootkit is present on the machine. As a general rule of thumb, always run multiple rootkit detection tools and