O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using Rootkits

In the world of Unix/Linux operating systems, the most powerful user on the system is called root. When an attacker breaks into a Unix system, she tries to achieve root-level access. At that point she can install a series of tools and programs designed to help her keep control of the victim system and minimize her chances of being detected. These tools grew into entire kits of tools that an attacker would install upon gaining root access to a new system. Hence the term rootkit evolved to refer to these sets of tools. Although the root user does not exist on a Windows system, the terminology of the Unix world has been adopted to refer to all toolkits designed to embed an attacker into a system while hiding her presence on that system. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required