Using Rootkits

In the world of Unix/Linux operating systems, the most powerful user on the system is called root. When an attacker breaks into a Unix system, she tries to achieve root-level access. At that point she can install a series of tools and programs designed to help her keep control of the victim system and minimize her chances of being detected. These tools grew into entire kits of tools that an attacker would install upon gaining root access to a new system. Hence the term rootkit evolved to refer to these sets of tools. Although the root user does not exist on a Windows system, the terminology of the Unix world has been adopted to refer to all toolkits designed to embed an attacker into a system while hiding her presence on that system. ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.