18APPROACHES TO ANALYZING HIDDEN FILESYSTEMS
So far in this book, you’ve learned how bootkits penetrate and persist on the victim’s computer by using sophisticated techniques to avoid detection. One common characteristic of these advanced threats is the use of a custom hidden storage system for storing modules and configuration information on the compromised machine.
Many of the hidden filesystems in malware are custom or altered versions of standard filesystems, meaning that performing forensic analysis on a computer compromised with a rootkit or bootkit often requires a custom toolset. In order to develop these tools, researchers must learn ...
Get Rootkits and Bootkits now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
