O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Malware Footprints and Persistence

Once on a system, malware will generally leave a footprint, or some evidence to indicate its presence. When the malware is installed, files are created on the system. New directories may also be created. Registry keys may be added, or a value may be added to an existing Registry key. For the malware to be active and effective, it must exist at some point as a running process, even if for a short time. Finally, many forms of malware will open ports on the system. Network backdoors and Trojans will generally open ports in LISTENING mode in order to allow an attacker to connect to them and take control of the victim system. IRC bots, on the other hand, will open a client port in order to connect to an IRC server ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required