Rootkits
A rootkit is a collection of tools and utilities that an attacker uses to mask his presence on a compromised system and to provide the necessary access for his return visits. The term “rootkit” originated from the discovery of such tools on Linux and Unix-variant (i.e., SunOS, Solaris, etc.) systems, as the attacker would strive to obtain and keep root-level (“root” is roughly equivalent to Administrator on Windows systems) privileges. On these systems, system binaries used for enumerating processes and listing files and network connections would be replaced so that the attacker's presence and activity would be masked, in many cases even from the system administrator. On Windows systems, rootkits don't generally replace system binaries ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.