O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Rootkits

A rootkit is a collection of tools and utilities that an attacker uses to mask his presence on a compromised system and to provide the necessary access for his return visits. The term “rootkit” originated from the discovery of such tools on Linux and Unix-variant (i.e., SunOS, Solaris, etc.) systems, as the attacker would strive to obtain and keep root-level (“root” is roughly equivalent to Administrator on Windows systems) privileges. On these systems, system binaries used for enumerating processes and listing files and network connections would be replaced so that the attacker's presence and activity would be masked, in many cases even from the system administrator. On Windows systems, rootkits don't generally replace system binaries ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required