O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Detecting Rootkits

If a kernel-mode rootkit is suspected, the entire system cannot be trusted. Since the core of the operating system, the kernel, has been subverted and compromised, you have no idea if the tools you are using are providing you with correct information. However, how do you know if you've been infected with a rootkit? Suspecting it doesn't make it so, and IT managers need hard facts on which to base their decisions. What facts does the administrator or investigator have that will allow him or her to justify taking the CEO's workstation away or taking down the transaction processing server (or servers) at a cost of thousands of dollars per minute?

The AFX Windows Rootkit 2003 can be easily detected by the presence of the two DLL ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required