From aldeid
Jump to: navigation, search
You are here:

What is a rootkit?

  • A rootkit is a collection of tools that are used to attain, maintain, and hide access by the attacker. It does that by intercepting the system functions (Windows API).
  • User-mode rootkits do this in user space whereas kernel-mode rootkits do that in the kernel space

User-mode rootkits and Kernel-mode rootkits

User and Kernel space


User-mode rootkits

Kernel-mode rootkits

Detection tools


blog comments powered by Disqus

Pages in this Category


This category has the following 3 subcategories, out of 3 total.

Pages in category "Digital-Forensics/Rootkits"

The following 2 pages are in this category, out of 2 total.