Category:Digital-Forensics/Rootkits

From aldeid
Jump to: navigation, search
You are here:
Rootkits

What is a rootkit?

  • A rootkit is a collection of tools that are used to attain, maintain, and hide access by the attacker. It does that by intercepting the system functions (Windows API).
  • User-mode rootkits do this in user space whereas kernel-mode rootkits do that in the kernel space

User-mode rootkits and Kernel-mode rootkits

User and Kernel space

User-kernel-space.png

User-mode rootkits

Kernel-mode rootkits

Detection tools

Comments

blog comments powered by Disqus

Pages in this Category

Subcategories

This category has the following 3 subcategories, out of 3 total.

Pages in category "Digital-Forensics/Rootkits"

The following 2 pages are in this category, out of 2 total.