Category:Digital-Forensics/Rootkits

From aldeid

(Redirected from Definitions/Rootkit)

Jump to navigation Jump to search

You are here:

Digital Forensics

Rootkits

What is a rootkit?

A rootkit is a collection of tools that are used to attain, maintain, and hide access by the attacker. It does that by intercepting the system functions (Windows API).
User-mode rootkits do this in user space whereas kernel-mode rootkits do that in the kernel space

User-mode rootkits and Kernel-mode rootkits

User and Kernel space

User-mode rootkits

User-mode rootkits

Kernel-mode rootkits

Kernel-mode rootkits

Detection tools

Comments

Pages in this Category

Subcategories

This category has the following 3 subcategories, out of 3 total.

A

Architecture/Windows/Device-Driver‎ (7)

D

Digital-Forensics/Rootkits/Kernel-mode-Rootkits‎ (3)
Digital-Forensics/Rootkits/User-mode-Rootkits‎ (11)

Pages in category "Digital-Forensics/Rootkits"

The following 2 pages are in this category, out of 2 total.

N

NtQueryDirectoryFile

S

SSDT-System-Service-Descriptor-Table

Retrieved from "https://www.aldeid.com/w/index.php?title=Category:Digital-Forensics/Rootkits&oldid=27413"

Share your opinion