Jump to content
Nytro

Kernel Hacking & Anti-forensics: Evading MemoryAnalysis

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Kernel Hacking & Anti-forensics: Evading Memory Analysis

RODRIGO RUBIRA

BRANCO (BSDAEMON)

FILIPE ALCARDE BALESTRA

This article is intended to explain, why a forensic analysis in a

live system may not be recommended and why the image of that

system can trigger an advanced anti-forensic-capable rootkit.

Since, most of the operating systems have

the same approach in this regard, most

examples covered here in Linux can be

applied to similar situations in other operating

systems too.

An overview of the kernel internals and the

structure and working of x86 architecture will also

be given, along with the differences between other

architectures.

Introduction

A lot of tools [5] have been developed to analyze

a live system in order to detect an intrusion (like

installed rootkits [7]).

This article tries to explain some presentations

[8] that showed problems in this existent model,

explaining the risks of this act and when can it be

accepted.

Dowbload:

http://www.kernelhacking.com/rodrigo/docs/AntiForense.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...