Malware authors use various advanced techniques to install their kernel driver and to bypass Windows security mechanisms. Once the kernel driver is installed, it can modify the system components or third-party drivers to bypass, deflect, and divert your forensic analysis. In this chapter, you looked at some of the most common rootkit techniques and we saw how to detect such techniques using memory forensics. Memory forensics is a powerful technique, and using it as part of your malware analysis efforts will greatly help you understand adversary tactics. Malware authors frequently come up with new ways to hide their malicious component, so it is not enough just to know how to use the tools; it becomes important to understand the underlying concepts to recognize the efforts by the attackers to bypass the forensic tools.
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Ukraine
Luxembourg
Estonia
Lithuania
South Korea
Turkey
Switzerland
Colombia
Taiwan
Chile
Norway
Ecuador
Indonesia
New Zealand
Cyprus
Denmark
Finland
Poland
Malta
Czechia
Austria
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Netherlands
Bulgaria
Latvia
South Africa
Malaysia
Japan
Slovakia
Philippines
Mexico
Thailand