• Advertise
• Search
• Free Magazines
• Newest Links
• Categories
• Register
• Login

Thoughts about Cross-View based Rootkit Detection

Added by Papergrl

Description: Cross-view based detectors, like Rootkit Revealer, compare a "low level" system view with a "high level" view. Let's focus here on hidden files detection on Windows systems. How to obtain a low level view of the file system? Of course by reading a raw disk sectors and parsing them according to NTFS layout.