| <<< Collecting and Preserving Digital Evidence | Index | Bitstream Copy >>> |
Computer intruders and sophisticated computer criminals use binary programs known as rootkits.
Rootkits originated on UNIX systems, and later appeared on Windows systems.
The rootkits
replace key system components of the Operating System
hide their own presence on the computer.
Using trusted copies of system commands can circumvent most rootkits, but additional precautions are required.
Since rootkits may actively conceal or destroy evidence, finding and collecting information in such environment becomes problematic.
| <<< Collecting and Preserving Digital Evidence | Index | Bitstream Copy >>> |