Malware authors use various advanced techniques to install their kernel driver and to bypass Windows security mechanisms. Once the kernel driver is installed, it can modify the system components or third-party drivers to bypass, deflect, and divert your forensic analysis. In this chapter, you looked at some of the most common rootkit techniques and we saw how to detect such techniques using memory forensics. Memory forensics is a powerful technique, and using it as part of your malware analysis efforts will greatly help you understand adversary tactics. Malware authors frequently come up with new ways to hide their malicious component, so it is not enough just to know how to use the tools; it becomes important to understand the underlying concepts to recognize the efforts by the attackers to bypass the forensic tools.
Germany
Slovakia
Canada
Brazil
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
United States
Great Britain
India
Spain
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
France
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Australia
Japan
Russia