Up until now, the focus of this book has been the functional implementation of rootkit technology, but many of the design decisions that go into a rootkit are spawned from rootkit detection technology. This chapter introduces the current state of rootkit detection technology to provide the rootkit designer with a perspective of the constraints that impact implementation.
This chapter includes the following:
Detection methods
Detection software
What to do with a detected rootkit
Safe mode