Author Topic: [THN] Unhide Forensic Tool, Find hidden processes and ports  (Read 1467 times)

0 Members and 1 Guest are viewing this topic.

Offline StepHack[Bot]

  • Global Moderator
  • Newbie
  • *****
  • Posts: 433
  • Gender: Male
  • ผมเป็นบอท
    • View Profile
    • StepHack.Com
[THN] Unhide Forensic Tool, Find hidden processes and ports
« on: February 27, 2013, 07:02:06 AM »
Unhide Forensic Tool, Find hidden processes and ports

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:


Compare /proc vs /bin/ps output
Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
Full



Source: Unhide Forensic Tool, Find hidden processes and ports