Educause Security Discussion mailing list archives

Rootkit discovery tools

From: John Tooley <jtooley () CSUN EDU>
Date: Mon, 26 Jun 2006 16:23:50 -0700

Hello,



I'm wondering if anyone out there has found a good set of tools for finding
Rootkits.



Our requirement is to build a "toolkit" for our technicians to be able scan
and detect on each server in our environment.



I've found the "rkhunter" app for our Unix-flavors might be a good choice,
especially since it can run on a bootable (knoppix) CD and seems to detect a
large constituentcy of rootkits.

Unfortunately, all I am seeing in the Windows-side is "RootKit Revealer",
which is sketchy IMO because it is run in a live environment.



Anyway, your input and experience is greatly appreciated.



Regards,



John



John R. Tooley, CISSP

Information Security Analyst

California State University, Northridge

Current thread:

Rootkit discovery tools John Tooley (Jun 26)
- <Possible follow-ups>
- Re: Rootkit discovery tools Wes Young (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Caroline Couture (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools David Boyer (Jun 27)
- Re: Rootkit discovery tools James H Moore (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Mike Wiseman (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)

(Thread continues...)