Information Security
Forensic kits and root assessment tools
This list of tools is provided for technical staff who are interested in self education. Forensic analysis legally includes more than just knowing how to use a tool, it requires training and certification. Remember - there is no such thing as a "magic bullet", and rootkits can and do evade these tools.
- Multiple platforms
- Knoppix STD for windows and unix
- Unix platform
- chkrootkit
- The Coroner's Toolkit (TCT)
- Penguin Sleuth Kit Bootable CD
- Rootkit Hunter
- Windows platform
- Helios Lite rootkit detector
- McAfee's Rootkit Detective Beta
- Sysinternals Freeware RootkitRevealer
- Flister is a proof-of-concept code for detecting usermode & kernalmode rootkits
- The Register's 2003 article on IERK
- Purdue University's analysis of Hacker Defender
- Rkdetector remote detector for Hacker Defender
- Rootkit Unhooker from Antirootkit software
- Tutorials and papers
- LURQ's analysis of P2P Trojans
- David O'Brien (1996) Recognizing and Recovering from Rootkit Attacks
- TonikGin's IRC XDCC Hacking Exposed
- Security Focus article on Windows rootkits
- Stanford's analysis of their April 2004 multi-host incident.
For Immediate Help, contact NOC.
Tufts Home |
Inside Tufts |
Contact University Information Technology
Privacy/Security Notices |
Updated April 30 2008
© 2008 Trustees of Tufts College. All rights reserved.