{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,23]],"date-time":"2025-01-23T05:18:10Z","timestamp":1737609490265,"version":"3.33.0"},"publisher-location":"New York, NY","reference-count":31,"publisher":"Springer New York","isbn-type":[{"type":"print","value":"9780387737416"},{"type":"electronic","value":"9780387737423"}],"license":[{"start":{"date-parts":[[2007,1,1]],"date-time":"2007-01-01T00:00:00Z","timestamp":1167609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-0-387-73742-3_6","type":"book-chapter","created":{"date-parts":[[2007,11,13]],"date-time":"2007-11-13T10:45:53Z","timestamp":1194950753000},"page":"89-105","source":"Crossref","is-referenced-by-count":6,"title":["Analysis of Tools for Detecting Rootkits and Hidden Processes"],"prefix":"10.1007","author":[{"given":"A.","family":"Todd","sequence":"first","affiliation":[]},{"given":"J.","family":"Benson","sequence":"additional","affiliation":[]},{"given":"G.","family":"Peterson","sequence":"additional","affiliation":[]},{"given":"T.","family":"Franz","sequence":"additional","affiliation":[]},{"given":"M.","family":"Stevens","sequence":"additional","affiliation":[]},{"given":"R.","family":"Raines","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"E. Abreu, Hackers get novel defense; the computer did it ( http:\/\/www.forbes.com\/markets\/newswire\/2003\/10\/27\/rtrll24430.html ), 2003.","DOI":"10.1016\/S1361-3723(03)00007-1"},{"key":"6_CR2","unstructured":"Aphex, ReadMe.txt ( http:\/\/www.iamaphex.net ), 2006."},{"key":"6_CR3","unstructured":"J. Butler and S. Sparks, Windows rootkits of 2005: Part two ( http:\/\/www.securityfocus.com\/infocus\/1851 ), 2005."},{"key":"6_CR4","unstructured":"J. Butler and S. Sparks, Windows rootkits of 2005: Part three ( http:\/\/www.securityfocus.com\/infocus\/1854 ), 2006."},{"key":"6_CR5","volume-title":"File System Forensic Analysis","author":"B. Carrier","year":"2005","unstructured":"B. Carrier, File System Forensic Analysis, Addison-Wesley, Boston, Massachusetts, 2005."},{"key":"6_CR6","volume-title":"M.S. Thesis","author":"C. Claycomb","year":"2006","unstructured":"C. Claycomb, Analysis of Windows Rootkits, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2006."},{"key":"6_CR7","unstructured":"CMS Consulting, Hidden rootkits in Windows ( http:\/\/www.task.to\/events\/presentations\/TASK_Hidden_Rootkits_in_Windows.pdf ), 2005."},{"key":"6_CR8","unstructured":"B. Cogswell and M. Russinovich, RootkitRevealer v1.71 ( http:\/\/www.sysinternals.com\/Utilities\/RootkitRevealer.html )."},{"key":"6_CR9","unstructured":"K. Dillard, What are user-mode vs. kernel-mode rootkits? ( http:\/\/searchwindowssecurity.techtarget.com\/originalContent\/0,289142,sid45_gci1086469,00.html ), 2005."},{"key":"6_CR10","unstructured":"E. Florio, When malware meets rootkits, Virus Bulletin, 2005."},{"key":"6_CR11","unstructured":"Frisk Software International, F-Prot Antivirus Scanner ( http:\/\/www.f-prot.com\/products\/home_use\/linux )."},{"key":"6_CR12","unstructured":"F-Secure Corporation, Blacklight ( http:\/\/www.f-secure.com\/blacklight\/blacklight.html )."},{"key":"6_CR13","unstructured":"Guidance Software, EnCase (v.4) ( http:\/\/www.guidancesoftware.com )."},{"key":"6_CR14","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G. Hoglund","year":"2005","unstructured":"G. Hoglund and J. Butler, Rootkits: Subverting the Windows Kernel, Addison-Wesley, Boston, Massachusetts, 2005."},{"key":"6_CR15","unstructured":"Holy Father, Hacker Defender ( http:\/\/hxdef.org\/download.php )."},{"key":"6_CR16","unstructured":"T. Kojm, Clam AntiVirus ( http:\/\/www.clamav.net )."},{"key":"6_CR17","unstructured":"J. Levine, B. Culver and H. Owen, A methodology for detecting new binary rootkit exploits, Proceedings of the IEEE SouthEastCon, 2003."},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"J. Levine, J. Grizzard, P. Hutto and H. Owen, A methodology to characterize kernel level rootkit exploits that overwrite the system call table, Proceedings of the IEEE Southeast Con, pp. 25\u201331, 2004.","DOI":"10.1109\/SECON.2004.1287894"},{"key":"6_CR19","unstructured":"M. McDougal, Windows Forensic Toolchest (WFT) ( http:\/\/www.foolmoon.net\/security\/wft ), 2005."},{"key":"6_CR20","unstructured":"RKDetector.com, RKDetector v2.0 ( http:\/\/www.rkdetector.com )."},{"key":"6_CR21","unstructured":"RKDetector.com, RKDetector v2.0 Engine ( http:\/\/www.rkdetector.com )."},{"key":"6_CR22","unstructured":"Rootkit.com ( http:\/\/www.rootkit.com\/download.php )."},{"key":"6_CR23","unstructured":"J. Rutkowska, Concepts for the Stealth Windows Rootkit (The Chameleon Project) ( http:\/\/invisiblethings.org\/papers\/chameleon.concepts.pdf ), 2003."},{"key":"6_CR24","unstructured":"J. Rutkowski, Advanced Windows 2000 rootkit detection ( http:\/\/hxdef.org\/knowhow\/rutkowski.pdf ), 2003."},{"key":"6_CR25","unstructured":"J. Rutkowski, Execution path analysis: Finding kernel rootkits ( http:\/\/doc.bughunter.net\/rootkit-backdoor\/execution-path.html ), 2004."},{"key":"6_CR26","unstructured":"P. Silberman, FUTo ( http:\/\/formed.org\/?v=3&a=7 ), 2006."},{"key":"6_CR27","unstructured":"Simple Nomad, Covering your tracks: Ncrypt and Ncovert, presented at Black Hat USA 2003 ( http:\/\/www.blackhat.com\/html\/bh-media-archives\/bh-archives-2003.html ), 2003."},{"key":"6_CR28","unstructured":"S. Sparks, Shadow Walker: Raising the bar for rootkit detection, presented at Black Hat USA 2005 ( http:\/\/www.blackhat.com\/presentations\/bh-jp-05\/bh-jp-05-sparks-butler.pdf ), 2005."},{"key":"6_CR29","volume-title":"Microsoft Research Technical Report, MSR-TR-2004-71","author":"Y. Wang","year":"2004","unstructured":"Y. Wang, B. Vo, R. Roussev, C. Verbowski and A. Johnson, Strider Ghostbuster: Why it\u2019s a bad idea for stealth software to hide files, Microsoft Research Technical Report, MSR-TR-2004-71, Microsoft Corporation, Redmond, Washington, 2004."},{"key":"6_CR30","unstructured":"XFocus.net, IceSword (v1.12 and v1.18) ( http:\/\/www.xfocus.net )."},{"key":"6_CR31","unstructured":"XShadow, Vanquish v0.2.1 ( http:\/\/www.rootkit.com\/vault\/xshadoe\/readme.txt ), 2005."}],"container-title":["IFIP \u2014 The International Federation for Information Processing","Advances in Digital Forensics III"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-73742-3_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,22]],"date-time":"2025-01-22T07:36:58Z","timestamp":1737531418000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-73742-3_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9780387737416","9780387737423"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-73742-3_6","relation":{},"ISSN":["1571-5736"],"issn-type":[{"type":"print","value":"1571-5736"}],"subject":[],"published":{"date-parts":[[2007]]}}}