{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T00:10:47Z","timestamp":1725495047550},"publisher-location":"New York, NY","reference-count":23,"publisher":"Springer New York","isbn-type":[{"type":"print","value":"9780387737416"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-0-387-73742-3_7","type":"book-chapter","created":{"date-parts":[[2007,11,13]],"date-time":"2007-11-13T10:45:53Z","timestamp":1194950753000},"page":"107-116","source":"Crossref","is-referenced-by-count":2,"title":["A Method for Detecting Linux Kernel Module Rootkits"],"prefix":"10.1007","author":[{"given":"Doug","family":"Wampler","sequence":"first","affiliation":[]},{"given":"James","family":"Graham","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"M. Burdach, Detecting rootkits and kernel-level compromises in Linux (\n http:\/\/www.securityfocus.com\/infocus\/1811\n \n ), 2004."},{"key":"7_CR2","unstructured":"A. Busleiman, Detecting and understanding rootkits (\n http:\/\/www.netsecurity.org\/dl\/articles\/Detectmg_and_Understanding_rootkits.txt\n \n ) 2003."},{"key":"7_CR3","unstructured":"B. Carrier and E. Spafford, Automated digital evidence target definition using outlier analysis and existing evidence, Proceedings of the Fifth Annual Digital Forensics Research Workshop (\n http:\/\/www.dfrws.org\/2005\/proceedings\/index.html\n \n ), 2005."},{"key":"7_CR4","unstructured":"S. Cesare, Runtime kernel patching (\n http:\/\/reactor-core.org\/runtime-kernel-patching.html\n \n )."},{"key":"7_CR5","unstructured":"A. Chuvakin, An overview of Unix rootkits, iALERT White Paper, iDefense Labs (\n http:\/\/www.megasecurity.org\/papers\/Rootkits.pdf\n \n ), 2003."},{"key":"7_CR6","unstructured":"D. Dittrich, Root kits and hiding files\/directories\/processes after a break-in (\n http:\/\/staff.washington.edu\/dittrich\/misc\/faqs\/rootkits.faq\n \n ), 2002."},{"key":"7_CR7","unstructured":"Honeynet Project, Know your enemy: The motives and psychology of the black hat community (\n http:\/\/www.linuxvoodoo.org\/resources\/security\/motives\n \n ), 2000."},{"key":"7_CR8","unstructured":"P. Hutto, Adding a syscall (\n http:\/\/www-static.cc.gatech.edu\/classes\/AY2001\/cs3210_fall\/labs\/syscalls.html\n \n ), 2000."},{"key":"7_CR9","unstructured":"Integrity Computing, Network security: A primer on vulnerability, prevention, detection and recovery (\n http:\/\/www.integritycomputing.com\/security1.html\n \n )."},{"key":"7_CR10","unstructured":"Komoku Inc. (\n http:\/\/www.komoku.com\/technology.shtml\n \n )."},{"key":"7_CR11","unstructured":"C. Kruegel, W. Robertson and G. Vigna, Detecting kernel-level rootkits through binary analysis (\n http:\/\/www.cs.ucsb.edu\/~wkr\/publications\/acsac20041krmpresentation.pdf\n \n ), 2004."},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"J. Levine, B. Grizzard and H. Owen, Detecting and categorizing kernel-level rootkits to aid future detection, IEEE Security & Privacy, pp. 24\u201332, January\/February 2006.","DOI":"10.1109\/MSP.2006.11"},{"key":"7_CR13","unstructured":"M. Murilo and K. Steding-Jessen, chkrootkit (\n http:\/\/www.chkrootkit.org\n \n ), 2006."},{"key":"7_CR14","unstructured":"R. Naraine, Government-funded startup blasts rootkits (\n http:\/\/www.eweek.com\/article2\/0,1759,1951941,00.asp\n \n ), April 24, 2006."},{"key":"7_CR15","unstructured":"N. Petroni, T. Fraser, J. Molina and W. Arbaugh, Copilot \u2014A co-processor-based kernel runtime integrity monitor, Proceedings of the Thirteenth USENIX Security Symposium, pp. 179\u2013194, 2004."},{"key":"7_CR16","unstructured":"J. Rutkowski, Execution path analysis: Finding kernel based rootkits (\n http:\/\/doc.bughunter.net\/rootkit-backdoor\/execution-path.html\n \n )."},{"key":"7_CR17","unstructured":"Samhain Labs, kern_check.c (\n http:\/\/la-samhna.de\/library\/kern_check.c\n \n )."},{"key":"7_CR18","volume-title":"Hacking Exposed: Network Security Secrets and Solutions","author":"S. J","year":"2001","unstructured":"J. Scambray, S. McClure and G. Kurtz, Hacking Exposed: Network Security Secrets and Solutions, McGraw-Hill\/Osborne, Berkeley, California, 2001."},{"key":"7_CR19","unstructured":"SecurityFocus, scprint.c (\n http:\/\/downloads.securityfocus.com\n \n )."},{"key":"7_CR20","volume-title":"Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses","author":"S. E","year":"2001","unstructured":"E. Skoudis, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Prentice-Hall, Upper Saddle River, New Jersey, 2001."},{"key":"7_CR21","volume-title":"Network Security Essentials","author":"S. W","year":"2003","unstructured":"W. Stallings, Network Security Essentials, Prentice-Hall, Upper Saddle River, New Jersey, 2003."},{"key":"7_CR22","unstructured":"R. Wichmann, Linux kernel rootkits (\n http:\/\/coewww.rutgers.edu\/wwwl\/linuxclass2006\/\/documents\/kerneLrootkits\/index.html\n \n ), 2002."},{"key":"7_CR23","unstructured":"D. Zovi, Kernel rootkits (\n http:\/\/www.sans.org\/reading_room\/whitepapers\/threats\/449.php\n \n ), SANS Institute, 2001."}],"container-title":["IFIP \u2014 The International Federation for Information Processing","Advances in Digital Forensics III"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-73742-3_7.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,29]],"date-time":"2021-04-29T04:17:21Z","timestamp":1619669841000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-73742-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9780387737416"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-73742-3_7","relation":{},"subject":[]}}