Friday, January 18, 2013

Backtrack Forensics: chkrootkit

Menu: Forensics -> Anti-Virus Forensics Tools
Directory: /pentest/forensics/chkrootkit

This is a simple tool to hunt for rootkits on a Unix / Linux machine. It will first verify a couple of binaries and then check for the individual rootkits.

Usage:

./chkrootkit -V - prints version
./chkrootkit -h - prints help
./chkrootkit -l - prints available tests
./chkrootkit -r /root/forensics/ - scan, with setting the search directory
./chkrootkit - scan, search directory will be "/"


Official website: http://www.chkrootkit.org/

No comments: