The third and final article in this series explores five different rootkit detection techniques used to discover Windows rootkit deployments. Additionally, nine different tools designed for administrators are discussed.
Expand all |
Post comment
Tripwire uses cryptographic hashes - in a somewhat older version (all I could quickly find the documentation for), the available hashes were MD5 and Snefru. I wouldn't be expect that SHA-1 might have been added and Snefru dropped in more recent versions
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1854/74#74