Controlled Environment for Conducting Dynamic Analyses of Rootkits A controlled environment for conducting dynamic analysis of rootkits was set. For testing the rootkits Sun Microsystem’s VirtualBox was installed and inside the virtual environment XP operating system was installed. From the Offensive Computing website (http://www.offensivecomputing.net) 87 rootkit samples were found and each sample was run one by one in the virtual environment. The system was restored to the original setting after running each sample.
Steps to reproduce
Rootkit Detector for Collecting Data There are many tools that are used to detect the hooks created by rootkits on a window machine. To complete this task McAfee’s Rootkits Detective (available from http://vil.nai.com) was used. The rootkit detective was then run to detect the hook that was created after running each root kits samples and a log file containing data from each of the hooks was generated.