I've read a number of posts in the forums that refer to looking for the presence of rootkits, malware etc on a target system but I am interested in looking at it from the other perspective. i.e. the examination of a system that may have been used to deploy such software. What types of programs, tools, utilities etc would one expect to find on a machine that may have been used to gain unauthorised access to another system or to deploy malicious software etc etc
Thanks
Mike
What types of programs, tools, utilities etc would one expect to find on a machine that may have been used to gain unauthorised access to another system or to deploy malicious software etc etc
Well, for one, you might expect to find the malicious software. Therefore, your approach would likely be pretty much the same, with the exception that you wouldn't expect a system used to deploy a rootkit to be infected by that rootkit.
Depending upon the approach used to compromise the remote system, you may also expect to see toolkits…bunches of admin tools, maybe even toolkits that allow you to create malware at the push of a button.