unhide — forensic tool to find hidden processes

NAME

       unhide — forensic tool to find hidden processes

SYNOPSIS

       unhide-linux26 proc | sys | brute

       unhide-posix  proc | sys

DESCRIPTION

       unhide  is  a forensic tool to find processes hidden by rootkits, Linux
       kernel modules or by other techniques.   It  detects  hidden  processes
       using three techniques:

       The  proc  technique  consists  of  comparing  /proc with the output of
       /bin/ps.

       The sys technique  consists  of  comparing  information  gathered  from
       /bin/ps with information gathered from system calls.

       The  brute technique consists of bruteforcing the all process IDs. This
       technique is only available on Linux 2.6 kernels.

AUTHOR

       This manual page was written by Francois Marier francois@debian.org for
       the Debian system (but may be used by others). Permission is granted to
       copy, distribute and/or modify this document under the terms of the GNU
       General  Public  License,  Version 3 any later version published by the
       Free Software Foundation.

       On Debian systems, the complete text of the GNU General Public  License
       can be found in /usr/share/common-licenses/GPL.

                                                                     UNHIDE(8)

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

AUTHOR