NAME
unhide — forensic tool to find hidden processes
SYNOPSIS
unhide-linux26 proc | sys | brute
unhide-posix proc | sys
DESCRIPTION
unhide is a forensic tool to find processes hidden by rootkits, Linux
kernel modules or by other techniques. It detects hidden processes
using three techniques:
The proc technique consists of comparing /proc with the output of
/bin/ps.
The sys technique consists of comparing information gathered from
/bin/ps with information gathered from system calls.
The brute technique consists of bruteforcing the all process IDs. This
technique is only available on Linux 2.6 kernels.
SEE ALSO
unhide-tcp (8).
AUTHOR
This manual page was written by Francois Marier francois@debian.org for
the Debian system (but may be used by others). Permission is granted to
copy, distribute and/or modify this document under the terms of the GNU
General Public License, Version 3 any later version published by the
Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License
can be found in /usr/share/common-licenses/GPL.