This app is designed to discover files that are hidden by rootkits. It will place all detected files into a LEF for further analysis. This may include the malware and additional files deemed important by the attacker. It utilizes the EnCase Servlet to communicate with the OS of a live host through the EnScript API. It compares the filtered list with a full list discovered directly from the $MFT by EnCase. This is called Out-Of-Band processing. Name was derived from a very well-known rootkit called Hacker Defender, but will detect hidden files from any file system based rootkit.
YOU MAY ALSO LIKE