page-026

Preface

misinformation to the forensic analyst. In this part of the book, I look at root-

kit tactics that attackers have used in the past both to deny information to the

opposition at run time and to allay the responder's suspicions that something

may be wrong.

Part IV: Summation

If you're going to climb a mountain, you might as well take a few moments

to enjoy the view from the peak. In this final part, I step back from the minu¬

tiae of rootkits to view the subject from 10,000 feet. For the average forensic

investigator, hindered by institutional forces and limited resources, I'm sure

the surrounding landscape looks pretty bleak. In an effort to offer a ray of

hope to these beleaguered White Hats perched with us on the mountain's

summit, I end the book by discussing general strategies to counter the danger

posed by an attacker and the concealment measures he or she uses.

It's one thing to point out the shortcomings of a technology (heck, that's

easy). It's another thing to acknowledge these issues and then search for

constructive solutions that realistically address them. This is the challenge

of being a White Hat. We have the unenviable task of finding ways to plug

the holes that the Black Hats exploit to make our lives miserable. I feel your

pain, brother!

4 Audience

Almost 20 years ago, when I was in graduate school, a crusty old CEO from

a local bank in Cleveland confided in me that "MB As come out of business

school thinking that they know everything." The same could be said for any

training program, where students rnistakenly assume that the textbooks they

read and the courses they complete will cover all of the contingencies that

they'll face in the wild. Anyone who's been out in the held knows that this

simply isn't achievable. Experience is indispensable and impossible to repli¬

cate within the confines of academia.

Another sad truth is that vendors often have a vested interest in overselling

the efficacy of their products. "We've found the cure," proudly proclaims

the marketing literature. I mean, who's going to ask a customer to shell out

$100,000 for the latest whiz-bang security suite and then stipulate that they

still can't have peace of mind?

In light of these truisms, this book is aimed at the current batch of security

professionals entering the industry. My goal is to encourage them to under-

xxviii