Chapter 2/ Overview of Anti-Forensics

the bottom floor, beneath the sub-bascmcnt of system-level software: to the

processor. Inevitably, if you go far enough down the rabbit hole, your pursuit

will lead you to the hardware.

Thus, we'll spend the next chapter focusing on Intel's 32-bit processor

architecture (Intel's documentation represents this class of processors using

the acronym IA-32). Once the hardware underpinnings have been fleshed out,

we'll look at how the Windows operating system uses facets of the lA-32

family to offer memory protection and implement the great divide between

kernel mode and user mode. Only then will we Anally be in a position where

we can actually broach the topic of rootkit implementation.

54 I Part I