Rootkit Data Set

Controlled Environment for Conducting Dynamic Analyses of Rootkits A controlled environment for conducting dynamic analysis of rootkits was set. For testing the root kits Sun Microsystem’s virtualBox was installed and inside the virtual environment XP operating system was installed. From the Offensive Computing website (http://www.ofensivecomputing.net) 87 root kits samples were found and each sample was run one by one in the virtual environment. The system was restored to the original setting after running each sample. Rootkit Detector for collecting Data There are many tools that are used to detect the hooks created by root kits on a window machine. To complete this task McAfee’s Rootkits Detective (available from http://vil.nai.com) was used. The rootkit detective was then run to detect the hook that was created after running each root kits samples and a log file containing data each of the hooks was generated.