Malware authors use various advanced techniques to install their kernel driver and to bypass Windows security mechanisms. Once the kernel driver is installed, it can modify the system components or third-party drivers to bypass, deflect, and divert your forensic analysis. In this chapter, you looked at some of the most common rootkit techniques and we saw how to detect such techniques using memory forensics. Memory forensics is a powerful technique, and using it as part of your malware analysis efforts will greatly help you understand adversary tactics. Malware authors frequently come up with new ways to hide their malicious component, so it is not enough just to know how to use the tools; it becomes important to understand the underlying ...