|
|
|
|
|
|
by notepad0x90
716 days ago
|
|
|
like a sibling comment mentioned, process injections can also happen. but besides that, if your busybox wasn't already on the system then what's the value of bringing it when you suspect a rootkit? userland or not, a memory acquisition for the system for off-box analysis (volatility) would be ideal and most reliable in my opinion. |
|
|