|
|
|
|
|
|
by beagle3
4961 days ago
|
|
|
If you don't have the resources to take a snapshot of memory without disturbing the operation, then power off is the right thing to do. For all you know, the trojan might uninstall itself or otherwise delete all evidence after a short while without network connectivity to a control center ("a dead man's switch"). Or, it patches the kernel so that it is "invisible" from the inside. What you want to do is take a snapshot of the memory (from outside the kernel, if you can) and then power down. |
|
|