摘要 |
<p>An aspect of the invention provides a rootkit detection method capable of detecting rootkits using a file table obtained from a file system. A rootkit detection method comprises: obtaining a file table from a file system; deciding whether a file recorded on the file table is searchable; and determining the presence of a rootkit in the file based on an outcome of the decision. In one embodiment, in the decision step in which the possibility of the search is decided, the search for a file recorded on the file table may be performed using the API (Application Program Interface).</p> |