forensics
forensics@gentoo.org
Forensics Herd
AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want
to know what evil kernel backdoor is still resident on your broken system and what the hell it is.
It is not as same as kstat which can be fooled simply by modifying the sys_write syscall. AIRT searches the kernel backdoors from
underlying system memory by a customed algorithm.