Faking Hardware Memory Access
[Joanna] Rutkowksa will show how an attacker could prevent forensics investigators from getting a real image of the memory where the malware resides. “Even if they somehow find out that the system is compromised, they will be unable to get the real image of memory containing the malware, and consequently, they will be unable to analyze it,” says Rutkowska, senior security researcher for COSEINC.
Nicholas Weaver • March 1, 2007 2:09 PM
And in other news, water is wet…
From within a compromised system, you can’t make any assertions about a compromised system, even if you know it IS compromised. Rootkits are wonderful things, no.
Basically, it comes down to that “I think, therefore I am” is a load of bull***t.