A security concern has come up in our facility that may require deep scans of systems to detect possibly installed rootkits. A specific case that had come up is the rootkit rubilyn that can hide processes at will, and even goes undetected by most detectors. The only method I see currently is from Volatility and its latest release version. This requires a full memory dump, which for our facility includes quite a few 32GB systems, and then a detailed scan to find processes hidden by this rootkit.
Has anyone ventured into deep scans on systems within their organization and if so, how big of a scale is it implemented on? Site-wide, department based, or even case by case basis. A rootkit as stealth as this is quite scary for a government facility such as ours, and we will eventually need concrete proof that our systems are not being compromised by them.
