Hi guys, What things would you look at when evaluating the effectiveness of rootkit detection and what methodology would you use when using an agent/server model. I'm currently working with OSSEC for a university essay so any help is really appreciated.
Thanks
