Here's an interesting video from Defcon 23 regarding ECFS for finer grained ELF tracking of hijacks and other problem code. It can recover full truncated text segments and reconstruct original section headers from core dumps among other things.
They've dubbed it process necromancy. I guess this comes from its ability to snapshot a process without killing it and even reanimate a process from a snapshot. https://www.youtube.com/watch?v=fCJJnJ84MSE --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
