Skip to content
Log in

Persistence mechanism

Definition

The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron jobs on Linux, and boot-sector modification. Persistence artefacts are often the most durable evidence on an infected system.

Related terms

Command and control (C2)
The channel through which an attacker sends instructions to malware on a compromised host and receives data back. C2 channels range from...
Configuration drift
Deviation from an approved baseline configuration, whether caused by legitimate administrative action or by an attacker modifying settings to weaken defences or...
Dropper
A malware component whose sole function is to deliver and install a secondary payload. The dropper itself may be a trojan, a...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Payload
The action the malware performs once active: data encryption (ransomware), credential theft (banking trojan), resource hijacking (cryptominer), or system destruction (wiper). The...
Propagation mechanism
The method by which malware copies itself to new hosts. Viruses attach to host files; worms exploit network services autonomously; trojans rely...
Reimaging
Wiping a compromised system and restoring it from a known-good operating system image. Reimaging is the most reliable eradication method for host-level...
Rogue account
A user or service account created by the attacker during the intrusion to maintain access independent of any compromised legitimate account. Rogue...
Rootkit
Malware designed to hide its own presence by subverting the operating system's reporting functions. User-mode rootkits hook API calls; kernel-mode rootkits modify...
Web shell
A script (typically PHP, ASP, or JSP) placed on a web server by an attacker to provide remote command execution via HTTP...

Explained in these topics

  • Malware Taxonomy: Viruses, Trojans, Ransomware and MoreThe technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron jobs on Linux,...
  • Threat Eradication MethodsAny method by which an attacker maintains access to a system across reboots, logoffs, or credential changes. Examples include malicious scheduled tasks, regist...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account