Skip to content
Log in

Reimaging

Definition

Wiping a compromised system and restoring it from a known-good operating system image. Reimaging is the most reliable eradication method for host-level compromise because it eliminates every artefact the attacker may have left, including rootkits and firmware-level implants, provided the image itself is clean.

Related terms

Configuration drift
Deviation from an approved baseline configuration, whether caused by legitimate administrative action or by an attacker modifying settings to weaken defences or...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Persistence mechanism
The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron...
Rogue account
A user or service account created by the attacker during the intrusion to maintain access independent of any compromised legitimate account. Rogue...
Web shell
A script (typically PHP, ASP, or JSP) placed on a web server by an attacker to provide remote command execution via HTTP...

Explained in

  • Threat Eradication MethodsWiping a compromised system and restoring it from a known-good operating system image. Reimaging is the most reliable eradication method for host-level comprom...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account