Description
Looks for processes hidden from normal system listings by comparing multiple kernel and procfs views. It is useful during incident response, forensic checks, and rootkit investigations.
This is a security diagnostic tool that may require elevated permissions. Findings need careful interpretation, because false positives can happen on unusual systems or with restricted process visibility.