Hard drive

Solid State Drive

Memory

CPU cache

Dynamic Link Libraries (DLLs)

Hard drive partitions

Network interface cards

External USB devices

Yes

No

To reduce the overall memory footprint of the system.

To improve the performance of the legitimate process.

To avoid detection and gain elevated privileges.

To encrypt data stored in memory.

Data Link Layer

Direct Logic Language

Dynamic Link Library

Digital Local Loop

By directly modifying the CPU's instruction set.

By injecting a path to a malicious DLL into the target process.

By physically replacing a legitimate DLL file on the disk.

By sending a specially crafted network packet to the process.