forensics forensics@gentoo.org Forensics Herd AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want to know what evil kernel backdoor is still resident on your broken system and what the hell it is. It is not as same as kstat which can be fooled simply by modifying the sys_write syscall. AIRT searches the kernel backdoors from underlying system memory by a customed algorithm.