Rootkit detection encompasses techniques and tools designed to find rootkits. Rootkits are malware that embeds itself deep inside the operating system or even firmware and actively conceals its presence. Conventional antivirus scanners often miss them. Specialised tools such as rkhunter or GMER compare system calls, kernel modules, and filesystem metadata to uncover tampering. In an ISMS, rootkit detection is part of endpoint security. You should schedule regular scans and feed the results into vulnerability management.