Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques:
Compare /proc vs /bin/ps output
Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version
Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).