Just got a notice on one of the security mailing lists (Full Disclosure I think) about this article. What's nice is that it explains how to do this without the use of chkrootkit. This is a rather important factor, IMO, since some "rootkit tools" may not be known and/or are "custom-built" jobs. I haven't personally used gdb that often (not being much of a programmer) but it definately is a tool that can help with forensics of a compromised system.

Detecting Rootkits And Kernel-level Compromises In Linux
by Mariusz Burdach November 18, 2004

This article outlines useful ways of detecting hidden modifications to a Linux kernel. Often known as rootkits, these stealthy types of malware are installed in the kernel and require special techniques by Incident handlers and Linux system administrators to be detected.