AUTHOREA
Log in Sign Up Browse Preprints

Igor.Korkin edited REFERENCES.tex  over 9 years ago

Commit id: 49a1bb24b259c61f1d55dc71b5f0bf5a65011183

deletions | additions      

       

\section{REFERENCES}  1. Hay, A. F. (2012). Forensic memory analysis for Apple OS X. (Master's thesis). Retrieved from NTIS. (ADA562777)  2. Vasileios, V. (2012). Diving into windows memory forensics. (Master's thesis). Retrieved from http://digilib.lib.unipi.gr/dspace/bitstream/unipi/5564/1/Chatzis-Vovas.pdf on January 14, 2014  3. Chan, E.M. (2011). A framework for live forensics. (Doctoral dissertation). Retrieved from https://www.ideals.illinois.edu/bitstream/handle/2142/24365/Chan_Ellick.pdf on January 14, 2014  4. Hejazi, S. (2009). Analysis of Windows memory for forensic investigations. (Master's thesis). Retrieved from http://spectrum.library.concordia.ca/976393/1/MR63196.pdf on January 14, 2014  5. MSDN. (2009) XADM: How to Use Userdump.exe to Capture the State of the Information Store. Retrieved from http://support.microsoft.com/kb/250509/en-us on January 14, 2014  6. Klein, T. (2013). Process Dumper. Retrieved from http://www.trapkit.de/research/forensic/pd on January 14, 2014  7. Vidstrom, A. (2013). PMDump. Retrieved from http://ntsecurity.nu/toolbox/pmdump/ on January 14, 2014  8. Vasudevan, A. (2008). MalTRAK: Tracking and Eliminating Unknown Malware. Paper presented at Annual Computer Security Applications Conference, Anaheim, CA, 8-12 December (pp. 311-321).  9. Casey, E. (2005). Handbook of Digital Forensics and Investigation. Burlington, MA: Elsevier Academic Press  10. Carvey, H. (2009). Windows Forensic Analysis DVD Toolkit, Burlington, MA: Syngress Press  11. AccessData Group. FTK. AccessData. Retrieved from http://www.accessdata.com/products/digital-forensics/ftk on January 14, 2014  12. Belkasoft. (2013). Live RAM Capturer. Retrieved from http://forensic.belkasoft.com/en/ram/download.asp on January 14, 2014 

92. Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J. (2009). Robust Signatures for Kernel Data Structures. Paper presented at the ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 9-13 November (pp. 1-12)  93. Hoglund, G., Butler, J. (2005). Rootkits: Subverting the Windows Kernel. Massachusetts, US: Addison-Wesley Professional.  94. Vomel, S., Lenz, H. (2013). Visualizing Indicators of Rootkit Infections in Memory Forensics, Paper presented at 7th International Conference on IT Security Incident Management and IT Forensics (IMF), Nuremberg, German, 12-14 March (pp. 122-139)  95. Tsaur, W., Yeh L. (2012). Identifying Rootkit Infections Using a New Windows Hidden-driver-based Rootkit. Paper presented at The International Conference on Security and Management, Las Vegas, USA, 16-19 July (pp. 1-7)  96. Albertinih, A. (2011). PE format's infographics. Retrieved from https://code.google.com/p/corkami/downloads/detail?name=pe-20110117.pdf on January 14, 2014  97. Linchpin Labs (2010). ATSIV utility. Retrieved from http://www.linchpinlabs.com on January 14, 2014  98. Korkin, I. (2012). Windows 8 is Cyber-Battlefield www.igorkorkin.blogspot.com/2012/09/windows-8-is-cyber-battlefield.html on January 14, 2014  99. Sparks, S., Butler, J. (2005). Shadow Walker: Raising The Bar For Rootkit Detection, Retrieved from http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-sparks-butler.pdf on January 14, 2014  100. WindowsSCOPE (2009). Video: Using WindowsSCOPE to Reverse Engineer and Analyze the Shadow Walker Rootkit Cyber Attack. Retrieved from http://www.windowsscope.com/index.php?option=com_content&view=article&id=80&Itemid=90 on January 14, 2014