deletions | additions
diff --git a/REFERENCES.tex b/REFERENCES.tex
index 28c0443..4539135 100644
--- a/REFERENCES.tex
+++ b/REFERENCES.tex
...
\section{REFERENCES}
1. Hay, A. F. (2012). Forensic memory analysis for Apple OS X. (Master's thesis). Retrieved from NTIS. (ADA562777)
2. Vasileios, V. (2012). Diving into windows memory forensics. (Master's thesis). Retrieved from http://digilib.lib.unipi.gr/dspace/bitstream/unipi/5564/1/Chatzis-Vovas.pdf on January 14, 2014
3. Chan, E.M. (2011). A framework for live forensics. (Doctoral dissertation). Retrieved from https://www.ideals.illinois.edu/bitstream/handle/2142/24365/Chan_Ellick.pdf on January 14, 2014
4. Hejazi, S. (2009). Analysis of Windows memory for forensic investigations. (Master's thesis). Retrieved from http://spectrum.library.concordia.ca/976393/1/MR63196.pdf on January 14, 2014
5. MSDN. (2009) XADM: How to Use Userdump.exe to Capture the State of the Information Store. Retrieved from http://support.microsoft.com/kb/250509/en-us on January 14, 2014
6. Klein, T. (2013). Process Dumper. Retrieved from http://www.trapkit.de/research/forensic/pd on January 14, 2014
7. Vidstrom, A. (2013). PMDump. Retrieved from http://ntsecurity.nu/toolbox/pmdump/ on January 14, 2014
8. Vasudevan, A. (2008). MalTRAK: Tracking and Eliminating Unknown Malware. Paper presented at Annual Computer Security Applications Conference, Anaheim, CA, 8-12 December (pp. 311-321).
9. Casey, E. (2005). Handbook of Digital Forensics and Investigation. Burlington, MA: Elsevier Academic Press
10. Carvey, H. (2009). Windows Forensic Analysis DVD Toolkit, Burlington, MA: Syngress Press
11. AccessData Group. FTK. AccessData. Retrieved from http://www.accessdata.com/products/digital-forensics/ftk on January 14, 2014
12. Belkasoft. (2013). Live RAM Capturer. Retrieved from http://forensic.belkasoft.com/en/ram/download.asp on January 14, 2014
...
92. Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J. (2009). Robust Signatures for Kernel Data Structures. Paper presented at the ACM Conference on Computer and Communications Security, Chicago, Illinois, USA, 9-13 November (pp. 1-12)
93. Hoglund, G., Butler, J. (2005). Rootkits: Subverting the Windows Kernel. Massachusetts, US: Addison-Wesley Professional.
94. Vomel, S., Lenz, H. (2013). Visualizing Indicators of Rootkit Infections in Memory Forensics, Paper presented at 7th International Conference on IT Security Incident Management and IT Forensics (IMF), Nuremberg, German, 12-14 March (pp. 122-139)
95. Tsaur, W., Yeh L. (2012). Identifying Rootkit Infections Using a New Windows Hidden-driver-based Rootkit. Paper presented at The International Conference on Security and Management, Las Vegas, USA, 16-19 July (pp. 1-7)
96. Albertinih, A. (2011). PE format's infographics. Retrieved from https://code.google.com/p/corkami/downloads/detail?name=pe-20110117.pdf on January 14, 2014
97. Linchpin Labs (2010). ATSIV utility. Retrieved from http://www.linchpinlabs.com on January 14, 2014
98. Korkin, I. (2012). Windows 8 is Cyber-Battlefield www.igorkorkin.blogspot.com/2012/09/windows-8-is-cyber-battlefield.html on January 14, 2014
99. Sparks, S., Butler, J. (2005). Shadow Walker: Raising The Bar For Rootkit Detection, Retrieved from http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-sparks-butler.pdf on January 14, 2014
100. WindowsSCOPE (2009). Video: Using WindowsSCOPE to Reverse Engineer and Analyze the Shadow Walker Rootkit Cyber Attack. Retrieved from http://www.windowsscope.com/index.php?option=com_content&view=article&id=80&Itemid=90 on January 14, 2014