deletions | additions       diff --git a/layout.md b/layout.md  index 8e055c2..e91e43f 100644  --- a/layout.md  +++ b/layout.md 
...
4.2.2. Inside DRIVER_OBJECT detection.tex  4.3. New Stealth Processes and Drivers Detection Approach .tex  4.3.1. Dynamic Bit Signature (DBS) for EPROCESS Detection.tex  4.3.1. Dynamic Bit Signature (DBS) for EPROCESS Detection1.tex  2.2.4. Active Management Technology CodeOn computers supporting Active Management Technology (AMT), which is a part of Intel Management Engine (ME), another memory acquisition method can be implemented. AMT code is executed in additional process unit which is located either in the Northbridge or Southbridge. As a result this code is more privileged than VMX-root mode code or SMM code. The following papers cover this mode from the information security point of view [43, 44]. Due to the fact that malware can be executed in this mode [42, 45], we can state that memory dumping can operate in this mode too. Widespread use of this method in practice is hampered by the lack of comprehensive documentation on AMT and ME..tex