, Hit by a bus: Physical access attacks with FireWire (www.storm.net.nz/static/files/ab firewire rux2k6-final, 2006.
, The Trojan Horse Defense in Cybercrime Cases, 2005.
, File System Forensic Analysis, Pearson, Upper Saddle River, 2005.
, A hardware-based memory acquisition procedure for digital investigations, Digital Investigation, pp.50-60, 2004.
DOI : 10.1016/j.diin.2003.12.001
, Windows Forensic Analysis, 2007.
, Finding kernel global variables in Windows (mo yix.blogspot.com, 2008.
, Forensic analysis of the Windows registry in memory, Digital Investigation, pp.26-32, 2008.
DOI : 10.1016/j.diin.2008.05.003
, Linking processes to users (moyix.blogspot.comlinking-processes-to-users.html), 2008.
, A proposal for an integrated memory acquisition mechanism, ACM SIGOPS Operating Systems Review, vol.42, issue.3, pp.14-20, 2008.
DOI : 10.1145/1368506.1368510
, Electronic Crime Scene Investigation: An On-the-Scene Reference for First Responders, 2009.
, Sysinternals Suite, Microsoft Corporation
, Beyond the CPU: Defeating hardware-based RAM acquisition (Part I: AMD case), presented at the Black Hat DC 2007 Conference (www.first.org/conference, 2007.
, PTfinder (version 0.2.00), 2006.
, Searching for processes and threads in Microsoft Windows memory dumps, Digital Investigation, pp.10-16, 2006.
DOI : 10.1016/j.diin.2006.06.010
, net, Memparser (sourceforge, 2006.
, Sandman Project (sandman.msuiche.net/docs/Sand Man Project, 2008.
, Acquiring volatile operating system data tools and techniques, ACM SIGOPS Operating Systems Review, vol.42, issue.3, pp.65-73, 2008.
DOI : 10.1145/1368506.1368516
, Volatools: Integrating volatile memory forensics into the digital investigation process, presented at Blackhat Hat DC 2007 Conference (www.blackhat.com/presentations/bh-dc- 07, 2007.