Hit by a bus: Physical access attacks with FireWire (www.storm.net.nz/static/files/ab firewire rux2k6-final, 2006. ,
The Trojan Horse Defense in Cybercrime Cases, 2005. ,
File System Forensic Analysis, Pearson, Upper Saddle River, 2005. ,
A hardware-based memory acquisition procedure for digital investigations, Digital Investigation, pp.50-60, 2004. ,
DOI : 10.1016/j.diin.2003.12.001
Windows Forensic Analysis, 2007. ,
Finding kernel global variables in Windows (mo yix.blogspot.com, 2008. ,
Forensic analysis of the Windows registry in memory, Digital Investigation, pp.26-32, 2008. ,
DOI : 10.1016/j.diin.2008.05.003
Linking processes to users (moyix.blogspot.comlinking-processes-to-users.html), 2008. ,
A proposal for an integrated memory acquisition mechanism, ACM SIGOPS Operating Systems Review, vol.42, issue.3, pp.14-20, 2008. ,
DOI : 10.1145/1368506.1368510
Electronic Crime Scene Investigation: An On-the-Scene Reference for First Responders, 2009. ,
Sysinternals Suite, Microsoft Corporation ,
Beyond the CPU: Defeating hardware-based RAM acquisition (Part I: AMD case), presented at the Black Hat DC 2007 Conference (www.first.org/conference, 2007. ,
PTfinder (version 0.2.00), 2006. ,
Searching for processes and threads in Microsoft Windows memory dumps, Digital Investigation, pp.10-16, 2006. ,
DOI : 10.1016/j.diin.2006.06.010
net, Memparser (sourceforge, 2006. ,
Sandman Project (sandman.msuiche.net/docs/Sand Man Project, 2008. ,
Acquiring volatile operating system data tools and techniques, ACM SIGOPS Operating Systems Review, vol.42, issue.3, pp.65-73, 2008. ,
DOI : 10.1145/1368506.1368516
Volatools: Integrating volatile memory forensics into the digital investigation process, presented at Blackhat Hat DC 2007 Conference (www.blackhat.com/presentations/bh-dc- 07, 2007. ,