A. Gordon and D. , ) and (4) for the gathering of kernel logs In Windows XP or later, system calls are generally implemented with sysenter . Moreover, since the identifier of the system call is stored in the EAX register in Windows, the detection of a system call for logging is available with its value. Requirements (3) and (4) can be achieved by analyzing the kernel. On the basis of these considerations, it is concluded that the proposed system can be applied to various OSes (e.g., Windows) if the requirements are fulfilled, Digsig: Runtime authentication of binaries at kernel level. In: Proceedings of the 18th USENIX Conference on System Administration, pp.59-66, 2004.

Y. Ashino and R. Sasaki, Proposal of Digital Forensic System Using Security Device and Hysteresis Signature, Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007), pp.3-7, 2007.
DOI : 10.1109/IIH-MSP.2007.249

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris et al., Xen and the art of virtualization, Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp.164-177, 2003.

B. Bock, D. Huemer, and A. Tjoa, Towards More Trustable Log Files for Digital Forensics by Means of “Trusted Computing”, 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pp.1020-1027, 2010.
DOI : 10.1109/AINA.2010.26

A. Dinaburg, P. Royal, M. Sharif, and W. Lee, Ether, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.51-62, 2008.
DOI : 10.1145/1455770.1455779

. Intel, Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, 2009.

T. Isohara, K. Takemori, Y. Miyake, N. Qu, and A. Perrig, LSM-Based Secure System Monitoring Using Kernel Protection Schemes, 2010 International Conference on Availability, Reliability and Security, pp.591-596, 2010.
DOI : 10.1109/ARES.2010.48

A. Seshadri, M. Luk, N. Qu, and A. Perrig, Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses, Proceedings of 21st ACM SIGOPS Symposium on Operating Systems Principles, pp.335-350, 2007.

T. Takada and H. Koike, Nigelog: Protecting logging information by hiding multiple backups in directories. International Workshop on Database and Expert Systems Applications pp, pp.874-878, 1999.

S. Zhao, K. Chen, and W. Zheng, Secure Logging for Auditable File System Using Separate Virtual Machines, 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, pp.153-160, 2009.
DOI : 10.1109/ISPA.2009.32