[3] N. Quynh and Y. Takefuji. Towards a Tamper Resistant Kernel Rootkit Detector. Proceedings of the ACM symposium on Applied computing. 2007.
[4] X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based “out-of-the-box” semantic view reconstruction. In Proceedings of the 14th ACM conference on Computer and communications security (CCS). 2007.
[5] B. D. Payne, M. Carbone, and W. Lee. Secure and flexible monitoring of virtual machines. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSEC). 2007.
[6] A. Case, A. Cristina, L. Marziale, G. G. Richard, and V. Roussev. Face: Automated digital evidence discovery and correlation. The Proceedings of the 8th Annual DFRWS Conference. 2008.
[7] P. Movall, W. Nelson, and S. Wetzstein. Linux physical memory analysis. In Proceedings of the FREENIX Track of the USENIX Annual Technical Conference. 2005.
[8] A. Walters, T. Fraser, and W. A. Arbaugh. Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation. 2006.
[9] Z. Lin, X. Zhang, and D. Xu. Automatic reverse engineering of data structures from binary execution. In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS). 2010.
[10] A. Slowinska, T. Stancescu, and H. Bos. Howard: a dynamic excavator for reverse engineering data structures. In proceedings of the18th Annual Network and Distributed System Security Symposium(NDSS).
[12] A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS). 2006.
[13] A. Baliga, V. Ganapathy, and L. Iftode. Automatic inference and enforcement of kernel data structure invariants. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC). 2008.
[14] B. Dolan-Gavitt, A. Srivastava, P. Traynor, and J. Giffin. Robust signatures for kernel data structures. In Proceedings of the 16th ACM conference on Computer and communications security (CCS). 2009.
[17] Z. Lin, J. Rhee, X. Zhang, D. Xu, X. Jiang. SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. 18th Annual Network & Distributed System Security Symposium(NDSS). 2011.
[18] A. Walters and N. Petroni. Volatools: Integrating volatile memory forensics into the digital investigation process. In Blackhat Federal. 2007.
[19] T. Haruyama and H. Suzuki. One-byte Modification for Breaking Memory Forensic Analysis. Blackhat. 2012.
