[1] L. O. Murchu and E. Chien, “W32.Stuxnet dossier,” Symantec Security Response, Tech. Rep., Oct. 2010.
[2] P. O'Kane, S. Sezer, and K. Mclaughlin, “Obfuscation: The Hidden Malware,” in Security & Privacy, IEEE, Sept-Oct. 2011.
[3] M. Egele, T. Scholte, E. Kirda, and C. Kruegel, “A survey on Automated Dynamic Malware-Analysis Techniques and Tools,” ACM Computing Surveys (CSUR), February 2012.
[4] M. Sharif, A. Lanzi, J. Giffin, and W. Lee, “Automatic Reverse Engineering of Malware Emulators,” in Security and Privacy, 2009 30th IEEE Symposium on, 17-20 May 2009.
[5] C. Ries, “Inside Windows Rootkits,” in Vigilant Minds Inc., 4736, May 2006.
[6] J. Butler and P. Silberman, “Raide: Rootkit analysis identification elimination,” in Black Hat USA, vol. 47, 2006.
[7] A. Kristine, “Techniques and Tools for Recovering and Analyzing Data from Volatile Memory,” 2009. [Online]. Available:http://www.sans.org/?utm_source=web&utm_medium=text-ad&utm_content=generic_rr_pdf_(c)_text1&utm_campaign= Reading_Room&ref=36914.
[8] S. Vomel and H. Lenz, “Visualizing Indicators of Rootkit Infections in Memory Forensics,” In IT Security Incident Management and IT Forensics (IMF), 2013 Seventh International Conference on IEEE, pp. 122-139, March 2013.
[9] “Windows Rootkit Overview,” Symantec Corporation, 2010.
[10] A. Aljaedi, D. Lindskog, P. Zavarsky, R. Ruhl, and F. Almari, “Comparative Analysis of Volatile Memory Forensics: Live Response vs. Memory Imaging,” in Privacy, Security, Risk and Trust (passat), International Conference on and 2011 IEEE third, International Conference on Social Computing (socialcom), 9-11 Oct. 2011.
[11] “SQL Slammer Worm Propagation,” 2003. [Online]. Available: http://xforce.iss.net/xforce/xfdb/11153.
[12] A. White, B. Schatz, and E. Foo, “Surveying the User Space Through User Allocations,” in Digital Investigation 9, August 2012.
[13] M. E. Russinovich and D. A. Solomon, “Windows Internals,” 4th ed., Redmond: Microsoft, 2005.
[14] B. Dolan-Gavitt, “The VAD Tree: A Process-eye View of Physical Memory,” in Digital Investigation, September 2007.
[15] M. Ligh, S. Adair, B. Hartstein, and M. Richard, “Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code,” Wiley, 2010.
[16] M. Ligh, S. Adair, B. Hartstein, and M. Richard, “Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code,” Wiley, 2010.
[17] A. Schuster, “Searching for Processes and Threads in Microsoft Windows Memory Dumps,” Digital Investigation 3, pp. 10-16, 2006.
[18] A. Tevanian and e. al, “A UNIX Interface for Shared Memory and Memory Mapped Files Under Mach,” in USENIX Summer, 1987.
[19] M. Ligh, “Malfind Volatility Plugin,” [Online]. Available: http://mnin.blogspot.com, 2009.
[20] T. C. Keong, “Dynamic Forking of Win32 EXE,” [Online]. Available: http://www.security.org.sg/ code/loadexe.html, 2004.
[21] A. Walters and B. Dolan-Gavitt, “Volatility: an advanced memory forensics framework,” 2007.
[22] “GMER - Rootkit Detector and Remover,” [Online]. Available: http://www.gmer.net/, 2012.
[23] B. Cogswell and M. Russinovich, “Rootkit Revealer,” [Online]. Available: www. sysinternals. com/ntw2k/freeware/rootkitreveal. shtml , 2006.
[24] J. Pan, “Ice Sword,” [Online]. Available: http://www.xfocus.net /tools/200509 /1085.html, 2005.
[25] G. Palmer, “A Roadmap for Digital Forensic Research,” First Digital Forensic Research Workshop (DFRWS), 2001.
[26] R. Harris, “Examining how to define and control the anti-forensics problem,” Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS ’06), Digital Investigation 2006, 3(Suppl. 0), 2006.
[27] T. Haruyama and H. Suzuki, “One-byte Modifications for Breaking Memory Forensic Analysis,” In Proceedings of Blackhat Europe, 2012.
[28] L. Milkovic, “Defeating Windows Memory Forensics,” In Proceedings of the 29th Chaos Communications Conference, 2012.
[29] J. Stüttgen and C. M, “Anti-forensic Resilient Memory Acquisition," In The Proceedings of the Thirteenth Annual DFRWS Conference, August 2013.
[30] H. Inoue, F. Adelstein, and R. Joyce, “Visualization in Testing a Volatile Memory Forensic Tool,” In Digital Investigation, 2011.
[31] D. Bilby, “Low down and Dirty: Anti-forensic Rootkits,” In: Proceedings of Black Hat, Japan, 2006.
[32] S. Vömel and F. Freiling, “Correctness, atomicity, and integrity: defining criteria for forensically-sound memory acquisition,” In Digital Investigation, November 2012.
[33] B. D. Carrier and J. Grand, “A hardware-based Memory Acquisition Procedure for Digital Investigations,” in Digital Investigation, February 2004.
[34] A. Boileau, “Hit by a Bus: Physical Access Attacks with Firewire,” In Ruxcon Computer Security Conference, 2006.
[35] J. Wang, F. Zhang, K. Sun, and A. Stavrou, “Firmware-assisted Memory Acquisition and Analysis Tools for Digital Forensics,” Systematic Approaches to Digital Forensic Engineering (SADFE),IEEE Sixth International Workshop on. IEEE, 2011.
[36] C. Tilbury, August 2012. [Online]. Available: https://code.google.com/p/mft2csv/wiki/SetRegTime.
[37] J. Williams and A. Torres, 2014. [Online]. Available: http://code.google.com/p/attention-deficit-disorder/.
[38] L. Milković, 28 December Communication Congress in Hamburg 2012. [Online]. Available: http://code.google.com/p/dementia-forensics/downloads/detail?name=Defeating Windows memory forensics.pdf.
[39] T. Haruyama and H. Suzuki, 16 March 2012. [Online]. Available: https://media.blackhat.com/bh-eu-12/Haruyama/bh-eu-12-Haruyama-Memory_Forensic-Slides.pdf.
[40] D. Brendan, “Forensic Analysis of the Windows Registry in Memory,” in Digital Investigation, September 2008.
[41] A. Wichmann and E. Gerhards-Padilla, “Using Infection Markers as a Vaccine Against Malware Attacks,” In Green Computing and Communications (GreenCom), International Conference on, 20-23 Nov. 2012.
[42] [Online]. Available: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=142626.
[43] R. B. Van Baar, W. Alink, and A. R. Van Ballegooij, “Forensic Memory Analysis: Files Mapped in Memory,” In Digital Investigation, 2008.
[44] “Volatility Labs,” Black Hat USA & DFRWS 2014, July 2014. [Online]. Available: http://volatility-labs.blogspot.ae/.
[45] S. Almarri and P. Sant, “Optimised Malware Detection in Digital Forensics,” International Journal of Network Security & Its Applications 6.1, 2014.
[46] “ntoskrnl.exe,” [Online]. Available: http://en.wikipedia.org/wiki/Ntoskrnl. [Accessed 2014].
[47] V. Zwanger and F. C. Freiling, “Kernel Mode API Spectroscopy for Incident Response and Digital Forensics,” Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop. ACM, 2013.
[48] “Malware Research & Data Center,” [Online]. Available: http://www.virussign.com/.
[49] “Computer Virus Collection,” [Online]. Available: http://vxheaven.org/vl.php. [Accessed 2014].
[50] Melville, “WEKA Tutorial,” [Online]. Available: http://www.cs.utexas.edu/users/ml/tutorials/Weka-tut/. Accessed 2014.
)
