Today we are talking about 'Robust bootstrapping memory analysis against anti-forensics' by Lee Kyoungho, Hwang Hyunuk, Kim Kibom and Noh BongNam. This paper deals with anti-forensics techniques against memory analysis, as well as using KiInitialPCR as a more tamper-resistant data structure for OS fingerprinting and process list extraction.
K. Lee, H. Hwang, K. Kim, and B. Noh, “Robust bootstrapping memory analysis against anti-forensics,” Digit. Investig., vol. 18, Supplement, pp. S23–S32, Aug. 2016.
Science Direct: http://www.sciencedirect.com/science/article/pii/S1742287616300408
DFRWS Archive: https://www.dfrws.org/file/712/download?token=sWs0HHYB