The impact of the antivirus on the digital evidence

Intrusion detection systems as evidence

Computer Networks: The International Journal of Computer and Telecommunications Networking

Bugs as deviant behavior: a general approach to inferring errors in systems code

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles

Testing malware detectors

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis

The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense

Data lifetime is a systems problem

Proceedings of the 11th workshop on ACM SIGOPS European workshop

Minos: Architectural support for protecting control data

ACM Transactions on Architecture and Code Optimization (TACO)

Scrash: a system for generating secure crash information

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12

Avfs: an on-access anti-virus file system

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Understanding data lifetime via whole system simulation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Shredding your garbage: reducing data lifetime through secure deallocation

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14

Secure deletion of data from magnetic and solid-state memory

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Panorama: capturing system-wide information flow for malware detection and analysis

Proceedings of the 14th ACM conference on Computer and communications security

Disk-level behavioral malware detection

Disk-level behavioral malware detection

GrAVity: a massively parallel antivirus engine

RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection

On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible?

Proceedings of the 2010 workshop on New security paradigms

A Hybrid Algorithm of Backward Hashing and Automaton Tracking for Virus Scanning

IEEE Transactions on Computers

Application-level reconnaissance: timing channel attacks against antivirus software

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats

The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

The impact of Microsoft Windows pool allocation strategies on memory forensics

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Live memory forensics of mobile phones

Digital Investigation: The International Journal of Digital Forensics & Incident Response

User data persistence in physical memory

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Visualization in testing a volatile memory forensic tool

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Toward a general collection methodology for Android devices

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Forensic carving of network packets and associated data structures

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Empirical analysis of solid state disk data retention when used with contemporary operating systems

Digital Investigation: The International Journal of Digital Forensics & Incident Response