1 |
Hewlett-Packard Corporation, Intel Corporation, Microsoft Corporation, Phoenix Technologies Ltd., and Toshiba Corporation, "Advanced Configuration and Power Interface Specification," Nov. 2013.
|
2 |
Mark E. Russinovich, David A. Solomon, and Alex Ionescu, Windows Internals, 6th Ed., Acorn Publishing Co., Volume 2, pp. 150-153, Apr. 2014.
|
3 |
S. Mrdovic and A. Huseinovic, "Forensic Analysis of Encrypted Volumes Using Hibernation File," 19th Telecommunications forum TELFOR, pp. 1277-1280, Nov. 2011.
|
4 |
F. Olajide, N. Savage, G. Akmayeva, and C. Shoniregun, "Digital Forensic Research - The Analysis of User Input on Volatile Memory of Windows Application," IEEE World Congress on Internet Security, pp. 231-238, Aug. 2012.
|
5 |
S.M. Hejazi, C. Talhi, and M. Debbabi, "Extraction of forensically sensitive information from windows physical memory," Digital Investigation, vol. 6, Supplement, pp. 121-131, Sep. 2009.
DOI
|
6 |
J.A. Halderman, S.D Schoen, N. Heninger, W. Clarkson, W. Paul, J.A. Calandrino, A.J. Felten, J. Appelbaum, and E.W. Felten, "Lest We Remember: Cold Boot Attacks on Encryption Keys," 17th USENIX Security Symposium, pp. 45-60, Jul. 2008.
|
7 |
The Volatility Foundation, "The Volatility Framework," http://www.volatilityfoundation.org/, Dec. 2016.
|
8 |
The Rekall Team, "The Rekall Memory Forensic Framework," http://www.rekall-forensic.com/, Aug. 2017.
|
9 |
Comae Technologies, "Hibr2Bin," https://github.com/comaeio/Hibr2Bin, Apr. 2017.
|
10 |
M. Suiche, "Windows hibernation file for fun 'n' profit," Black Hat, USA, Aug. 2008.
|
11 |
B. Dolan-Gavitt, "Add Support for Inactive Hiberfiles to Hibinfo," https://github.com/volatilityfoundation/volatility/commit/552c1d813b05a0bf8d3d1ec1f64b3ba5f98403cc, Apr. 2009.
|
12 |
Microsoft Technet, "BitLocker Drive Encryption," https://technet.microsoft.com/en-us/library/a2ba17e6-153b-4269-bc46-6866df4b253c, May 2010.
|
13 |
Truecrypt Foundation, "TrueCrypt: Free Open-Source Disk Encryption Software for Windows, Mac OS and Linux," http://truecrypt.sourceforge.net, May 2014.
|
14 |
idrix, "VeraCrypt," https://www.veracrypt.fr/en/Home.html, Oct. 2016.
|
15 |
idrassi, "Hibernation File," https://veracrypt.codeplex.com/wikipage?title=Hibernation%20File, Nov. 2014.
|
16 |
B. Lich and J. Tobin, "BitLocker frequently asked questions (FAQ)," https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-frequently-asked-questions, Apr. 2017.
|
17 |
M. Loginova, E. Trofimenko, O. Zader eyko, and R. Chanyshev, "Program-technical aspects of encryption protection of users' data," 13th International Conference on Modern Problems of Radio Engineering, Telecommunications and Computer Science (TCSET), pp. 443-445, Feb. 2016.
|
18 |
Microsoft, "[MS-XCA]: Xpress Compression Algorithm," https://msdn.microsoft.com/en-us/library/hh554002.aspx, Jun. 2017.
|
19 |
Mark E. Russinovich, David A. Solomon, and Alex Ionescu, Windows Internals, 6th Ed., Acorn Publishing Co., Volume 2, pp. 404-408, Apr. 2014
|
20 |
Microsoft MSDN, "ExRegisterCallback routine," https://msdn.microsoft.com/enus/library/windows/hardware/ff545534(v=vs.85).aspx, 2017.
|
21 |
hiyohiyo, "CrystalDiskInfo," https://crystalmark.info/download/index-e.html, Aug. 2017.
|