Blackout: What Really Happened... presented at Blackhat USA 2007

by Kris Kendall,

Tags: Security Forensics

Summary : Malicious software authors use code
injection techniques to avoid detection, bypass host-level security
controls, thwart the efforts of human analysts, and make traditional
memory forensics ineffective. Often a forensic examiner or incident
response analyst may not know the weaknesses of the tools they are using
or the advantage the attacker has over those tools by hiding in certain
locations.