Whitepaper called A Bit Away From Kernel Execution. A 'write-what-where' kernel memory overwrite tale.
7601ea3c472cfea1df7ebc3821a36b138a1ac133463034a30345aab1a6ead3d2
Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis.
aef1648589581c22c1a58a83b6b24763434d5609c71498b324de55b9c7a27598