MCSI Certified DFIR Specialist
https://www.mosse-institute.com/certifications/mdfir-certified-dfir-specialist.html

MCSI Digital Forensics Library
https://library.mosse-institute.com/cyber-domains/digital-forensics.html

Exploiting the Rootkit Paradox with Windows Memory Analysis (Jesse D. Kornblum)
https://www.utica.edu/academic/institutes/ecii/publications/articles/EFE2FC4D-0B11-BC08-AD2958256F5E68F1.pdf


A rootkit is a type of software that allows an attacker to gain access to and control a victim's computer. Rootkits are designed to conceal themselves and their activities from users, making them very difficult to detect. On the other hand, in order to function properly, rootkits need to hook into various system calls and subsystems, which can potentially create a large number of artifacts that can be used to detect the presence of a rootkit. This paradox creates a chicken-and-egg scenario in which rootkits need to be detected in order to be removed, but are difficult to detect precisely because they are rootkits.