Find masquerading processes using procfs.
Using procfs For Forensics and Incident Response.
A quick overview of triage data acquisition in the context of attack/defend CTFs.
Accessing Alternate Data Streams on VMDK Images on Linux.
Some notes and links related to the Volatility Framework
Quick and dirty way to get Volatility working on Ubuntu 20.04