Explore advanced anti-forensic techniques for hiding process memory in this 37-minute Black Hat conference talk. Delve into three novel methods that prevent malicious user space memory from appearing in analysis tools and make it inaccessible to security analysts. Learn about process address space, paging, PTE subversions, remapping, and erasure. Evaluate the effectiveness of these techniques against memory and live forensics. Examine considerations for modified PFN remapping on Windows, MAS remapping detection, and PTE subversion detection on both Windows and Linux. Analyze shared memory subversion detection, test environments, and detection evaluation across operating systems. Compare these techniques from an attacker's perspective, and discuss limitations and future work in this field of anti-forensic research.