"syslog Attack Signatures," by Tina Bird. (http://www. counterpane .com/syslog-attack-sigs.pdf)
"Anonymizing Unix Systems," by van Hauser (from THC). (http://www.thehackerschoice.com/papers/anonymous-unix.html)
"Autoclave: hard drive sterilization on a bootable floppy," by Josh Larios. (http://staff.washington.edu/jdlarios/autoclave/index.html)
"Secure Deletion of Data from Magnetic and Solid-State Memory," by Peter Gutmann. (http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html)
"Linux Data Hiding and Recovery," by Anton Chuvakin. (http://www.linuxsecurity.com/feature_stories/data-hiding-forensics.html)
"Defeating Forensic Analysis on Unix," by grugq. (http://www.phrack.com/show.php?p=59&a=6)
"Analysis of the KNARK rootkit," by Toby Miller. (http://www.securityfocus.com/guest/4871)
"An Overview of Unix Rootkits," iDefense Whitepaper by Anton Chuvakin. (http://www.idefense.com/papers.html)