The document discusses two simple anti-forensics attacks that can fool live memory forensics. The first attack modifies the CR3 register to point to a malicious page table instead of the real one. The second attack modifies the IDTR and IA32_SYSENTER_EIP registers to hook system calls. Most memory acquisition tools do not collect system register values, making these attacks difficult to detect. To prevent these attacks, forensic tools need to acquire system register values and check that the physical and logical memory layouts match the register values.