Really nice write-up. One thing to note when considering detection techniques is the False-Positive / False-Negatives aspects. For example, HDT might be prone to more FPs and FN as some of the artifacts, as you mentioned, might be gone by the time of the scanning.
