{"id":"https://openalex.org/W7128512286","doi":"https://doi.org/10.1016/j.jisa.2026.104393","title":"Accelerating volatile memory forensics for bare-metal malware analysis with FPGA devices","display_name":"Accelerating volatile memory forensics for bare-metal malware analysis with FPGA devices","publication_year":2026,"publication_date":"2026-02-10","ids":{"openalex":"https://openalex.org/W7128512286","doi":"https://doi.org/10.1016/j.jisa.2026.104393"},"language":"en","primary_location":{"id":"doi:10.1016/j.jisa.2026.104393","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.jisa.2026.104393","pdf_url":null,"source":{"id":"https://openalex.org/S4210191536","display_name":"Journal of Information Security and Applications","issn_l":"2214-2126","issn":["2214-2126","2214-2134"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Security and Applications","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.jisa.2026.104393","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086040378","display_name":"Dan Cristian Turicu","orcid":"https://orcid.org/0000-0003-0328-331X"},"institutions":[{"id":"https://openalex.org/I158333966","display_name":"Technical University of Cluj-Napoca","ror":"https://ror.org/03r8nwp71","country_code":"RO","type":"education","lineage":["https://openalex.org/I158333966"]}],"countries":["RO"],"is_corresponding":false,"raw_author_name":"Dan Cristian Turicu","raw_affiliation_strings":["Computer Science Department, Technical University of Cluj-Napoca, Cluj-Napoca, Romania"],"raw_orcid":"https://orcid.org/0000-0003-0328-331X","affiliations":[{"raw_affiliation_string":"Computer Science Department, Technical University of Cluj-Napoca, Cluj-Napoca, Romania","institution_ids":["https://openalex.org/I158333966"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5061493057","display_name":"Florin Oniga","orcid":"https://orcid.org/0000-0003-4875-2220"},"institutions":[{"id":"https://openalex.org/I158333966","display_name":"Technical University of Cluj-Napoca","ror":"https://ror.org/03r8nwp71","country_code":"RO","type":"education","lineage":["https://openalex.org/I158333966"]}],"countries":["RO"],"is_corresponding":true,"raw_author_name":"Florin Oniga","raw_affiliation_strings":["Computer Science Department, Technical University of Cluj-Napoca, Cluj-Napoca, Romania"],"raw_orcid":"https://orcid.org/0000-0003-4875-2220","affiliations":[{"raw_affiliation_string":"Computer Science Department, Technical University of Cluj-Napoca, Cluj-Napoca, Romania","institution_ids":["https://openalex.org/I158333966"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5061493057"],"corresponding_institution_ids":["https://openalex.org/I158333966"],"apc_list":{"value":3140,"currency":"USD","value_usd":3140},"apc_paid":{"value":3140,"currency":"USD","value_usd":3140},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.21109673,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"98","issue":null,"first_page":"104393","last_page":"104393"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.6187999844551086,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.6187999844551086,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.22779999673366547,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.057999998331069946,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/field-programmable-gate-array","display_name":"Field-programmable gate array","score":0.5777000188827515},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5738999843597412},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5289000272750854},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.49149999022483826},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.44830000400543213},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.44449999928474426},{"id":"https://openalex.org/keywords/data-acquisition","display_name":"Data acquisition","score":0.44040000438690186},{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.42969998717308044}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.775600016117096},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.6837000250816345},{"id":"https://openalex.org/C42935608","wikidata":"https://www.wikidata.org/wiki/Q190411","display_name":"Field-programmable gate array","level":2,"score":0.5777000188827515},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5738999843597412},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5289000272750854},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.5072000026702881},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.49149999022483826},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.44830000400543213},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.44449999928474426},{"id":"https://openalex.org/C163985040","wikidata":"https://www.wikidata.org/wiki/Q1172399","display_name":"Data acquisition","level":2,"score":0.44040000438690186},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.42969998717308044},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.42480000853538513},{"id":"https://openalex.org/C76399640","wikidata":"https://www.wikidata.org/wiki/Q189401","display_name":"Virtual memory","level":4,"score":0.4041000008583069},{"id":"https://openalex.org/C37724790","wikidata":"https://www.wikidata.org/wiki/Q210813","display_name":"Direct memory access","level":3,"score":0.35760000348091125},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.3395000100135803},{"id":"https://openalex.org/C74426580","wikidata":"https://www.wikidata.org/wiki/Q719484","display_name":"Memory map","level":3,"score":0.3147999942302704},{"id":"https://openalex.org/C176649486","wikidata":"https://www.wikidata.org/wiki/Q2308807","display_name":"Memory management","level":3,"score":0.3027999997138977},{"id":"https://openalex.org/C18131444","wikidata":"https://www.wikidata.org/wiki/Q163585","display_name":"Memory protection","level":5,"score":0.29159998893737793},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.2888000011444092},{"id":"https://openalex.org/C153247305","wikidata":"https://www.wikidata.org/wiki/Q835713","display_name":"Memory address","level":3,"score":0.27379998564720154},{"id":"https://openalex.org/C82687282","wikidata":"https://www.wikidata.org/wiki/Q66221","display_name":"Auxiliary memory","level":2,"score":0.2732999920845032},{"id":"https://openalex.org/C2779010991","wikidata":"https://www.wikidata.org/wiki/Q2720909","display_name":"Artifact (error)","level":2,"score":0.26750001311302185},{"id":"https://openalex.org/C41036726","wikidata":"https://www.wikidata.org/wiki/Q844824","display_name":"Physical address","level":3,"score":0.2662999927997589},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.2614000141620636}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1016/j.jisa.2026.104393","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.jisa.2026.104393","pdf_url":null,"source":{"id":"https://openalex.org/S4210191536","display_name":"Journal of Information Security and Applications","issn_l":"2214-2126","issn":["2214-2126","2214-2134"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Security and Applications","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1016/j.jisa.2026.104393","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.jisa.2026.104393","pdf_url":null,"source":{"id":"https://openalex.org/S4210191536","display_name":"Journal of Information Security and Applications","issn_l":"2214-2126","issn":["2214-2126","2214-2134"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc","license_id":"https://openalex.org/licenses/cc-by-nc","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Security and Applications","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":5,"referenced_works":["https://openalex.org/W191656338","https://openalex.org/W1990360323","https://openalex.org/W2092307728","https://openalex.org/W2115175195","https://openalex.org/W2496872468"],"related_works":[],"abstract_inverted_index":{"\u2022":[0,19,40,51],"Design":[1],"of":[2,21,53,134],"a":[3,91,106,114,147],"hardware":[4,116],"architecture":[5],"for":[6,26,124,175],"high-speed":[7,125],"volatile":[8,126,165],"memory":[9,38,127,136,156,166,205],"acquisition":[10,128],"and":[11,29,56,61,102,129,143,171,195,197,211,215],"real-time":[12],"forensic":[13,49],"artifact":[14],"scanning":[15,133,174],"on":[16,32,119,146,179,187],"FPGA":[17,121],"devices.":[18],"Development":[20],"an":[22,120],"efficient":[23],"FPGA-based":[24],"method":[25],"detecting":[27],"active":[28,142],"terminated":[30,144],"processes":[31,145],"Windows":[33,153],"10":[34],"through":[35],"direct":[36],"physical":[37],"scanning.":[39],"Proof-of-concept":[41],"evaluation":[42],"demonstrating":[43],"significant":[44,199],"speed":[45,200],"improvements":[46],"over":[47,202],"traditional":[48,77],"tools.":[50],"Analysis":[52],"system":[54,151,170],"limitations":[55,214],"applicability":[57,216],"in":[58,217],"both":[59],"laboratory":[60],"real-world":[62],"environments.":[63],"Modern":[64],"malware":[65,149,218],"often":[66],"employs":[67],"anti-analysis":[68],"techniques":[69],"to":[70,138,162],"detect":[71],"virtualized":[72],"or":[73],"emulated":[74],"environments,":[75],"evading":[76],"dynamic":[78],"analysis":[79,86,219],"systems.":[80],"To":[81],"address":[82],"this":[83,110],"challenge,":[84],"bare-metal":[85,148],"platforms":[87],"have":[88],"emerged":[89],"as":[90],"more":[92],"transparent":[93],"alternative.":[94],"However,":[95],"efficiently":[96],"monitoring":[97],"them":[98],"while":[99],"preserving":[100],"transparency":[101,194],"minimizing":[103],"interference":[104],"remains":[105],"key":[107],"challenge.":[108],"In":[109],"paper,":[111],"we":[112],"present":[113],"proof-of-concept":[115],"accelerator":[117,158],"implemented":[118],"device,":[122],"designed":[123],"on-the-fly":[130],"pool":[131],"tag":[132],"the":[135,164,168,173,180,188,209],"content":[137],"extract":[139],"information":[140],"about":[141],"execution":[150],"running":[152],"10.":[154],"The":[155],"forensics":[157],"leverages":[159],"PCIe-based":[160],"DMA":[161],"acquire":[163],"from":[167],"monitored":[169,189],"performs":[172],"process":[176],"structures":[177],"directly":[178],"FPGA,":[181],"without":[182],"requiring":[183],"any":[184],"software":[185],"installation":[186],"system.":[190],"Our":[191],"approach":[192],"improves":[193],"isolation,":[196],"shows":[198],"advantages":[201],"conventional":[203],"snapshot-based":[204],"forensics.":[206],"We":[207],"evaluate":[208],"prototype":[210],"discuss":[212],"its":[213],"workflows.":[220]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2026-02-11T00:00:00"}