{"id":"https://openalex.org/W2016650184","doi":"https://doi.org/10.1080/15567280802552829","title":"Automated Windows Memory File Extraction for Cyber Forensics Investigation","display_name":"Automated Windows Memory File Extraction for Cyber Forensics Investigation","publication_year":2008,"publication_date":"2008-12-09","ids":{"openalex":"https://openalex.org/W2016650184","doi":"https://doi.org/10.1080/15567280802552829","mag":"2016650184"},"language":"en","primary_location":{"id":"doi:10.1080/15567280802552829","is_oa":false,"landing_page_url":"https://doi.org/10.1080/15567280802552829","pdf_url":null,"source":{"id":"https://openalex.org/S127916260","display_name":"Journal of Digital Forensic Practice","issn_l":"1556-7281","issn":["1556-7281","1556-7346"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Digital Forensic Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109415863","display_name":"Seyed Mahmood Hejazi","orcid":null},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Seyed Mahmood Hejazi","raw_affiliation_strings":["Concordia University, Computer Security Laboratory , CIISE 1515 St. Catherine St. West, EV Building, Montreal, Quebec, Canada","Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada#TAB#"],"affiliations":[{"raw_affiliation_string":"Concordia University, Computer Security Laboratory , CIISE 1515 St. Catherine St. West, EV Building, Montreal, Quebec, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada#TAB#","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028605138","display_name":"Mourad Debbabi","orcid":"https://orcid.org/0000-0003-3015-3043"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mourad Debbabi","raw_affiliation_strings":["Concordia University, Computer Security Laboratory , CIISE 1515 St. Catherine St. West, EV Building, Montreal, Quebec, Canada","Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada#TAB#"],"affiliations":[{"raw_affiliation_string":"Concordia University, Computer Security Laboratory , CIISE 1515 St. Catherine St. West, EV Building, Montreal, Quebec, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada#TAB#","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091698581","display_name":"Chamseddine Talhi","orcid":"https://orcid.org/0000-0003-2264-8265"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Chamseddine Talhi","raw_affiliation_strings":["Concordia University, Computer Security Laboratory , CIISE 1515 St. Catherine St. West, EV Building, Montreal, Quebec, Canada","Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada#TAB#"],"affiliations":[{"raw_affiliation_string":"Concordia University, Computer Security Laboratory , CIISE 1515 St. Catherine St. West, EV Building, Montreal, Quebec, Canada","institution_ids":["https://openalex.org/I60158472"]},{"raw_affiliation_string":"Computer Security Laboratory, Concordia University, Montreal, Quebec, Canada#TAB#","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5109415863"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":0.846,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.83235344,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"2","issue":"3","first_page":"117","last_page":"131"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8393692970275879},{"id":"https://openalex.org/keywords/file-system-fragmentation","display_name":"File system fragmentation","score":0.6849851012229919},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6484647989273071},{"id":"https://openalex.org/keywords/digital-evidence","display_name":"Digital evidence","score":0.5896303057670593},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5749285817146301},{"id":"https://openalex.org/keywords/unix-file-types","display_name":"Unix file types","score":0.562576413154602},{"id":"https://openalex.org/keywords/file-control-block","display_name":"File Control Block","score":0.5527205467224121},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.5135910511016846},{"id":"https://openalex.org/keywords/computer-file","display_name":"Computer file","score":0.48930761218070984},{"id":"https://openalex.org/keywords/data-file","display_name":"Data file","score":0.47865450382232666},{"id":"https://openalex.org/keywords/file-system","display_name":"File system","score":0.4504823684692383},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.372278094291687},{"id":"https://openalex.org/keywords/stub-file","display_name":"Stub file","score":0.27061742544174194}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8393692970275879},{"id":"https://openalex.org/C26656859","wikidata":"https://www.wikidata.org/wiki/Q4089244","display_name":"File system fragmentation","level":4,"score":0.6849851012229919},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6484647989273071},{"id":"https://openalex.org/C2781357168","wikidata":"https://www.wikidata.org/wiki/Q5276084","display_name":"Digital evidence","level":3,"score":0.5896303057670593},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5749285817146301},{"id":"https://openalex.org/C21729314","wikidata":"https://www.wikidata.org/wiki/Q7896858","display_name":"Unix file types","level":4,"score":0.562576413154602},{"id":"https://openalex.org/C180500224","wikidata":"https://www.wikidata.org/wiki/Q1412592","display_name":"File Control Block","level":4,"score":0.5527205467224121},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.5135910511016846},{"id":"https://openalex.org/C95637964","wikidata":"https://www.wikidata.org/wiki/Q82753","display_name":"Computer file","level":2,"score":0.48930761218070984},{"id":"https://openalex.org/C171730128","wikidata":"https://www.wikidata.org/wiki/Q5227290","display_name":"Data file","level":2,"score":0.47865450382232666},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.4504823684692383},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.372278094291687},{"id":"https://openalex.org/C13674803","wikidata":"https://www.wikidata.org/wiki/Q7627301","display_name":"Stub file","level":3,"score":0.27061742544174194}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1080/15567280802552829","is_oa":false,"landing_page_url":"https://doi.org/10.1080/15567280802552829","pdf_url":null,"source":{"id":"https://openalex.org/S127916260","display_name":"Journal of Digital Forensic Practice","issn_l":"1556-7281","issn":["1556-7281","1556-7346"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320547","host_organization_name":"Taylor & Francis","host_organization_lineage":["https://openalex.org/P4310320547"],"host_organization_lineage_names":["Taylor & Francis"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Digital Forensic Practice","raw_type":"journal-article"},{"id":"pmh:oai:espace2.etsmtl.ca:13707","is_oa":false,"landing_page_url":"https://espace2.etsmtl.ca/id/eprint/13707/","pdf_url":null,"source":{"id":"https://openalex.org/S4306402392","display_name":"Espace \u00c9TS (ETS)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1341030882","host_organization_name":"Educational Testing Service","host_organization_lineage":["https://openalex.org/I1341030882"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Article publi\u00e9 dans une revue, r\u00e9vis\u00e9 par les pairs"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6700000166893005}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W40664036","https://openalex.org/W1500132926","https://openalex.org/W2004982394","https://openalex.org/W2010376606","https://openalex.org/W2040527645","https://openalex.org/W2055002124","https://openalex.org/W2091452626","https://openalex.org/W2100940060","https://openalex.org/W2112190615","https://openalex.org/W2113854927","https://openalex.org/W2128213437","https://openalex.org/W2143642500","https://openalex.org/W2168154523"],"related_works":["https://openalex.org/W2600623072","https://openalex.org/W4313226861","https://openalex.org/W2600173906","https://openalex.org/W1990666357","https://openalex.org/W4247882433","https://openalex.org/W2097829252","https://openalex.org/W2023412278","https://openalex.org/W2038900077","https://openalex.org/W2563027287","https://openalex.org/W2372009233"],"abstract_inverted_index":{"ABSTRACT":[0],"In":[1,70,193],"digital":[2,42],"forensics,":[3],"the":[4,20,30,57,67,99,146,157,167,191,198,209,213,222],"first":[5],"step":[6],"to":[7,12,19,77,87,123,164,177,208],"conducting":[8],"an":[9],"investigation":[10],"is":[11,16,37],"acquire":[13],"evidence":[14,232],"that":[15,93,109,186,202],"most":[17,23],"related":[18],"case.":[21],"Containing":[22],"recently":[24],"accessed":[25,61],"data":[26,62,91,129,243],"and":[27,80,90,151,242],"information":[28],"about":[29],"status":[31],"of":[32,41,56,101,128,159,224,231],"a":[33,38,45,50,105,125],"system,":[34],"physical":[35,68,96],"memory":[36,84,97,106,113,176],"valuable":[39],"source":[40],"evidence.":[43],"When":[44],"process":[46],"runs":[47],"or":[48,53,60,181,236],"accesses":[49],"file,":[51],"all":[52],"some":[54],"parts":[55],"process's":[58],"executable":[59,89],"file":[63,114,130,200],"are":[64],"mapped":[65,206],"into":[66],"memory.":[69],"this":[71,111,117,160],"article,":[72],"we":[73,119],"propose":[74],"various":[75,138],"methods":[76],"find":[78,178,197],"files":[79,92,168,185,211,217,244],"extract":[81,124],"them":[82],"from":[83,175],"in":[85,95,162],"order":[86,163],"rebuild":[88],"existed":[94],"at":[98],"time":[100],"incident.":[102],"We":[103],"developed":[104],"analysis":[107,226],"plug-in":[108],"uses":[110],"automated":[112],"extraction.":[115],"Using":[116],"tool,":[118],"have":[120,203],"been":[121,205],"able":[122],"wide":[126],"range":[127],"types,":[131],"including":[132],"text,":[133],"PDF,":[134],"Java":[135],"Archives":[136],"(JAR),":[137],"logs,":[139],"EVT":[140],"(system":[141],"event-log":[142],"files,":[143,239,241],"used":[144,220],"by":[145],"system":[147],"event":[148],"viewer),":[149],"HTML":[150],"many":[152],"more.":[153],"Investigators":[154],"can":[155,196,218],"use":[156],"result":[158],"research":[161],"(1)":[165],"compare":[166],"found":[169,245],"on":[170,190,212,246],"disk":[171],"with":[172,228],"those":[173,184],"extracted":[174,216],"possible":[179],"tampering":[180],"(2)":[182],"reconstruct":[183],"no":[187],"longer":[188],"exist":[189],"disk.":[192,214],"addition,":[194],"they":[195],"last":[199],"modifications":[201],"not":[204],"out":[207],"corresponding":[210],"Memory":[215],"be":[219],"for":[221],"purpose":[223],"correlation":[225],"along":[227],"other":[229],"sources":[230],"such":[233],"as":[234],"application":[235],"network":[237],"log":[238],"E-mail":[240],"disks.":[247]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}