{"id":"https://openalex.org/W4400914404","doi":"https://doi.org/10.1145/3680293","title":"Causal Inconsistencies Are Normal in Windows Memory Dumps (Too)","display_name":"Causal Inconsistencies Are Normal in Windows Memory Dumps (Too)","publication_year":2024,"publication_date":"2024-07-23","ids":{"openalex":"https://openalex.org/W4400914404","doi":"https://doi.org/10.1145/3680293"},"language":"en","primary_location":{"id":"doi:10.1145/3680293","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3680293","pdf_url":null,"source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://doi.org/10.1145/3680293","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104988025","display_name":"Lisa Rzepka","orcid":"https://orcid.org/0009-0001-4918-7449"},"institutions":[{"id":"https://openalex.org/I40527276","display_name":"Universit\u00e4t der Bundeswehr M\u00fcnchen","ror":"https://ror.org/05kkv3f82","country_code":"DE","type":"education","lineage":["https://openalex.org/I1315109972","https://openalex.org/I40527276","https://openalex.org/I4387152969"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Lisa Rzepka","raw_affiliation_strings":["Universit\u00e4t der Bundeswehr M\u00fcnchen, Munich, Germany"],"raw_orcid":"https://orcid.org/0009-0001-4918-7449","affiliations":[{"raw_affiliation_string":"Universit\u00e4t der Bundeswehr M\u00fcnchen, Munich, Germany","institution_ids":["https://openalex.org/I40527276"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011197745","display_name":"Jenny Ottmann","orcid":"https://orcid.org/0000-0003-1090-0566"},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Jenny Ottmann","raw_affiliation_strings":["Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Erlangen, Germany"],"raw_orcid":"https://orcid.org/0000-0003-1090-0566","affiliations":[{"raw_affiliation_string":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035871932","display_name":"Felix Freiling","orcid":null},"institutions":[{"id":"https://openalex.org/I181369854","display_name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg","ror":"https://ror.org/00f7hpc57","country_code":"DE","type":"education","lineage":["https://openalex.org/I181369854"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Felix Freiling","raw_affiliation_strings":["Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Erlangen, Germany"],"raw_orcid":"https://orcid.org/0000-0002-8279-8401","affiliations":[{"raw_affiliation_string":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Erlangen, Germany","institution_ids":["https://openalex.org/I181369854"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010243095","display_name":"Harald Baier","orcid":"https://orcid.org/0000-0002-9254-6398"},"institutions":[{"id":"https://openalex.org/I40527276","display_name":"Universit\u00e4t der Bundeswehr M\u00fcnchen","ror":"https://ror.org/05kkv3f82","country_code":"DE","type":"education","lineage":["https://openalex.org/I1315109972","https://openalex.org/I40527276","https://openalex.org/I4387152969"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Harald Baier","raw_affiliation_strings":["Universit\u00e4t der Bundeswehr M\u00fcnchen, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0002-9254-6398","affiliations":[{"raw_affiliation_string":"Universit\u00e4t der Bundeswehr M\u00fcnchen, Munich, Germany","institution_ids":["https://openalex.org/I40527276"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5104988025"],"corresponding_institution_ids":["https://openalex.org/I40527276"],"apc_list":null,"apc_paid":null,"fwci":1.3456,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.81717371,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"5","issue":"3","first_page":"1","last_page":"20"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9943000078201294,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.39347562193870544},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.3355979025363922},{"id":"https://openalex.org/keywords/cognitive-psychology","display_name":"Cognitive psychology","score":0.33394283056259155}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.39347562193870544},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.3355979025363922},{"id":"https://openalex.org/C180747234","wikidata":"https://www.wikidata.org/wiki/Q23373","display_name":"Cognitive psychology","level":1,"score":0.33394283056259155}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3680293","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3680293","pdf_url":null,"source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3680293","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3680293","pdf_url":null,"source":{"id":"https://openalex.org/S4210235901","display_name":"Digital Threats Research and Practice","issn_l":"2576-5337","issn":["2576-5337","2692-1626"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Digital Threats: Research and Practice","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8199999928474426,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W1970973510","https://openalex.org/W2068661019","https://openalex.org/W2092935428","https://openalex.org/W2113854927","https://openalex.org/W2128213437","https://openalex.org/W2329331065","https://openalex.org/W2579276500","https://openalex.org/W2909832217","https://openalex.org/W2920968069","https://openalex.org/W2923208273","https://openalex.org/W3196815683","https://openalex.org/W4240402692","https://openalex.org/W4387804485"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Main":[0],"memory":[1,19,32,51,83,101,135,169,180,198],"contains":[2],"valuable":[3],"information":[4,10],"for":[5,13],"criminal":[6],"investigations,":[7],"e.g.,":[8],"process":[9],"or":[11],"keys":[12],"disk":[14],"encryption.":[15],"Taking":[16],"snapshots":[17],"of":[18,47,73,105,117,131,143,151,167,175,194],"is":[20,126,153,187],"therefore":[21],"common":[22],"practice":[23],"during":[24],"a":[25,44,55,87,110,129,138,148],"digital":[26],"forensic":[27],"examination.":[28],"Inconsistencies":[29],"in":[30,50,75,99,177,196],"such":[31],"dumps":[33,52],"can,":[34],"however,":[35],"hamper":[36],"their":[37],"analysis.":[38],"In":[39],"this":[40],"article,":[41],"we":[42],"perform":[43],"systematic":[45],"assessment":[46],"causal":[48,79],"inconsistencies":[49,74,80,98,152,176,195],"taken":[53],"on":[54,115,128],"Windows":[56,76,107,197],"10":[57],"machine":[58],"using":[59,86,109],"the":[60,71,92,100,106,118,154,158,168,173,178,192],"kernel-level":[61],"acquisition":[62,170],"tool":[63,171],"WinPmem.":[64],"We":[65,160],"use":[66],"two":[67],"approaches":[68],"to":[69,172,189],"measure":[70],"quantity":[72],"10:":[77],"(1)":[78],"within":[81],"self-injected":[82],"data":[84,103],"structures":[85,104],"known":[88],"methodology":[89],"transferred":[90],"from":[91],"Linux":[93],"operating":[94],"system,":[95],"and":[96,164],"(2)":[97],"management":[102],"kernel":[108],"novel":[111],"measurement":[112,145],"technique":[113],"based":[114,127],"properties":[116],"virtual":[119],"address":[120],"descriptor":[121],"(VAD)":[122],"tree.":[123],"Our":[124],"evaluation":[125],"dataset":[130],"more":[132],"than":[133,157],"180":[134],"dumps.":[136,199],"As":[137],"central":[139],"result,":[140],"both":[141],"types":[142],"inconsistency":[144],"reveal":[146],"that":[147],"high":[149],"number":[150,174],"norm":[155],"rather":[156],"exception.":[159],"also":[161],"correlate":[162],"workload":[163],"execution":[165],"time":[166],"respective":[179],"snapshot.":[181],"By":[182],"controlling":[183],"these":[184],"factors":[185],"it":[186],"possible":[188],"(somewhat)":[190],"control":[191],"level":[193]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}