{"id":"https://openalex.org/W4286005470","doi":"https://doi.org/10.3390/jcp2030028","title":"The Evolution of Volatile Memory Forensics","display_name":"The Evolution of Volatile Memory Forensics","publication_year":2022,"publication_date":"2022-07-20","ids":{"openalex":"https://openalex.org/W4286005470","doi":"https://doi.org/10.3390/jcp2030028"},"language":"en","primary_location":{"id":"doi:10.3390/jcp2030028","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp2030028","pdf_url":"https://www.mdpi.com/2624-800X/2/3/28/pdf?version=1658309676","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2624-800X/2/3/28/pdf?version=1658309676","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008347204","display_name":"Hannah Nyholm","orcid":null},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hannah Nyholm","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031480988","display_name":"Kristine Monteith","orcid":null},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kristine Monteith","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019036917","display_name":"Seth Lyles","orcid":null},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Seth Lyles","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000228863","display_name":"Micaela Gallegos","orcid":null},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Micaela Gallegos","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020533869","display_name":"Mark DeSantis","orcid":null},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mark DeSantis","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057853977","display_name":"John Donaldson","orcid":null},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"John Donaldson","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5026696665","display_name":"Claire Taylor","orcid":"https://orcid.org/0000-0002-8661-3910"},"institutions":[{"id":"https://openalex.org/I1282311441","display_name":"Lawrence Livermore National Laboratory","ror":"https://ror.org/041nk4h53","country_code":"US","type":"facility","lineage":["https://openalex.org/I1282311441","https://openalex.org/I1330989302","https://openalex.org/I198811213","https://openalex.org/I4210138311"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Claire Taylor","raw_affiliation_strings":["Lawrence Livermore National Laboratory, Livermore, CA 94550, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Lawrence Livermore National Laboratory, Livermore, CA 94550, USA","institution_ids":["https://openalex.org/I1282311441"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5008347204"],"corresponding_institution_ids":["https://openalex.org/I1282311441"],"apc_list":{"value":1000,"currency":"CHF","value_usd":1082},"apc_paid":{"value":1000,"currency":"CHF","value_usd":1082},"fwci":4.1603,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.94952023,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"2","issue":"3","first_page":"556","last_page":"572"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7786437273025513},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5655291080474854},{"id":"https://openalex.org/keywords/snapshot","display_name":"Snapshot (computer storage)","score":0.515605628490448},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.4865266680717468},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.47342994809150696},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.46450090408325195},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4170774221420288},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.36194491386413574},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3238389492034912},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.20891764760017395},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.19289502501487732}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7786437273025513},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5655291080474854},{"id":"https://openalex.org/C55282118","wikidata":"https://www.wikidata.org/wiki/Q252683","display_name":"Snapshot (computer storage)","level":2,"score":0.515605628490448},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.4865266680717468},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.47342994809150696},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.46450090408325195},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4170774221420288},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.36194491386413574},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3238389492034912},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.20891764760017395},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.19289502501487732},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.3390/jcp2030028","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp2030028","pdf_url":"https://www.mdpi.com/2624-800X/2/3/28/pdf?version=1658309676","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:ab7a7e78e74f4297995082a3d4236e85","is_oa":true,"landing_page_url":"https://doaj.org/article/ab7a7e78e74f4297995082a3d4236e85","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Cybersecurity and Privacy, Vol 2, Iss 3, Pp 556-572 (2022)","raw_type":"article"},{"id":"pmh:oai:osti.gov:1876935","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1876935","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},{"id":"pmh:oai:osti.gov:1884642","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1884642","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null},{"id":"pmh:oai:osti.gov:1885656","is_oa":true,"landing_page_url":"https://www.osti.gov/biblio/1885656","pdf_url":null,"source":{"id":"https://openalex.org/S4306402487","display_name":"OSTI OAI (U.S. Department of Energy Office of Scientific and Technical Information)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I139351228","host_organization_name":"Office of Scientific and Technical Information","host_organization_lineage":["https://openalex.org/I139351228"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":null}],"best_oa_location":{"id":"doi:10.3390/jcp2030028","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp2030028","pdf_url":"https://www.mdpi.com/2624-800X/2/3/28/pdf?version=1658309676","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306084","display_name":"U.S. Department of Energy","ror":"https://ror.org/01bj3aw27"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4286005470.pdf"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W1981221397","https://openalex.org/W2014130931","https://openalex.org/W2052412856","https://openalex.org/W2068661019","https://openalex.org/W2092935428","https://openalex.org/W2096269529","https://openalex.org/W2288565242","https://openalex.org/W2460736843","https://openalex.org/W2517430515","https://openalex.org/W2544541072","https://openalex.org/W2579276500","https://openalex.org/W2591395630","https://openalex.org/W2612449038","https://openalex.org/W2625122926","https://openalex.org/W2742819853","https://openalex.org/W2766645114","https://openalex.org/W2784097977","https://openalex.org/W2785636071","https://openalex.org/W2791677974","https://openalex.org/W2806294538","https://openalex.org/W2885309848","https://openalex.org/W2909832217","https://openalex.org/W2911883410","https://openalex.org/W2923208273","https://openalex.org/W2963155255","https://openalex.org/W2965893286","https://openalex.org/W2972552958","https://openalex.org/W3011815082","https://openalex.org/W3013896538","https://openalex.org/W3032383616","https://openalex.org/W3080622597","https://openalex.org/W3108671495","https://openalex.org/W3118382796","https://openalex.org/W3169281546","https://openalex.org/W3207948582","https://openalex.org/W4302027802","https://openalex.org/W6739346203","https://openalex.org/W6755839861","https://openalex.org/W7020962015"],"related_works":["https://openalex.org/W2034129977","https://openalex.org/W1745773915","https://openalex.org/W2294212083","https://openalex.org/W2768892939","https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2134874482","https://openalex.org/W2765820957","https://openalex.org/W2311131113","https://openalex.org/W4367595269"],"abstract_inverted_index":{"The":[0,17],"collection":[1,98],"and":[2,19,71,102,133,148,154,175,209],"analysis":[3,47,155],"of":[4,11,58,66,75,99,110,116],"volatile":[5,45,151],"memory":[6,42,46,100,131,152,160,178],"is":[7,23],"a":[8,38,194],"vibrant":[9],"area":[10],"research":[12,92,128],"in":[13,193],"the":[14,84,97,108,114,127,145,165,182,205],"cybersecurity":[15],"community.":[16],"ever-evolving":[18],"growing":[20],"threat":[21],"landscape":[22],"trending":[24],"towards":[25],"fileless":[26],"malware,":[27],"which":[28,76],"avoids":[29],"traditional":[30,183],"detection":[31],"but":[32],"can":[33],"be":[34],"found":[35],"by":[36,143],"examining":[37],"system\u2019s":[39],"random":[40],"access":[41],"(RAM).":[43],"Additionally,":[44],"offers":[48],"great":[49],"insight":[50],"into":[51],"other":[52],"malicious":[53],"vectors.":[54],"It":[55],"contains":[56],"fragments":[57],"encrypted":[59],"files\u2019":[60],"contents,":[61],"as":[62,64,197,199],"well":[63,198],"lists":[65],"running":[67],"processes,":[68],"imported":[69],"modules,":[70],"network":[72],"connections,":[73],"all":[74],"are":[77],"difficult":[78],"or":[79,122],"impossible":[80],"to":[81,104,113],"extract":[82],"from":[83],"file":[85],"system.":[86],"For":[87,159,177],"these":[88],"compelling":[89],"reasons,":[90],"recent":[91],"efforts":[93],"have":[94],"focused":[95],"on":[96,129],"snapshots":[101],"methods":[103,185,191],"analyze":[105],"them":[106],"for":[107,150,156,212],"presence":[109],"malware.":[111],"However,":[112],"best":[115],"our":[117],"knowledge,":[118],"no":[119],"current":[120],"reviews":[121],"surveys":[123],"exist":[124],"that":[125,137],"systematize":[126],"both":[130],"acquisition":[132,153,161],"analysis.":[134],"We":[135,203],"fill":[136],"gap":[138],"with":[139],"this":[140],"novel":[141],"survey":[142],"exploring":[144],"state-of-the-art":[146],"tools":[147],"techniques":[149,168],"malware":[157],"identification.":[158],"methods,":[162,189],"we":[163,180],"explore":[164],"trade-offs":[166],"many":[167],"make":[169],"between":[170],"snapshot":[171],"quality,":[172],"performance":[173],"overhead,":[174],"security.":[176],"analysis,":[179],"examined":[181],"forensic":[184],"used,":[186],"including":[187],"signature-based":[188],"dynamic":[190],"performed":[192],"sandbox":[195],"environment,":[196],"machine":[200],"learning-based":[201],"approaches.":[202],"summarize":[204],"currently":[206],"available":[207],"tools,":[208],"suggest":[210],"areas":[211],"more":[213],"research.":[214]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":4}],"updated_date":"2026-05-23T08:51:43.019350","created_date":"2025-10-10T00:00:00"}