{"id":"https://openalex.org/W2120696111","doi":"https://doi.org/10.4304/jnw.9.3.645-652","title":"Windows Volatile Memory Forensics Based on Correlation Analysis","display_name":"Windows Volatile Memory Forensics Based on Correlation Analysis","publication_year":2014,"publication_date":"2014-03-05","ids":{"openalex":"https://openalex.org/W2120696111","doi":"https://doi.org/10.4304/jnw.9.3.645-652","mag":"2120696111"},"language":"en","primary_location":{"id":"doi:10.4304/jnw.9.3.645-652","is_oa":false,"landing_page_url":"https://doi.org/10.4304/jnw.9.3.645-652","pdf_url":null,"source":{"id":"https://openalex.org/S189188848","display_name":"Journal of Networks","issn_l":"1796-2056","issn":["1796-2056"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318660","host_organization_name":"Academy Publisher","host_organization_lineage":["https://openalex.org/P4310318660"],"host_organization_lineage_names":["Academy Publisher"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Networks","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100746437","display_name":"Xiaolu Zhang","orcid":"https://orcid.org/0000-0002-4044-8550"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Xiaolu Zhang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109218904","display_name":"Liang Hu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liang Hu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101412609","display_name":"Shinan Song","orcid":"https://orcid.org/0000-0002-8879-8445"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shinan Song","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101904558","display_name":"Zhenzhen Xie","orcid":"https://orcid.org/0000-0002-8907-2064"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhenzhen Xie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058550197","display_name":"Xiangyu Meng","orcid":"https://orcid.org/0000-0002-1621-7445"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiangyu Meng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5008349845","display_name":"Kuo Zhao","orcid":"https://orcid.org/0000-0002-7030-0338"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kuo Zhao","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100746437"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.818,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.83415479,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"9","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.993399977684021,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9019814729690552},{"id":"https://openalex.org/keywords/correlation","display_name":"Correlation","score":0.44306451082229614},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.41197001934051514},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.22957319021224976}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9019814729690552},{"id":"https://openalex.org/C117220453","wikidata":"https://www.wikidata.org/wiki/Q5172842","display_name":"Correlation","level":2,"score":0.44306451082229614},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.41197001934051514},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.22957319021224976},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.4304/jnw.9.3.645-652","is_oa":false,"landing_page_url":"https://doi.org/10.4304/jnw.9.3.645-652","pdf_url":null,"source":{"id":"https://openalex.org/S189188848","display_name":"Journal of Networks","issn_l":"1796-2056","issn":["1796-2056"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318660","host_organization_name":"Academy Publisher","host_organization_lineage":["https://openalex.org/P4310318660"],"host_organization_lineage_names":["Academy Publisher"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Networks","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.429.2418","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.429.2418","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://ojs.academypublisher.com/index.php/jnw/article/viewFile/jnw0903645652/8840/","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.800000011920929}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W46688212","https://openalex.org/W1648198059","https://openalex.org/W1982623151","https://openalex.org/W2009229022","https://openalex.org/W2009585495","https://openalex.org/W2015210295","https://openalex.org/W2020171211","https://openalex.org/W2059449590","https://openalex.org/W2068661019","https://openalex.org/W2081989812","https://openalex.org/W2101060448","https://openalex.org/W2103956577","https://openalex.org/W2117499375","https://openalex.org/W2118534519","https://openalex.org/W2125156513","https://openalex.org/W2132174782","https://openalex.org/W2137725382","https://openalex.org/W2156350103","https://openalex.org/W2156838504","https://openalex.org/W6683247678"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2350741829","https://openalex.org/W2130043461","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Abstract\u2014In":[0],"this":[1],"paper,":[2],"we":[3,66,86],"present":[4],"an":[5,68],"integrated":[6],"memory":[7,13,30,55,75,140],"forensic":[8,58],"solution":[9],"for":[10],"multiple":[11],"Windows":[12],"images.":[14],"By":[15],"calculation,":[16],"the":[17,22,26,33,37,64,83,89,99,103,109,117,122,131,139,148],"method":[18,95],"can":[19,107],"find":[20,87],"out":[21],"correlation":[23],"degree":[24],"among":[25],"processes":[27],"of":[28,39],"volatile":[29],"images":[31],"and":[32,48,57,137,151],"hidden":[34],"clues":[35],"behind":[36],"events":[38],"computers,":[40],"which":[41,77,113],"is":[42,114,127],"usually":[43],"difficult":[44],"to":[45,62,82,98,143],"be":[46,144],"obtained":[47],"easily":[49],"ignored":[50],"by":[51,93,120],"analyzing":[52,121],"one":[53],"single":[54],"image":[56,76],"investigators.":[59],"In":[60],"order":[61],"test":[63],"validity,":[65],"performed":[67],"experiment":[69],"based":[70],"on":[71,147],"two":[72],"hosts":[73],"&amp;apos;":[74],"contains":[78],"criminal":[79,104],"incidents.":[80],"According":[81],"experimental":[84,123],"result,":[85],"that":[88],"event":[90],"chains":[91],"reconstructed":[92],"our":[94],"are":[96],"similar":[97],"actual":[100],"actions":[101,133],"in":[102,116],"scene.":[105],"Investigators":[106],"review":[108],"digital":[110],"crime":[111],"scenario":[112],"contained":[115],"data":[118],"set":[119],"results.":[124],"This":[125],"paper":[126],"aimed":[128],"at":[129],"finding":[130],"valid":[132],"with":[134],"illegal":[135],"attempt":[136],"making":[138],"analysis":[141],"not":[142],"utterly":[145],"dependent":[146],"operating":[149],"system":[150],"relevant":[152],"experts.":[153]},"counts_by_year":[{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}