{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T11:58:17Z","timestamp":1753358297965,"version":"3.40.3"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030471309"},{"type":"electronic","value":"9783030471316"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-47131-6_5","type":"book-chapter","created":{"date-parts":[[2020,7,25]],"date-time":"2020-07-25T08:03:54Z","timestamp":1595664234000},"page":"79-108","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Forensic Investigation of Ransomware Activities\u2014Part 2"],"prefix":"10.1007","author":[{"given":"Christopher","family":"Boyton","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nhien-An","family":"Le-Khac","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kim-Kwang Raymond","family":"Choo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anca","family":"Jurcut","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,7,26]]},"reference":[{"key":"5_CR1","doi-asserted-by":"publisher","unstructured":"Alabdulsalam, S., Schaefer, K., Kechadi, M.-T., Le-Khac, N.-A.: Internet of things forensics: challenges and case study. In: Gilbert, P., Sujeet, S. (eds.) Advances in Digital Forensics XIV. Springer Berlin Heidelberg, New York (2018). \nhttps:\/\/doi.org\/10.1007\/978-3-319-99277-8_3","DOI":"10.1007\/978-3-319-99277-8_3"},{"key":"5_CR2","doi-asserted-by":"crossref","unstructured":"Gonzalez, D., Hayajneh, T.: Detection and prevention of crypto-ransomware. In: Proceedings of IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON), Oct 2017, pp. 472\u2013478","DOI":"10.1109\/UEMCON.2017.8249052"},{"key":"5_CR3","unstructured":"Aidan, J.S., Garg, Z.U.: Advanced Petya ransomware and mitigation strategies. In: 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC), 2018, pp. 23\u201328"},{"key":"5_CR4","unstructured":"Sgandurra, D., Mu\u00f1oz-Gonz\u00e1lez, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection (2016). \narXiv:1609.03020\n\n. [Online]. Available: \nhttps:\/\/arxiv.org\/abs\/1609.03020"},{"key":"5_CR5","unstructured":"Shinde, R., Van der Veeken, P., Van Schooten, S., van den Berg, J.: Ransomware: studying transfer and mitigation. In: Computing Analytics and Security Trends (CAST) International Conference, 2016, pp. 90\u201395"},{"issue":"3","key":"5_CR6","doi-asserted-by":"publisher","first-page":"83","DOI":"10.4236\/jis.2014.53009","volume":"5","author":"M Faheem","year":"2014","unstructured":"Faheem, M., Le-Khac, N.-A., Kechadi, M.-T.: Smartphone forensics analysis: a case study for obtaining root access of an android Samsung S3 device and analyse the image without an expensive commercial tool. J. Inf. Secur. 5(3), 83\u201390 (2014). \nhttps:\/\/doi.org\/10.4236\/jis.2014.53009","journal-title":"J. Inf. Secur."},{"key":"5_CR7","first-page":"136","volume":"19","author":"SH Kok","year":"2019","unstructured":"Kok, S.H., Abdullah, A., Jhanjhi, N.Z., Supramaniam, M.: Ransomware, threat and detection techniques: a review. Int. J. Comput. Sci. Netw. Secur. 19, 136\u2013146 (2019)","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"key":"5_CR8","unstructured":"Dunn, J., Macaulay, T., Magee, T.: The worst types of ransomware attacks. Computerworld, 12 June 2018. \nhttps:\/\/www.computerworlduk.com\/galleries\/security\/worstransomware-attacks-we-name-internets-nastiest-extortion-malware3641916\/"},{"key":"5_CR9","doi-asserted-by":"publisher","unstructured":"Connolly, L.Y., Wall, D.S.: The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput. Secur. 87 (2019). \nhttps:\/\/doi.org\/10.1016\/j.cose.2019.101568","DOI":"10.1016\/j.cose.2019.101568"},{"key":"5_CR10","unstructured":"Schaefer, E., Le-Khac, N.-A., Scanlon, M.: Integration of ether unpacker into ragpicker for plugin-based malware analysis and identification. In: 16th European Conference on Cyber Warfare and Security, Dublin, Ireland, June 2017"},{"key":"5_CR11","doi-asserted-by":"publisher","unstructured":"Linke, A., Le-Khac, N.-A.: Control flow change in assembly as a classifier in malware analysis. In: 4th IEEE International Symposium on Digital Forensics and Security, Arkansas, Apr 2016. \nhttps:\/\/doi.org\/10.1109\/isdfs.2016.7473514","DOI":"10.1109\/isdfs.2016.7473514"},{"key":"5_CR12","doi-asserted-by":"publisher","unstructured":"Zollner, S., Choo, K.-K.R., Le-Khac, N.-A.: An automated live forensic and postmortem analysis tool for bitcoin on windows systems. IEEE Access 7 (2019). \nhttps:\/\/doi.org\/10.1109\/access.2019.2948774","DOI":"10.1109\/access.2019.2948774"},{"key":"5_CR13","doi-asserted-by":"publisher","unstructured":"Van der Horst, L., Choo, K.-K.R., Le-Khac, N.-A.: Process memory investigation of the bitcoin clients electrum and bitcoin core. IEEE Access 5 (2017). \nhttps:\/\/doi.org\/10.1109\/access.2017.2759766","DOI":"10.1109\/access.2017.2759766"},{"key":"5_CR14","doi-asserted-by":"publisher","first-page":"47053","DOI":"10.1109\/ACCESS.2019.2907485","volume":"7","author":"A Almashhadani","year":"2019","unstructured":"Almashhadani, A., Kaiiali, M., Sezer, S., O\u2019Kane, P.: A multi-classifier network-based crypto ransomware detection system: a case study of locky ransomware. IEEE Access 7, 47053\u201347067 (2019)","journal-title":"IEEE Access"},{"key":"5_CR15","first-page":"44925","volume":"7","author":"E Berrueta","year":"2019","unstructured":"Berrueta, E., Morato, D., Maga\u00f1a, E., Izal, M.: A survey on detection techniques for cryptographic ransomware. IEEE Access 7, 44925\u201344944 (2019)","journal-title":"IEEE Access"},{"key":"5_CR16","unstructured":"Andronio, N.: Heldroid: fast and efficient linguistic-based ransomware detection. Master Thesis. [Online]. Indigo.uic.edu. Available at: \nhttp:\/\/indigo.uic.edu\/bitstream\/handle\/10027\/19676\/Andronio_Nicolo.pdf?sequence=1\n\n (2012)"},{"key":"5_CR17","doi-asserted-by":"publisher","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: Proceedings of IEEE 36th International Conference on Distributed Computing Systems (ICDCS), June 2016, pp. 303\u2013312. \nhttps:\/\/doi.org\/10.1109\/icdcs.2016.46","DOI":"10.1109\/icdcs.2016.46"},{"key":"5_CR18","unstructured":"Alazab, A., Hobbs, M., Abawajy, J., Khraisat, A.: Malware detection and prevention system based on multi-stage rules. Int. J. Inf. Secur. Privacy (IJISP) 7(2), 29\u201343 (2013)"},{"key":"5_CR19","unstructured":"Yagi, T.: Website protection schemes based on behavior analysis of malware attackers. Master Thesis. [Online]. \/ir.library.osaka-u.ac.jp. Available at: \nhttp:\/\/ir.library.osaka-u.ac.jp\/dspace\/bitstream\/11094\/51137\/1\/25863_%e8%ab%96%e6%96%87.pdf\n\n (2013)"},{"key":"5_CR20","unstructured":"Fadsli Marhusin, M.: Improving the effectiveness of behaviour-based malware detection. Master of Information Technology (Computer Science), UKM, Malaysia. [Online]. Unsworks.unsw.edu.au. Available at: \nhttp:\/\/unsworks.unsw.edu.au\/fapi\/datastream\/unsworks:10868\/SOURCE02?view=true\n\n (2012)"},{"key":"5_CR21","unstructured":"Kinable, J.: Malware Detection Through Call Graphs. [Online]. Brage.bibsys.no. Available at: \nhttps:\/\/brage.bibsys.no\/xmlui\/bitstream\/handle\/11250\/262290\/353049_FULLTEXT01.pdf?sequence=1&isAllowed=y\n\n (2010)"},{"key":"5_CR22","unstructured":"Hu, X.: Large-scale malware analysis, detection, and signature generation. Doctor of Philosophy (Computer Science and Engineering), The University of Michigan. [Online]. Deepblue.lib.umich.edu. Available at: \nhttps:\/\/deepblue.lib.umich.edu\/bitstream\/handle\/2027.42\/89760\/huxin_1.pdf?sequence=1&isAllowed=y\n\n (2011)"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Blount, J.: Adaptive rule-based malware detection employing learning classifier systems. Masters Theses. 5008. \nhttps:\/\/scholarsmine.mst.edu\/masters_theses\/5008\n\n (2011)","DOI":"10.1109\/COMPSACW.2011.28"},{"key":"5_CR24","unstructured":"Paleari, R.: Dealing with next-generation malware. PhD Thesis. [Online]. air.unimi.it. Available at: \nhttps:\/\/air.unimi.it\/retrieve\/handle\/2434\/155496\/138529\/phd_unimi_R07627.pdf\n\n (2010)"},{"key":"5_CR25","unstructured":"Stafford, J.: Behaviour-based worm detection. PhD Thesis. [Online]. Scholarsbank.uoregon.edu. Available at: \nhttps:\/\/scholarsbank.uoregon.edu\/xmlui\/bitstream\/handle\/1794\/12341\/Stafford_oregon_0171A_10322.pdf?sequence=1&isAllowed=y\n\n (2012)"},{"key":"5_CR26","unstructured":"Msdn.microsoft.com: GetLogicalDriveStrings Function (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa364975(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR27","unstructured":"Msdn.microsoft.com: GetDriveType Function (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa364939(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR28","unstructured":"Msdn.microsoft.com: Enumerating All Processes (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms682623(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR29","unstructured":"Msdn.microsoft.com: GetModuleFileNameEx Function (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms683198(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR30","unstructured":"Msdn.microsoft.com: FindFirstChangeNotification Function (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa364417(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR31","unstructured":"Msdn.microsoft.com: FindFirstFileEx Function (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/aa364419(VS.85).aspx\n\n (2017)"},{"key":"5_CR32","unstructured":"Msdn.microsoft.com: Retrieving and Changing File Attributes (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa365522(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR33","unstructured":"Kramer, A.: adamkramer\/check_first. [Online]. GitHub. Available at: \nhttps:\/\/github.com\/adamkramer\/check_first\/blob\/master\/check_first.cpp\n\n (2015)"},{"key":"5_CR34","unstructured":"Virustotal.com: Public API Version 2.0\u2014VirusTotal. [Online]. Available at: \nhttps:\/\/www.virustotal.com\/en\/documentation\/public-api\/#getting-url-scans\n\n (2017)"},{"key":"5_CR35","unstructured":"Podobry, S.: Easy way to set up global API hooks\u2014CodeProject. [Online]. Codeproject.com. Available at: \nhttps:\/\/www.codeproject.com\/Articles\/49319\/Easy-way-to-set-up-global-API-hooks\n\n (2012)"},{"key":"5_CR36","unstructured":"Msdn.microsoft.com: RegSetValueEx Function (Windows). [Online]. Available at: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms724923(v=vs.85).aspx\n\n (2017)"},{"key":"5_CR37","unstructured":"rohitab.com\u2014Forums: Header file for API hooking\u2014Source Codes. [Online]. Available at: \nhttp:\/\/www.rohitab.com\/discuss\/topic\/40192-header-file-for-api-hooking\/#entry10106168\n\n (2013)"},{"key":"5_CR38","unstructured":"Andronio, N.: Heldroid: Fast and Efficient Linguistic-Based Ransomware Detection. [Online]. Indigo.uic.edu. Available at: \nhttp:\/\/indigo.uic.edu\/bitstream\/handle\/10027\/19676\/Andronio_Nicolo.pdf?sequence=1\n\n (2012)"},{"key":"5_CR39","doi-asserted-by":"crossref","unstructured":"Scaife, N., Carter, H., Traynor, P., Butler, K.: Stopping Ransomware Attacks on User Data. [Online]. \nhttps:\/\/www.cise.ufl.edu\/\n\n. Available at: \nhttps:\/\/www.cise.ufl.edu\/~traynor\/papers\/scaife-icdcs16.pdf\n\n (2016)","DOI":"10.1109\/ICDCS.2016.46"}],"container-title":["Studies in Big Data","Cyber and Digital Forensic Investigations"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-47131-6_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,25]],"date-time":"2020-07-25T08:15:26Z","timestamp":1595664926000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-47131-6_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030471309","9783030471316"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-47131-6_5","relation":{},"ISSN":["2197-6503","2197-6511"],"issn-type":[{"type":"print","value":"2197-6503"},{"type":"electronic","value":"2197-6511"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"26 July 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}