{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T06:43:34Z","timestamp":1760424214748,"version":"build-2065373602"},"publisher-location":"Singapore","reference-count":27,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819531844","type":"print"},{"value":"9789819531851","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T00:00:00Z","timestamp":1760313600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,13]],"date-time":"2025-10-13T00:00:00Z","timestamp":1760313600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-3185-1_2","type":"book-chapter","created":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T06:05:48Z","timestamp":1760421948000},"page":"14-32","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Digital Forensics in\u00a0Ransomware Analysis for\u00a0Windows-Based Computer Systems"],"prefix":"10.1007","author":[{"given":"Hoang Anh","family":"Nguyen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"John","family":"Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joonsang","family":"Baek","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Willy","family":"Susilo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,13]]},"reference":[{"key":"2_CR1","unstructured":"Arnes, A.: Digital Forensics. Wiley (2017)"},{"key":"2_CR2","unstructured":"Australian federal police: Don\u2019t hack it alone: calls for australians to report ransomware attacks. Tech. rep., Australian Federal Police (2024). https:\/\/shorturl.at\/ficcU"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"B., M., Zipf, G.K.: Human behavior and the principle of least effort; an introduction to human ecology. Am. J. Psychol. 64(1), 149\u2013150 (1951)","DOI":"10.2307\/1418618"},{"key":"2_CR4","unstructured":"CNET download: free software download (2023). https:\/\/download.cnet.com. Accessed 10 May 2023"},{"key":"2_CR5","unstructured":"Cuckoo3: Creating an image (2024). https:\/\/cuckoo-hatch.cert.ee\/static\/docs\/creating\/vms\/#creating-an-image. Accessed 20 Dec 2024"},{"key":"2_CR6","unstructured":"Cuckoo3: What is cuckoo3? (2024). https:\/\/cuckoo-hatch.cert.ee\/static\/docs\/about\/cuckoo\/. Accessed 20 Dec 2024"},{"key":"2_CR7","unstructured":"Cybersecurity ventures: global ransomware damage costs predicted to reach \\$265 billion by 2031 (2023). https:\/\/shorturl.at\/ji2MY, accessed: Feb. 20, 2025"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Ganachari, S., Nandigam, P., Daga, A., Mohanty, S.N., Sudha, S.V.: Machine learning based malware analysis in digital forensic with IoT devices. In: Nandan\u00a0Mohanty, S., Garcia\u00a0Diaz, V., Satish\u00a0Kumar, G.A.E. (eds.) Intelligent Systems and Machine Learning, pp. 169\u2013183. Springer Nature Switzerland, Cham (2023)","DOI":"10.1007\/978-3-031-35078-8_15"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Houck, M.M., Siegel, J.A.: Fundamentals of Forensic Science. Elsevier, Amsterdam (2015)","DOI":"10.1016\/B978-0-12-800037-3.00024-8"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Ili\u0107, S., Gnjatovi\u0107, M., Tot, I., Jovanovi\u0107, B., Ma\u010dek, N., Gavrilovi\u0107\u00a0Bo\u017eovi\u0107, M.: Going beyond API calls in dynamic malware analysis: a novel dataset. Electronics (Basel) 13(17), 3553 (2024)","DOI":"10.3390\/electronics13173553"},{"key":"2_CR11","unstructured":"Internet crime complaint center: 2023 internet crime report. Tech. rep., FBI Internet Crime Complaint Center (IC3) (2023). https:\/\/www.ic3.gov\/AnnualReport\/Reports\/2023_IC3Report.pdf"},{"key":"2_CR12","doi-asserted-by":"publisher","unstructured":"Kao, D.Y., Wu, G.J.: A digital triage forensics framework of window malware forensic toolkit: based on ISO\/IEC 27037:2012. In: 2015 International Carnahan Conference on Security Technology (ICCST), pp. 217\u2013222 (2015). https:\/\/doi.org\/10.1109\/CCST.2015.7389685","DOI":"10.1109\/CCST.2015.7389685"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Kara, I., Aydos, M.: The rise of ransomware: forensic analysis for windows based ransomware attacks. Expert Syst. Appl. 190, 116198 (2022)","DOI":"10.1016\/j.eswa.2021.116198"},{"key":"2_CR14","doi-asserted-by":"publisher","unstructured":"Nakhonthai, P., Chimmanee, K.: Digital forensic analysis of ransomware attacks on industrial control systems: a case study in factories. In: 2022 6th International Conference on Information Technology (InCIT), pp. 416\u2013421 (2022). https:\/\/doi.org\/10.1109\/InCIT56086.2022.10067356","DOI":"10.1109\/InCIT56086.2022.10067356"},{"issue":"2","key":"2_CR15","doi-asserted-by":"publisher","first-page":"61","DOI":"10.4018\/IJNCR.2020040105","volume":"9","author":"J Norman","year":"2020","unstructured":"Norman, J., Joseph, P.: Systematic memory forensic analysis of ransomware using digital forensic tools. Int. J. Nat. Comput. Res. 9(2), 61\u201381 (2020)","journal-title":"Int. J. Nat. Comput. Res."},{"key":"2_CR16","doi-asserted-by":"publisher","unstructured":"Parisot, A., Bento, L.M.S., Machado, R.C.S.: Ransomware detection: leveraging sandbox, text mining techiques and machine learning. In: 2024 IEEE International Workshop on Metrology for Industry 4.0 & IoT (MetroInd4.0 & IoT), pp. 446\u2013451 (2024). https:\/\/doi.org\/10.1109\/MetroInd4.0IoT61288.2024.10584155","DOI":"10.1109\/MetroInd4.0IoT61288.2024.10584155"},{"key":"2_CR17","unstructured":"Ransomware task force: April 2024 progress report. Tech. rep., Institute for Security and Technology (2024). https:\/\/securityandtechnology.org\/wp-content\/uploads\/2024\/04\/April-2024-RTF-Progress-Report-Doubling-Down.pdf"},{"key":"2_CR18","unstructured":"Research and markets: operating systems market report 2025. Tech. rep., Research and Markets (2025). https:\/\/www.researchandmarkets.com\/report\/operating-systems"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Sammons, J.: The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Syngress, 225 Wyman Street, Waltham, MA 02451, USA (2012)","DOI":"10.1016\/B978-1-59749-661-2.00006-1"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Schmutz, D., Rapp, R., Fehrensen, B.: Forensic analysis of hook android malware. Forensic Sci. Int. Digit. Invest. 49, 301769 (2024)","DOI":"10.1016\/j.fsidi.2024.301769"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Sharma, S., Krishna, C.R., Kumar, R.: RansomDroid: forensic analysis and detection of android ransomware using unsupervised machine learning technique. Forensic Sci. Int. Digit. Invest. 37, 301168 (2021)","DOI":"10.1016\/j.fsidi.2021.301168"},{"key":"2_CR22","doi-asserted-by":"publisher","unstructured":"Shosha, A.F., James, J.I., Hannaway, A., Liu, C.C., Gladyshev, P.: Towards automated malware behavioral analysis and profiling for digital forensic investigation purposes. In: Rogers, M., Seigfried-Spellar, K.C. (eds.) Digital Forensics and Cyber Crime, pp. 66\u201380. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39891-9_5","DOI":"10.1007\/978-3-642-39891-9_5"},{"key":"2_CR23","unstructured":"Statcounter: desktop operating system market share worldwide (2025). https:\/\/gs.statcounter.com\/os-market-share\/desktop\/worldwide\/#monthly-202204-202504. Accessed 1 Apr 2025"},{"key":"2_CR24","unstructured":"statcounter: Windows version market share worldwide (2025). https:\/\/gs.statcounter.com\/windows-version-market-share\/desktop\/worldwide\/#monthly-202204-202504. Accessed 1 Apr 2025"},{"key":"2_CR25","doi-asserted-by":"publisher","unstructured":"Suk-On, N., Thiratitsakun, N., Chimmanee, K.: Digital forensic analysis of lockbit ransomware attack on operational technology. In: 2024 8th International Conference on Information Technology (InCIT), pp. 624\u2013629 (2024). https:\/\/doi.org\/10.1109\/InCIT63192.2024.10810564","DOI":"10.1109\/InCIT63192.2024.10810564"},{"key":"2_CR26","unstructured":"VirusShare.com: Virusshare.com - because sharing is caring (2023). https:\/\/virusshare.com. Accessed 10 May 2023"},{"key":"2_CR27","doi-asserted-by":"publisher","unstructured":"Zola, F., Bruse, J.L., Galar, M.: Temporal analysis of distribution shifts in malware classification for digital forensics. In: 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 439\u2013450 (2023). https:\/\/doi.org\/10.1109\/EuroSPW59978.2023.00054","DOI":"10.1109\/EuroSPW59978.2023.00054"}],"container-title":["Lecture Notes in Computer Science","Data Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-3185-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,14]],"date-time":"2025-10-14T06:05:55Z","timestamp":1760421955000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-3185-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,13]]},"ISBN":["9789819531844","9789819531851"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-3185-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,13]]},"assertion":[{"value":"13 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DSPP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Data Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Xi'an","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dspp2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dspp2025.xidian.edu.cn\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}