{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:27:40Z","timestamp":1742912860321,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":13,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819604364"},{"type":"electronic","value":"9789819604371"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-96-0437-1_3","type":"book-chapter","created":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T16:56:58Z","timestamp":1732640218000},"page":"31-47","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Live Memory Forensics on\u00a0Virtual Memory"],"prefix":"10.1007","author":[{"given":"Khoa A.","family":"Nguyen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tien-Dung","family":"Vo-Van","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anh-Quynh","family":"Nguyen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thanh","family":"Nguyen-Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dinh-Thuan","family":"Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9910-6387","authenticated-orcid":false,"given":"Khuong","family":"Nguyen-An","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,11,27]]},"reference":[{"key":"3_CR1","unstructured":"Alasiri, A.: Comparative analysis of operational malware dynamic link library (DLL) injection live response vs. memory image. In: International Conference on Computing, Communication and Informatics Management (ICCCSIM 2012) (2012)"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Aljaedi, A., Lindskog, D., Zavarsky, P., Ruhl, R., Almari, F.: Comparative analysis of volatile memory forensics: live response vs. memory imaging. In: 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third International Conference on Social Computing, pp. 1253\u20131258. IEEE (2011)","DOI":"10.1109\/PASSAT\/SocialCom.2011.68"},{"key":"3_CR3","unstructured":"Alzaidi, M.: The study of SSDT hook through comparative analysis between live response and memory image (2012)"},{"key":"3_CR4","doi-asserted-by":"publisher","first-page":"S3","DOI":"10.1016\/j.diin.2019.04.008","volume":"29","author":"F Block","year":"2019","unstructured":"Block, F., Dewald, A.: Windows memory forensics: detecting (un) intentionally hidden injected code by examining page table entries. Digit. Investig. 29, S3\u2013S12 (2019)","journal-title":"Digit. Investig."},{"key":"3_CR5","doi-asserted-by":"publisher","first-page":"S38","DOI":"10.1016\/j.diin.2015.01.009","volume":"12","author":"MI Cohen","year":"2015","unstructured":"Cohen, M.I.: Characterization of the windows kernel version variability for accurate memory analysis. Digit. Investig. 12, S38\u2013S49 (2015)","journal-title":"Digit. Investig."},{"key":"3_CR6","unstructured":"Devices, A.M.: AMD64 architecture programmer\u2019s manual volume 2: System programming(2006)"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 566\u2013577 (2009)","DOI":"10.1145\/1653662.1653730"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Hua, Q., Zhang, Y.: Detecting malware and rootkit via memory forensics. In: 2015 International Conference on Computer Science and Mechanical Automation (CSMA), pp. 92\u201396. IEEE (2015)","DOI":"10.1109\/CSMA.2015.25"},{"key":"3_CR9","unstructured":"Intel: Intel\u00ae 64 and IA-32 architectures software developer\u2019s manual"},{"key":"3_CR10","doi-asserted-by":"publisher","first-page":"119133","DOI":"10.1016\/j.eswa.2022.119133","volume":"214","author":"I Kara","year":"2023","unstructured":"Kara, I.: Fileless malware threats: recent advances, analysis approach through memory forensics and research challenges. Expert Syst. Appl. 214, 119133 (2023)","journal-title":"Expert Syst. Appl."},{"key":"3_CR11","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1016\/j.diin.2006.06.010","volume":"3","author":"A Schuster","year":"2006","unstructured":"Schuster, A.: Searching for processes and threads in Microsoft windows memory dumps. Digit. Invest. 3, 10\u201316 (2006)","journal-title":"Digit. Invest."},{"key":"3_CR12","doi-asserted-by":"publisher","first-page":"S25","DOI":"10.1016\/j.diin.2016.01.005","volume":"16","author":"JT Sylve","year":"2016","unstructured":"Sylve, J.T., Marziale, V., Richard, G.G., III.: Pool tag quick scanning for windows memory analysis. Digit. Invest. 16, S25\u2013S32 (2016)","journal-title":"Digit. Invest."},{"key":"3_CR13","unstructured":"Waits, C., Akinyele, J.A., Nolan, R., Rogers, L.: Computer forensics: results of live response inquiry vs. memory image analysis. In: CERT program, CMU\/SEI-2008-TN-017 (2008)"}],"container-title":["Communications in Computer and Information Science","Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-0437-1_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T17:02:29Z","timestamp":1732640549000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-0437-1_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819604364","9789819604371"],"references-count":13,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-0437-1_3","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"27 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FDSE","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Future Data and Security Engineering","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Binh Duong","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vietnam","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fdse2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/thefdse.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}