{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T11:00:02Z","timestamp":1766746802451,"version":"3.48.0"},"reference-count":17,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T00:00:00Z","timestamp":1766707200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T00:00:00Z","timestamp":1766707200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"DOI":"10.1007\/s42979-025-04514-z","type":"journal-article","created":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T10:58:12Z","timestamp":1766746692000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Direct Kernel Virtual Address Space Forensics for Live Memory Analysis"],"prefix":"10.1007","volume":"7","author":[{"given":"Anh-Khoa","family":"Nguyen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tien-Dung","family":"Vo-Van","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anh-Quynh","family":"Nguyen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thanh","family":"Nguyen-Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dinh-Thuan","family":"Le","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9910-6387","authenticated-orcid":false,"given":"Khuong","family":"Nguyen-An","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,12,26]]},"reference":[{"key":"4514_CR1","unstructured":"Nguyen KA. et al. Live memory forensics on virtual memory. In: Dang TK, K\u00fcng J, Chung TM (eds), Future data and security engineering. Big Data, security and privacy, smart city and industry 4.0 applications, 31\u201347 (Springer Nature Singapore, Ho Chi Minh City, 2024)."},{"key":"4514_CR2","unstructured":"Intel. Intel$$^{\\text{\\textregistered} }$$64 and IA-32 architectures software developer\u2019s manual (Santa Clara, CA, 2025)."},{"key":"4514_CR3","unstructured":"Devices AM. AMD64 architecture programmer\u2019s manual volume 2: system programming 2006."},{"key":"4514_CR4","unstructured":"Butler J. Dkom (direct kernel object manipulation). Black Hat Windows Security 2004."},{"key":"4514_CR5","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1016\/j.eswa.2022.119133","volume":"214","author":"I Kara","year":"2023","unstructured":"Kara I. Fileless malware threats: recent advances, analysis approach through memory forensics and research challenges. Expert Syst Appl. 2023;214:119\u201333.","journal-title":"Expert Syst Appl"},{"key":"4514_CR6","doi-asserted-by":"crossref","unstructured":"Hua Q, Zhang Y. Detecting malware and rootkit via memory forensics, 92\u201396 (IEEE, 2015).","DOI":"10.1109\/CSMA.2015.25"},{"key":"4514_CR7","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1016\/j.diin.2006.06.010","volume":"3","author":"A Schuster","year":"2006","unstructured":"Schuster A. Searching for processes and threads in microsoft windows memory dumps. Digit Investig. 2006;3:10\u20136.","journal-title":"Digit Investig"},{"key":"4514_CR8","doi-asserted-by":"publisher","first-page":"S25","DOI":"10.1016\/j.diin.2016.01.005","volume":"16","author":"JT Sylve","year":"2016","unstructured":"Sylve JT, Marziale V, Richard GG III. Pool tag quick scanning for windows memory analysis. Digit Investig. 2016;16:S25\u201332.","journal-title":"Digit Investig"},{"key":"4514_CR9","doi-asserted-by":"publisher","first-page":"S3","DOI":"10.1016\/j.diin.2019.04.008","volume":"29","author":"F Block","year":"2019","unstructured":"Block F, Dewald A. Windows memory forensics: detecting (un) intentionally hidden injected code by examining page table entries. Digit Investig. 2019;29:S3\u201312.","journal-title":"Digit Investig"},{"key":"4514_CR10","first-page":"589","volume":"2024","author":"Ishrag Hamid MMHR","year":"2024","unstructured":"Ishrag Hamid MMHR. A systematic literature review on volatility memory forensics. Comput Vis Bio-Insp Comput. 2024;2024:589\u2013600.","journal-title":"Comput Vis Bio-Insp Comput"},{"key":"4514_CR11","unstructured":"Patrycjusz Zdzichowski TUVABMKF. Michal Sadlon. NATO CCDCOE: Anti-forensic study; 2015."},{"key":"4514_CR12","doi-asserted-by":"publisher","first-page":"S38","DOI":"10.1016\/j.diin.2015.01.009","volume":"12","author":"MI Cohen","year":"2015","unstructured":"Cohen MI. Characterization of the windows kernel version variability for accurate memory analysis. Digit Investig. 2015;12:S38\u201349.","journal-title":"Digit Investig"},{"key":"4514_CR13","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt B, Srivastava A, Traynor P, Giffin J. Robust signatures for kernel data structures, 2009;566\u2013577.","DOI":"10.1145\/1653662.1653730"},{"key":"4514_CR14","unstructured":"Waits C, Akinyele JA, Nolan R, Rogers L. Computer forensics: results of live response inquiry vs. memory image analysis. CERT program, CMU\/SEI-2008-TN-017 2008."},{"key":"4514_CR15","doi-asserted-by":"crossref","unstructured":"Aljaedi A, Lindskog D, Zavarsky P, Ruhl R, Almari F. Comparative analysis of volatile memory forensics: live response vs. memory imaging. IEEE 2011;1253\u20131258.","DOI":"10.1109\/PASSAT\/SocialCom.2011.68"},{"key":"4514_CR16","unstructured":"Alasiri A. Comparative analysis of operational malware dynamic link library (dll) injection live response vs. memory image 2012 ."},{"key":"4514_CR17","unstructured":"Alzaidi M. The study of ssdt hook through comparative analysis between live response and memory image 2012."}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-025-04514-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-025-04514-z","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-025-04514-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,26]],"date-time":"2025-12-26T10:58:13Z","timestamp":1766746693000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-025-04514-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,26]]},"references-count":17,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,1]]}},"alternative-id":["4514"],"URL":"https:\/\/doi.org\/10.1007\/s42979-025-04514-z","relation":{},"ISSN":["2661-8907"],"issn-type":[{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,26]]},"assertion":[{"value":"5 May 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All authors have declared that no competing interests exist.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Human and animal rights"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed consent"}}],"article-number":"45"}}