{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T12:49:37Z","timestamp":1777898977608,"version":"3.51.4"},"reference-count":29,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T00:00:00Z","timestamp":1777593600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T00:00:00Z","timestamp":1777593600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T00:00:00Z","timestamp":1769990400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Journal of Information Security and Applications"],"published-print":{"date-parts":[[2026,5]]},"DOI":"10.1016\/j.jisa.2026.104393","type":"journal-article","created":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T20:42:33Z","timestamp":1770756153000},"page":"104393","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Accelerating volatile memory forensics for bare-metal malware analysis with FPGA devices"],"prefix":"10.1016","volume":"98","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0328-331X","authenticated-orcid":false,"given":"Dan","family":"Cristian Turicu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4875-2220","authenticated-orcid":false,"given":"Florin","family":"Oniga","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.jisa.2026.104393_bib0001","series-title":"Proceedings of the 1st reversing and offensive-oriented trends symposium","article-title":"A survey on automated dynamic malware analysis evasion and counter-evasion: pc, mobile, and web","author":"Bulazel","year":"2017"},{"key":"10.1016\/j.jisa.2026.104393_bib0002","doi-asserted-by":"crossref","unstructured":"Chen X., Andersen J., Mao Z. M., Bailey M., Nazario J.. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. IEEE international conference on dependable systems and networks with FTCS and DCC. 2008;10\u2013177. 10.1109\/DSN.2008.4630086.","DOI":"10.1109\/DSN.2008.4630086"},{"key":"10.1016\/j.jisa.2026.104393_bib0003","series-title":"Proceedings of the USENIX workshop on offensive technologies","article-title":"A fistful of red-pills: how to automatically generate procedures to detect CPU emulators","author":"Paleari","year":"2009"},{"key":"10.1016\/j.jisa.2026.104393_bib0004","doi-asserted-by":"crossref","unstructured":"Lindorfer M., Kolbitsch C., Comparetti P.M.. Detecting environment-sensitive malware. Proceedings of the 14th international conference on recent advances in intrusion detection. 2011;20\u2013338.","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"10.1016\/j.jisa.2026.104393_bib0005","doi-asserted-by":"crossref","unstructured":"Willems C., Hund R., Fobian A., Felsch D., Holz T., Vasudevan A.. Down to the bare metal: using processor features for binary analysis. Proceedings of the 28th annual computer security applications conference. 2012;10\u2013189. 10.1145\/2420950.2420980.","DOI":"10.1145\/2420950.2420980"},{"key":"10.1016\/j.jisa.2026.104393_bib0006","series-title":"Proceedings of the network and distributed system security symposium","article-title":"Efficient detection of split personalities in malware","author":"Balzarotti","year":"2010"},{"key":"10.1016\/j.jisa.2026.104393_bib0007","doi-asserted-by":"crossref","unstructured":"Brengel M., Backes M., Rossow C.. Detecting hardware-assisted virtualization. Proceedings of the international conference on detection of intrusions and malware, and vulnerability assessment. 2016;21\u2013207. 10.1007\/978-3-319-40667-1_11.","DOI":"10.1007\/978-3-319-40667-1_11"},{"key":"10.1016\/j.jisa.2026.104393_bib0008","unstructured":"Garfinkel T., Adams K., Warfield A., Franklin J.. Compatibility is not transparency: vmm detection myths and realities. Proceedings of the 11th USENIX workshop on hot topics in operating systems. 2007;6\u20131."},{"key":"10.1016\/j.jisa.2026.104393_bib0009","series-title":"WinPmem - a physical memory acquisition tool","author":"Rekall","year":"2020"},{"key":"10.1016\/j.jisa.2026.104393_bib0010","series-title":"DumpIt","author":"Moonsols","year":"2011"},{"key":"10.1016\/j.jisa.2026.104393_bib0011","series-title":"A hardware-based memory acquisition procedure for digital investigations","first-page":"11","author":"Carrier","year":"2004"},{"key":"10.1016\/j.jisa.2026.104393_bib0012","series-title":"Proceedings of the USENIX security symposium","article-title":"Copilot - a coprocessor-based kernel runtime integrity monitor","author":"Petroni","year":"2004"},{"key":"10.1016\/j.jisa.2026.104393_bib0013","doi-asserted-by":"crossref","unstructured":"Wang J., Zhang F., Sun K., Stavrou A.. Firmware-assisted memory acquisition and analysis tools for digital forensics. In: Proceedings of the IEEE international workshop on systematic approaches to digital forensic engineering. 2011;5\u20131. 10.1109\/SADFE.2011.7.","DOI":"10.1109\/SADFE.2011.7"},{"key":"10.1016\/j.jisa.2026.104393_bib0014","series-title":"PCILeech - Direct Memory Access (DMA) Attack Toolkit","author":"Frisk","year":"2025"},{"key":"10.1016\/j.jisa.2026.104393_bib0015","series-title":"Volatility 3 Framework: Advanced Memory Forensics Framework","author":"Volatility","year":"2025"},{"key":"10.1016\/j.jisa.2026.104393_bib0016","series-title":"Rekall Memory Forensic Framework","author":"Rekall","year":"2017"},{"key":"10.1016\/j.jisa.2026.104393_bib0017","series-title":"Storage Mirroring for Bare-Metal Malware Analysis on FPGA Devices. International Conference on Field-Programmable Technology","author":"Turicu","year":"2019"},{"key":"10.1016\/j.jisa.2026.104393_bib0018","series-title":"A survey on hypervisor-based monitoring: approaches, applications, and evolutions","first-page":"1","author":"Bauman","year":"2015"},{"key":"10.1016\/j.jisa.2026.104393_bib0019","series-title":"UltraScale Devices Integrated Block for PCI Express Product Guide","author":"Amd","year":"2025"},{"key":"10.1016\/j.jisa.2026.104393_bib0020","series-title":"Vivado Design Suite","author":"Amd","year":"2023"},{"key":"10.1016\/j.jisa.2026.104393_bib0021","series-title":"Alveo U50 Data Center Accelerator Card Data Sheet (DS965)","author":"Amd","year":"2023"},{"key":"10.1016\/j.jisa.2026.104393_bib0022","series-title":"RAMMap - Sysinternals","author":"Russinovich","year":"2025"},{"key":"10.1016\/j.jisa.2026.104393_bib0023","series-title":"Process Explorer - Sysinternals","author":"Russinovich","year":"2025"},{"key":"10.1016\/j.jisa.2026.104393_bib0024","series-title":"RAMspeed 1.0.0 Beta for Windows","author":"Hollander","year":"2008"},{"key":"10.1016\/j.jisa.2026.104393_bib0025","series-title":"GFX Memory Speed Benchmark","author":"N.C.S. Trade","year":"2024"},{"key":"10.1016\/j.jisa.2026.104393_bib0026","unstructured":"Hongyi L., Jiarong X., Yibo H., Danyang Z., Srinivas D., Ang C.. Remote direct memory introspection. In: Proceedings of the USENIX conference on security symposium. 2023;18\u20136043."},{"key":"10.1016\/j.jisa.2026.104393_bib0027","series-title":"Proceedings of the network and distributed system security symposium","article-title":"Lo-phi: low-observable physical host instrumentation for malware analysis","author":"Spensky","year":"2016"},{"key":"10.1016\/j.jisa.2026.104393_bib0028","series-title":"Proceedings of the 27th annual computer security applications conference","first-page":"10","article-title":"Barebox: efficient malware analysis on bare-metal","author":"Kirat","year":"2011"},{"key":"10.1016\/j.jisa.2026.104393_bib0029","first-page":"15","article-title":"Barecloud: baremetal analysis-based evasive malware detection","author":"Kirat","year":"2014","journal-title":"Proceedings of the 23rd USENIX conference on security symposium"}],"container-title":["Journal of Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2214212626000232?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2214212626000232?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T09:46:33Z","timestamp":1777628793000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2214212626000232"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5]]},"references-count":29,"alternative-id":["S2214212626000232"],"URL":"https:\/\/doi.org\/10.1016\/j.jisa.2026.104393","relation":{},"ISSN":["2214-2126"],"issn-type":[{"value":"2214-2126","type":"print"}],"subject":[],"published":{"date-parts":[[2026,5]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Accelerating volatile memory forensics for bare-metal malware analysis with FPGA devices","name":"articletitle","label":"Article Title"},{"value":"Journal of Information Security and Applications","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.jisa.2026.104393","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"104393"}}