{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T04:52:15Z","timestamp":1769921535434,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427244","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"28-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["App-Agnostic Post-Execution Semantic Analysis of Android In-Memory Forensics Artifacts"],"prefix":"10.1145","author":[{"given":"Aisha","family":"Ali-Gombe","sequence":"first","affiliation":[{"name":"Towson University, United States of America"}]},{"given":"Alexandra","family":"Tambaoan","sequence":"additional","affiliation":[{"name":"Towson University"}]},{"given":"Angela","family":"Gurfolino","sequence":"additional","affiliation":[{"name":"Towson University"}]},{"given":"Golden G.","family":"Richard III","sequence":"additional","affiliation":[{"name":"Louisiana State University"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/github.com\/apphackuno\/DroidScraper [Online","author":"Ali-Gombe Aisha","year":"2018","unstructured":"Aisha Ali-Gombe . 2019. DroidScraper. https:\/\/github.com\/apphackuno\/DroidScraper [Online ; accessed 10- January 2018 ]. Aisha Ali-Gombe. 2019. DroidScraper. https:\/\/github.com\/apphackuno\/DroidScraper [Online; accessed 10-January 2018]."},{"key":"e_1_3_2_1_2_1","volume-title":"DroidScraper: A Tool for Android In-Memory Object Recovery and Reconstruction. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID}","author":"Ali-Gombe Aisha","year":"2019","unstructured":"Aisha Ali-Gombe , Sneha Sudhakaran , Andrew Case , and Golden\u00a0 G Richard\u00a0III. 2019 . DroidScraper: A Tool for Android In-Memory Object Recovery and Reconstruction. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019). 547\u2013559. Aisha Ali-Gombe, Sneha Sudhakaran, Andrew Case, and Golden\u00a0G Richard\u00a0III. 2019. DroidScraper: A Tool for Android In-Memory Object Recovery and Reconstruction. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019). 547\u2013559."},{"key":"e_1_3_2_1_3_1","volume-title":"Volatile Memory Message Carving: A","author":"Ali-Gombe Aisha\u00a0Ibrahim","unstructured":"Aisha\u00a0Ibrahim Ali-Gombe . 2012. Volatile Memory Message Carving: A \u201d per process basis\u201d Approach. Master\u2019s Thesis. University of New Orleans , LA. Aisha\u00a0Ibrahim Ali-Gombe. 2012. Volatile Memory Message Carving: A\u201d per process basis\u201d Approach. Master\u2019s Thesis. University of New Orleans, LA."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Aisha\u00a0I Ali-Gombe Brendan Saltaformaggio Dongyan Xu Golden\u00a0G Richard\u00a0III 2018. Toward a more dependable hybrid analysis of android malware using aspect-oriented programming. computers & security 73(2018) 235\u2013248.  Aisha\u00a0I Ali-Gombe Brendan Saltaformaggio Dongyan Xu Golden\u00a0G Richard\u00a0III 2018. Toward a more dependable hybrid analysis of android malware using aspect-oriented programming. computers & security 73(2018) 235\u2013248.","DOI":"10.1016\/j.cose.2017.11.006"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.09.002"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Rohit Bhatia Brendan Saltaformaggio Seung\u00a0Jei Yang Aisha\u00a0I Ali-Gombe Xiangyu Zhang Dongyan Xu and Golden\u00a0G Richard\u00a0III. 2018. Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images.. In NDSS.  Rohit Bhatia Brendan Saltaformaggio Seung\u00a0Jei Yang Aisha\u00a0I Ali-Gombe Xiangyu Zhang Dongyan Xu and Golden\u00a0G Richard\u00a0III. 2018. Tipped Off by Your Memory Allocator: Device-Wide User Activity Sequencing from Android Memory Images.. In NDSS.","DOI":"10.14722\/ndss.2018.23324"},{"key":"e_1_3_2_1_7_1","unstructured":"Andrew Case. 2011. Memory analysis of the dalvik (android) virtual machine. Source Seattle.  Andrew Case. 2011. Memory analysis of the dalvik (android) virtual machine. Source Seattle."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.04.011"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.05.005"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2016.04.017"},{"key":"e_1_3_2_1_11_1","unstructured":"Andrew Case and Golden\u00a0G Richard\u00a0III. 2016. Memory forensics: The path forward. Digital investigation(2016) 1\u201311.  Andrew Case and Golden\u00a0G Richard\u00a0III. 2016. Memory forensics: The path forward. Digital investigation(2016) 1\u201311."},{"key":"e_1_3_2_1_12_1","unstructured":"IBM\u00a0Knowlegge Center. 2015. Garbage collection roots. https:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SS3KLZ\/com.ibm.java.diagnostics.memory.analyzer.doc\/gcroots.html  IBM\u00a0Knowlegge Center. 2015. Garbage collection roots. https:\/\/www.ibm.com\/support\/knowledgecenter\/en\/SS3KLZ\/com.ibm.java.diagnostics.memory.analyzer.doc\/gcroots.html"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/JISIC.2014.54"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/BIGCOMP.2017.7881732"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2894643"},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/hc.apache.org\/httpcomponents-client-ga\/httpclient\/apidocs\/org\/apache\/http\/client\/HttpClient.html [Online","author":"Apache\u00a0Software Foundation The","year":"2020","unstructured":"The Apache\u00a0Software Foundation . 2020. Interface HttpClient . https:\/\/hc.apache.org\/httpcomponents-client-ga\/httpclient\/apidocs\/org\/apache\/http\/client\/HttpClient.html [Online ; accessed 1- June 2020 ]. The Apache\u00a0Software Foundation. 2020. Interface HttpClient. https:\/\/hc.apache.org\/httpcomponents-client-ga\/httpclient\/apidocs\/org\/apache\/http\/client\/HttpClient.html [Online; accessed 1-June 2020]."},{"key":"e_1_3_2_1_18_1","volume-title":"Volatility Command Reference. https:\/\/github.com\/volatilityfoundation\/volatility\/wiki\/Command-Reference#memdump [Online","author":"Foundation Volatility","year":"2018","unstructured":"Volatility Foundation . 2017. Volatility Command Reference. https:\/\/github.com\/volatilityfoundation\/volatility\/wiki\/Command-Reference#memdump [Online ; accessed 21- March 2018 ]. Volatility Foundation. 2017. Volatility Command Reference. https:\/\/github.com\/volatilityfoundation\/volatility\/wiki\/Command-Reference#memdump [Online; accessed 21-March 2018]."},{"key":"e_1_3_2_1_19_1","volume-title":"https:\/\/www.genymotion.com [Online","author":"Desktop Genymotion","year":"2020","unstructured":"Genymotion. 2019. Genymotion Desktop . https:\/\/www.genymotion.com [Online ; accessed 10- January 2020 ]. Genymotion. 2019. Genymotion Desktop. https:\/\/www.genymotion.com [Online; accessed 10-January 2020]."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. 2019. Google Play. https:\/\/play.google.com\/store?hl=en  Google. 2019. Google Play. https:\/\/play.google.com\/store?hl=en"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"George Grispos William\u00a0Bradley Glisson and Tim Storer. 2015. Recovering residual forensic data from smartphone interactions with cloud storage providers. arXiv preprint arXiv:1506.02268(2015).  George Grispos William\u00a0Bradley Glisson and Tim Storer. 2015. Recovering residual forensic data from smartphone interactions with cloud storage providers. arXiv preprint arXiv:1506.02268(2015).","DOI":"10.1016\/B978-0-12-801595-7.00016-1"},{"key":"e_1_3_2_1_22_1","volume-title":"Mastering the super timeline with log2timeline","author":"Gu\u00f0j\u00f3nsson Kristinn","year":"2010","unstructured":"Kristinn Gu\u00f0j\u00f3nsson . 2010. Mastering the super timeline with log2timeline . SANS Institute ( 2010 ). Kristinn Gu\u00f0j\u00f3nsson. 2010. Mastering the super timeline with log2timeline. SANS Institute (2010)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.006"},{"key":"e_1_3_2_1_25_1","volume-title":"Android forensics: investigation, analysis and mobile security for Google Android","author":"Hoog Andrew","unstructured":"Andrew Hoog . 2011. Android forensics: investigation, analysis and mobile security for Google Android . Elsevier . Andrew Hoog. 2011. Android forensics: investigation, analysis and mobile security for Google Android. Elsevier."},{"key":"e_1_3_2_1_26_1","volume-title":"First Conference on Advances in Computer Security and Forensics","author":"Khan MNA","year":"2006","unstructured":"MNA Khan and Ian Wakeman . 2006 . Machine learning for post-event timeline reconstruction . In First Conference on Advances in Computer Security and Forensics , Liverpool, UK. Citeseer. MNA Khan and Ian Wakeman. 2006. Machine learning for post-event timeline reconstruction. In First Conference on Advances in Computer Security and Forensics, Liverpool, UK. Citeseer."},{"key":"e_1_3_2_1_27_1","unstructured":"Jon Kleinberg and \u00c9va Tardos. 2005. Algorithm Design. Pearson.  Jon Kleinberg and \u00c9va Tardos. 2005. Algorithm Design. Pearson."},{"key":"e_1_3_2_1_28_1","volume-title":"Android Forensics: Simplifying Cell Phone Examinations.(2010).","author":"Lessard Jeff","year":"2010","unstructured":"Jeff Lessard and Gary Kessler . 2010 . Android Forensics: Simplifying Cell Phone Examinations.(2010). Jeff Lessard and Gary Kessler. 2010. Android Forensics: Simplifying Cell Phone Examinations.(2010)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2011.440"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.04.018"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_9"},{"key":"e_1_3_2_1_32_1","volume-title":"Live Memory Forensics on Android with Volatility","author":"Macht Holger","year":"2013","unstructured":"Holger Macht . 2013. Live Memory Forensics on Android with Volatility . Friedrich-Alexander University Erlangen-Nuremberg ( 2013 ). Holger Macht. 2013. Live Memory Forensics on Android with Volatility. Friedrich-Alexander University Erlangen-Nuremberg (2013)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/566172.566174"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Adam Pridgen Simson Garfinkel and Dan Wallach. 2017. Present but unreachable: reducing persistentlatent secrets in hotspot jvm. (2017).  Adam Pridgen Simson Garfinkel and Dan Wallach. 2017. Present but unreachable: reducing persistentlatent secrets in hotspot jvm. (2017).","DOI":"10.24251\/HICSS.2017.727"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.01.002"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813650"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813720"},{"key":"e_1_3_2_1_38_1","volume-title":"25th {USENIX} Security Symposium ({USENIX} Security 16). 1137\u20131151.","author":"Saltaformaggio Brendan","unstructured":"Brendan Saltaformaggio , Rohit Bhatia , Xiangyu Zhang , Dongyan Xu , and Golden\u00a0 G Richard\u00a0III. 2016. Screen after previous screens: Spatial-temporal recreation of android app displays from memory images . In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1137\u20131151. Brendan Saltaformaggio, Rohit Bhatia, Xiangyu Zhang, Dongyan Xu, and Golden\u00a0G Richard\u00a0III. 2016. Screen after previous screens: Spatial-temporal recreation of android app displays from memory images. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1137\u20131151."},{"key":"e_1_3_2_1_39_1","volume-title":"23rd {USENIX} Security Symposium ({USENIX} Security 14). 255\u2013269.","author":"Saltaformaggio Brendan","unstructured":"Brendan Saltaformaggio , Zhongshu Gu , Xiangyu Zhang , and Dongyan Xu. 2014. {DSCRETE} : Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse . In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 255\u2013269. Brendan Saltaformaggio, Zhongshu Gu, Xiangyu Zhang, and Dongyan Xu. 2014. {DSCRETE}: Automatic Rendering of Forensic Information from Memory Images via Application Logic Reuse. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 255\u2013269."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the Fifth Asia-Pacific Industrial Engineering and Management Systems Conference (APIEMS","author":"Schatz Bradley","year":"2004","unstructured":"Bradley Schatz , George Mohay , and Andrew Clark . 2004 . Rich event representation for computer forensics . In Proceedings of the Fifth Asia-Pacific Industrial Engineering and Management Systems Conference (APIEMS 2004), Vol.\u00a02. 1\u201316. Bradley Schatz, George Mohay, and Andrew Clark. 2004. Rich event representation for computer forensics. In Proceedings of the Fifth Asia-Pacific Industrial Engineering and Management Systems Conference (APIEMS 2004), Vol.\u00a02. 1\u201316."},{"key":"e_1_3_2_1_41_1","unstructured":"Michael\u00a0L. Scott. 2009. The Java Native Interface: Programmer\u2019s Guide and Specification. Morgan Kaufmann.  Michael\u00a0L. Scott. 2009. The Java Native Interface: Programmer\u2019s Guide and Specification. Morgan Kaufmann."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Alberto Magno\u00a0Muniz Soares and Rafael\u00a0Tim\u00f3teo de Sousa\u00a0Jr. 2017. A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART).. In ICISSP. 147\u2013156.  Alberto Magno\u00a0Muniz Soares and Rafael\u00a0Tim\u00f3teo de Sousa\u00a0Jr. 2017. A Technique for Extraction and Analysis of Application Heap Objects within Android Runtime (ART).. In ICISSP. 147\u2013156.","DOI":"10.5220\/0006204101470156"},{"key":"e_1_3_2_1_43_1","unstructured":"Steven Stalinsky and R. Sosnow. 2017. Jihadi Use Of Encrypted Messaging App WhatsApp. https:\/\/www.memri.org\/cjlab\/jihadi-use-of-encrypted-messaging-app-whatsapp [Online; accessed 04-April 2020].  Steven Stalinsky and R. Sosnow. 2017. Jihadi Use Of Encrypted Messaging App WhatsApp. https:\/\/www.memri.org\/cjlab\/jihadi-use-of-encrypted-messaging-app-whatsapp [Online; accessed 04-April 2020]."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53413-7_24"},{"key":"e_1_3_2_1_45_1","volume-title":"The Cetus Compiler Manual","author":"Team Cetus","unstructured":"Cetus Team . 2004-2011. The Cetus Compiler Manual . ParaMount Research Group, Purdue University . Cetus Team. 2004-2011. The Cetus Compiler Manual. ParaMount Research Group, Purdue University."},{"key":"e_1_3_2_1_46_1","unstructured":"VirusShare. 2017. VirusShare.com - Because Sharing is Caring. https:\/\/virusshare.com  VirusShare. 2017. VirusShare.com - Because Sharing is Caring. https:\/\/virusshare.com"},{"key":"e_1_3_2_1_47_1","volume-title":"https:\/\/en.wikipedia.org\/wiki\/Archaeology#cite_note-Society_for_American_Archaeology-1 [Online","year":"2020","unstructured":"Wikipedia. 2020. Archaeology. https:\/\/en.wikipedia.org\/wiki\/Archaeology#cite_note-Society_for_American_Archaeology-1 [Online ; accessed 1- June 2020 ]. Wikipedia. 2020. Archaeology. https:\/\/en.wikipedia.org\/wiki\/Archaeology#cite_note-Society_for_American_Archaeology-1 [Online; accessed 1-June 2020]."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.09.003"},{"key":"e_1_3_2_1_49_1","volume-title":"https:\/\/github.com\/citypw\/lcamtuf-memfetch [Online","author":"Zalewski Michal","year":"2018","unstructured":"Michal Zalewski . 2003. Memfetch. https:\/\/github.com\/citypw\/lcamtuf-memfetch [Online ; accessed 17- March 2018 ]. Michal Zalewski. 2003. Memfetch. https:\/\/github.com\/citypw\/lcamtuf-memfetch [Online; accessed 17-March 2018]."}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","location":"Austin USA","acronym":"ACSAC '20"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427244","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427244","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427244"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":48,"alternative-id":["10.1145\/3427228.3427244","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427244","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}