Abstract: Live Memory Forensics deals with acquiring and analyzing the volatile memory artefacts to uncover the trace of in-memory malware or fileless malware. Traditional forensics methods operate in a centralized manner leading to a multitude of challenges and severely limiting the possibilities of accurate and timely analysis. In this work, we propose a decentralized approach for conducting live memory forensics across different devices. The proposed federated learning-based live memory forensics model uses FedAvg algorithm in order to make a lightweight, incremental approach to conduct live memory forensics. The study demonstrates the performance of federated learning algorithms in anomaly detection, achieving a maximum accuracy of 92.5% with Clustered Federated Learning (CFL) while maintaining a convergence time of approximately 35 communication rounds. Key features such as CPU usage and network activity contributed over 85% to the detection accuracy, emphasizing their importance in the predictive process.

Sarishma Dangi, Kamal Ghanshala and Sachin Sharma, “LIFT: Lightweight Incremental and Federated Techniques for Live Memory Forensics and Proactive Malware Detection” International Journal of Advanced Computer Science and Applications(IJACSA), 16(4), 2025. http://dx.doi.org/10.14569/IJACSA.2025.0160445

@article{Dangi2025,
title = {LIFT: Lightweight Incremental and Federated Techniques for Live Memory Forensics and Proactive Malware Detection},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2025.0160445},
url = {http://dx.doi.org/10.14569/IJACSA.2025.0160445},
year = {2025},
publisher = {The Science and Information Organization},
volume = {16},
number = {4},
author = {Sarishma Dangi and Kamal Ghanshala and Sachin Sharma}
}