Analyzing Disk-Minimal Malware in Phishing Attacks: A Forensic Methodology for Modern Cyber Threats

Abstract:

Today’s cyber threat landscape is characterized by advanced methodologies and attacks that inflict monumental damage on educational and financial institutions, healthcare systems, and information infrastructures. Among these threats, phishing remains the most effective initial vector for system compromise. The authors provide comprehensive insights into the evolving threat landscape and introduce an updated definition of fileless malware, referred to as disk-minimal malware. They propose a methodology for forensic examiners to identify and analyze the attack lifecycle of disk-minimal malware delivered through phishing attacks.


AUTHORS

Photo of Patrick Barker

Patrick Barker

Champlain College
Burlington, Vermont, USA

Patrick Barker is a Malware and Hunt Analyst for the Marine Corps Cyberspace Operations Group. He holds an MS in Digital Forensic Science from Champlain College. His current research focuses on defining fileless malware as employed by advanced persistent threat groups. With extensive expertise in malware analysis, reverse engineering, incident response, and digital forensic investigations, Barker has played a key role in mitigating nation-state cyber incidents targeting the United States Marine Corps. He holds multiple industry certifications, including GREM, CySA+, CASP+, and Security+, and regularly instructs internal malware analysis courses. Barker is also an active participant in cybersecurity workshops, where he shares his expertise on evolving malware techniques.

Photo of Douglas A. Orr

Douglas A. Orr

University of North Georgia
Dahlonega, Georgia, USA

Douglas A. Orr is a 30-year law enforcement veteran who has served as a commissioned law enforcement officer in South Carolina, Idaho, and Washington. Dr. Orr specializes in digital forensics, cybercrime, child exploitation, and sexual assault and serves as the Department Head of the Criminal Justice Department at the University of North Georgia. He is EnCE, CCME, and CompTIA Sec+ certified.


Published In

Volume 24, Issue 1

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com