{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T13:27:52Z","timestamp":1726406872582},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540360148"},{"type":"electronic","value":"9783540360179"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11790754_9","type":"book-chapter","created":{"date-parts":[[2006,11,27]],"date-time":"2006-11-27T13:02:37Z","timestamp":1164632557000},"page":"144-163","source":"Crossref","is-referenced-by-count":12,"title":["Digital Forensic Reconstruction and the Virtual Security Testbed ViSe"],"prefix":"10.1007","author":[{"given":"Andr\u00e9","family":"\u00c5rnes","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul","family":"Haas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Richard A.","family":"Kemmerer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"9_CR1","unstructured":"Richmond, M.: ViSe: A virtual security testbed. Master\u2019s thesis, University of California, Santa Barbara (2005)"},{"key":"9_CR2","unstructured":"Guidance Software, Inc.: Encase (2006), http:\/\/www.encase.com"},{"key":"9_CR3","unstructured":"Spencer, E.: ILook investigator toolsets (2006), http:\/\/www.ilook-forensics.org"},{"key":"9_CR4","unstructured":"Carrier, B.: The Sleuth Kit and Autopsy (2006), http:\/\/www.sleuthkit.org"},{"key":"9_CR5","unstructured":"Chisum, W.J., Turvey, B.E.: Evidence dynamics: Locard\u2019s exchange principle & crime reconstruction. Journal of Behavioral Profiling\u00a01(1) (2000)"},{"key":"9_CR6","unstructured":"O\u2019Connor, T.: Introduction to crime reconstruction. Lecture Notes for Criminal Investigation, North Carolina Wesleyan College (2004)"},{"key":"9_CR7","doi-asserted-by":"publisher","DOI":"10.1002\/0470011238","volume-title":"Statistics and the Evaluation of Evidence for Forensic Scientists","author":"C. Aitken","year":"2004","unstructured":"Aitken, C., Taroni, F.: Statistics and the Evaluation of Evidence for Forensic Scientists. Wiley, Chichester (2004)"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Carrier, B.D., Spafford, E.H.: Defining event reconstruction of digital crime scenes. Journal of Forensic Sciences\u00a049 (2004)","DOI":"10.1520\/JFS2004127"},{"key":"9_CR9","unstructured":"Carrier, B.: An event-based digital forensic investigation framework. In: Digital Forensic Research Workshop (2004)"},{"key":"9_CR10","unstructured":"Stephenson, P.: Formal modeling of post-incident root cause analysis. International Journal of Digital Evidence\u00a02 (2003)"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Gladyshev, P., Patel, A.: Finite state machine approach to digital event reconstruction. Digital Investigation\u00a01 (2004)","DOI":"10.1016\/S1742-2876(04)00027-1"},{"key":"9_CR12","unstructured":"Baca, E.: Using linux VMware and SMART to create a virtual computer to recreate a suspect\u2019s computer (2003), http:\/\/www.linux-forensics.com"},{"key":"9_CR13","unstructured":"Provos, N.: The honeyd virtual honeypot (2005), http:\/\/www.honeyd.org"},{"key":"9_CR14","unstructured":"Honeynet Project: Know your enemy: Learning with VMware \u2013 building virtual honeynets using VMware (2003), http:\/\/www.honeynet.org"},{"key":"9_CR15","unstructured":"Seifried, K.: Honeypotting with VMware (2002), http:\/\/www.seifried.org"},{"key":"9_CR16","doi-asserted-by":"crossref","unstructured":"Rossey, L., Cunningham, R., Fried, D., Rabek, J., Lippman, R., Haines, J., Zissman, M.: LARIAT: lincoln adaptable real-time information assurance testbed. 2002 IEEE Aerospace Conference Proceedings (2002)","DOI":"10.1109\/AERO.2002.1036158"},{"key":"9_CR17","unstructured":"Haines, J., Goulet, S., Durst, R., Champion, T.: Llsim: Network simulation for correlation and response testing. In: IEEE Workshop on Information Assurance, West Point, NY (2003)"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An integrated experimental environment for distributed systems and networks. In: Fifth Symposium on Operating Systems Design and Implementation, Boston, MA, USENIX Association, pp. 255\u2013260 (2002)","DOI":"10.1145\/1060289.1060313"},{"key":"9_CR19","unstructured":"The DETER project: The DETER Testbed: Overview (2004), www.isi.edu\/deter"},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11663812_1","volume-title":"Recent Advances in Intrusion Detection","author":"X. Jiang","year":"2006","unstructured":"Jiang, X., Xu, D., Wang, H.J., Spafford, E.H.: Virtual playgrounds for worm behavior investigation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 1\u201321. Springer, Heidelberg (2006)"},{"key":"9_CR21","unstructured":"Dike, J.: User mode linux (2005), http:\/\/user-mode-linux.sourceforge.net"},{"key":"9_CR22","unstructured":"Vada, H.: Rekonstruksjon av angrep mot IKT-systemer (reconstruction of attacks on ICT systems). Master\u2019s thesis, Norwegian University of Science and Technology, Trondheim, Norway (2004)"},{"key":"9_CR23","unstructured":"VMware: VMware 5.0 manual (2005), http:\/\/www.vmware.com"},{"key":"9_CR24","unstructured":"University of Cambridge Computer Laboratory: The Xen virtual machine monitor (2005), http:\/\/www.cl.cam.ac.uk\/"},{"key":"9_CR25","unstructured":"Microsoft: Microsoft Virtual PC (2004), http:\/\/www.microsoft.com"},{"key":"9_CR26","unstructured":"The Open Web Application Security Project: The ten most critical web application security vulnerabilities. Technical report, OWASP (2004)"},{"key":"9_CR27","unstructured":"Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004\/199 (2004)"},{"key":"9_CR28","series-title":"Lecture Notes in Computer Science","first-page":"17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 17\u201336. Springer, Heidelberg (2005)"},{"key":"9_CR29","unstructured":"Honeynet Project: Detecting VMware (2005), http:\/\/www.honeynet.org"},{"key":"9_CR30","unstructured":"Shelton, T.: VMware Flaw in NAT Function Lets Remote Users Execute Arbitrary Code (2005), http:\/\/securitytracker.com"},{"key":"9_CR31","unstructured":"Cuff, A.: Talisker Anti Forensic Tools (2004), http:\/\/www.networkintrusion.co.uk"},{"key":"9_CR32","unstructured":"PHPBB Viewtopic.PHP remote code execution vulnerability, Bugtraq ID 14086 (2005), ronvdaalzarathustra.linux666.com"},{"key":"9_CR33","unstructured":"aXiS: IWConfig Local ARGV command line buffer overflow vulnerability, Bugtraq ID 8901 (2003)"},{"key":"9_CR34","unstructured":"Vozeler, M.: CDRTools RSH environment variable privilege escalation vulnerability, Bugtraq ID 11075 (2004)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware & Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11790754_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T07:23:16Z","timestamp":1619508196000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11790754_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540360148","9783540360179"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/11790754_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}