{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T05:47:05Z","timestamp":1725515225612},"publisher-location":"Boston, MA","reference-count":29,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9780387096988"},{"type":"electronic","value":"9780387096995"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-0-387-09699-5_42","type":"book-chapter","created":{"date-parts":[[2008,7,16]],"date-time":"2008-07-16T18:12:54Z","timestamp":1216231974000},"page":"653-667","source":"Crossref","is-referenced-by-count":3,"title":["A Live Digital Forensic system for Windows networks"],"prefix":"10.1007","author":[{"given":"Roberto","family":"Battistoni","sequence":"first","affiliation":[]},{"given":"Alessandro Di","family":"Biagio","sequence":"additional","affiliation":[]},{"given":"Roberto Di","family":"Pietro","sequence":"additional","affiliation":[]},{"given":"Matteo","family":"Formica","sequence":"additional","affiliation":[]},{"given":"Luigi V.","family":"Mancini","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"42_CR1","unstructured":"Abraham, A., Thomas, J.: Distributed intrusion detection systems: A computational intelligence approach. Applications of Information Systems to Homeland Security and Defense (Chapter 5), 105\u2013135 (2005)"},{"issue":"2","key":"42_CR2","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1145\/1113034.1113070","volume":"49","author":"F. Adelstein","year":"2006","unstructured":"Adelstein, F.: Live forensics: Diagnosing your system without killing it first. Communications of the ACM 49(2), 63\u201366 (2006)","journal-title":"Communications of the ACM"},{"issue":"5","key":"42_CR3","first-page":"42","volume":"17","author":"J. Allen","year":"2002","unstructured":"Allen, J., McHugh, J., Christie, A.: Defending yourself: The role of intrusion detection systems. IEEE Software 17(5), 42\u201351 (2002)","journal-title":"IEEE Software"},{"key":"42_CR4","unstructured":"Axelsson, S.: Intrusion detection systems: A taxomomy and survey. Tech. rep. (2000)"},{"key":"42_CR5","unstructured":"Battistoni, R., Di Biagio, A., Di Pietro, R., Formica, M., Mancini, L.V.: The foxp project. SourceForge.net, http:\/\/foxp.sourceforge.net\/"},{"key":"42_CR6","first-page":"352","volume":"3193","author":"R. Battistoni","year":"2004","unstructured":"Battistoni, R., Gabrielli, E., Mancini, L.V.: A host intrusion prevention system for windows operating systems. In: Computer Security ESORICS 2004, vol. 3193, pp. 352\u2013368. LNCS (2004)","journal-title":"In: Computer Security ESORICS 2004"},{"key":"42_CR7","unstructured":"Battistoni, R., Mancini, L.V.: The whips project. SourceForge.net, http:\/\/whips.sourceforge.net\/"},{"key":"42_CR8","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: The remus project. SourceForge.net, http:\/\/remus.sourceforge.net\/"},{"key":"42_CR9","doi-asserted-by":"crossref","unstructured":"Bernaschi, M., Gabrielli, E., Mancini, L.V.: Remus: A security-enhanced operating system. ACM Transactions on Information and System Security pp. 36\u201361 (February 2002)","DOI":"10.1145\/504909.504911"},{"key":"42_CR10","unstructured":"Butler, J., Hoglund, G.: Rootkits: Subverting the Windows Kernel. Addison Wesley Professional (2005)"},{"issue":"2","key":"42_CR11","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1145\/1113034.1113069","volume":"49","author":"B.D. Carrier","year":"2006","unstructured":"Carrier, B.D.: Risks of live digital forensic analysis. Communications of the ACM 49(2), 56\u201361 (2006)","journal-title":"Communications of the ACM"},{"issue":"2","key":"42_CR12","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1145\/1113034.1113068","volume":"49","author":"E. Casey","year":"2006","unstructured":"Casey, E.: Investigating sophisticated security breaches. Communications of the ACM 49(2), 48\u201355 (2006)","journal-title":"Communications of the ACM"},{"key":"42_CR13","unstructured":"Cogswell, R., Russinovich, M.:Windows nt system call hooking. Dr. Dobb\u2019s Journal (January 1997)"},{"key":"42_CR14","doi-asserted-by":"crossref","unstructured":"Di Pietro, R., Durante, A., Mancini, L.: Formal specification for fast automatic ids training. In: Ali Abdallah, Peter Ryan, and Steve Schneider, editors, article from the BCS-FACS International Conference on Formal Aspects of Security 2002, vol. 2629, pp. 191\u2013204. LNCS (Spring 2003)","DOI":"10.1007\/978-3-540-40981-6_16"},{"key":"42_CR15","unstructured":"Di Pietro, R., Mancini, L.V.: A methodology for computer forensic analysis. article of the 3rd Annual IEEE Information Assurance Workshop pp. 41\u201348 (2002)"},{"key":"42_CR16","unstructured":"Di Pietro, R., Me, G., Mochi, M., Strangio, M.A.: An effective methodology to deal with slack space analysis. article of the International Conference on E-Crime and Computer Evidence (ECCE\u201905) (2005)"},{"key":"42_CR17","unstructured":"Forrest, S., Pearlmutter, B.,Warrender, C.: Detecting intrusions using system calls: Alternative data models. In: article of 1999 IEEE Symposium on Security and Privacy, pp. 133\u2013145. IEEE (1999)"},{"key":"42_CR18","unstructured":"Gao, Y., Richard III, G.G., Roussev, V.: Bluepipe: A scalable architecture for on-the-spot digital forensics. International Journal of Digital Evidence 3(1) (2006)"},{"key":"42_CR19","unstructured":"Garfinkel, T.: Traps and pitfalls: Practical problems in system call interposition based based security tools. article of the ISOC Symposium on Network and Distributed System Security Symposium (2003)"},{"key":"42_CR20","unstructured":"Garfinkel, T., Pfaff, B., Rosenblum, M.: Ostia: A delegating architecture for secure system call interposition. Internet Society\u2019s 2003 Symposium on Network and Distributed System Security (2004)"},{"key":"42_CR21","doi-asserted-by":"crossref","unstructured":"Goel, A., chang Feng, W., chi Feng, W., Maier, D., Walpole, J.: Forensix: A robust, highperformance reconstruction system. International Conference on Distributed Computing Systems Security Workshop (SDCS-2005) (1999)","DOI":"10.1109\/ICDCSW.2005.62"},{"key":"42_CR22","unstructured":"Hoglund, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley (2004)"},{"key":"42_CR23","unstructured":"Jones, A.K., Sielken, R.S.: Computer system intrusion detection: A survey. Tech. rep. (1999)"},{"key":"42_CR24","unstructured":"Leigland, R., Krings, A.W.: A formalization of digital forensics. International Journal of Digital Evidence 3(2) (2004)"},{"key":"42_CR25","unstructured":"Provos, N.: Improving host security with system call policies. Tech. rep. (2002)"},{"issue":"2","key":"42_CR26","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1145\/1113034.1113074","volume":"49","author":"G.G. Richard III","year":"2006","unstructured":"Richard III, G.G., Roussev, V.: Next-generation digital forensics. Communications of the ACM 49(2), 76\u201380 (2006)","journal-title":"Communications of the ACM"},{"key":"42_CR27","unstructured":"Ruighaver, A.B., Tan, K.M.C., Thompson, D.: Intrusion detection systems and a view to its forensic applications. Tech. rep. (2000)"},{"key":"42_CR28","unstructured":"Russinovich, M., Solomon, D.: Microsoft Windows Internals. Microsoft Press, 4th edition (2004)"},{"key":"42_CR29","unstructured":"Schreiber, S.: Undocumented Windows 2000 secrets : A programmers cookbook. Addison-Wesley (2001)"}],"container-title":["IFIP \u2013 The International Federation for Information Processing","Proceedings of The Ifip Tc 11 23rd International Information Security Conference"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-09699-5_42.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,19]],"date-time":"2023-05-19T05:54:44Z","timestamp":1684475684000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-09699-5_42"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9780387096988","9780387096995"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-09699-5_42","relation":{},"ISSN":["1571-5736"],"issn-type":[{"type":"print","value":"1571-5736"}],"subject":[]}}