{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T15:41:37Z","timestamp":1756309297714,"version":"3.37.3"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030054861"},{"type":"electronic","value":"9783030054878"}],"license":[{"start":{"date-parts":[[2018,12,30]],"date-time":"2018-12-30T00:00:00Z","timestamp":1546128000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-05487-8_10","type":"book-chapter","created":{"date-parts":[[2018,12,29]],"date-time":"2018-12-29T13:11:18Z","timestamp":1546089078000},"page":"185-203","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Digital Forensics Event Graph Reconstruction"],"prefix":"10.1007","author":[{"given":"Daniel J.","family":"Schelkoph","sequence":"first","affiliation":[]},{"given":"Gilbert L.","family":"Peterson","sequence":"additional","affiliation":[]},{"given":"James S.","family":"Okolica","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,30]]},"reference":[{"key":"10_CR1","doi-asserted-by":"publisher","unstructured":"Angles, R.: A comparison of current graph database models. In: Proceedings of IEEE 28th International Conference on Data Engineering Workshops, ICDEW 2012, pp. 171\u2013177. IEEE (2012). \nhttps:\/\/doi.org\/10.1109\/ICDEW.2012.31","DOI":"10.1109\/ICDEW.2012.31"},{"key":"10_CR2","unstructured":"Bureau of Labor Statistics: Occupational Outlook Handbook: Forensic Science Technicians (2017). \nhttps:\/\/www.bls.gov\/ooh\/life-physical-and-social-science\/forensic-science-technicians.htm"},{"key":"10_CR3","unstructured":"Bureau of Labor Statistics: Occupational Outlook Handbook: Information Security Analysts (2017). \nhttps:\/\/www.bls.gov\/ooh\/computer-and-information-technology\/information-security-analysts.htm"},{"key":"10_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/C2009-0-63856-3","volume-title":"Windows Registry Forensics","author":"H Carvey","year":"2016","unstructured":"Carvey, H., Hull, D.: Windows Registry Forensics, 2nd edn. Elsevier, Cambridge (2016). \nhttps:\/\/doi.org\/10.1016\/C2009-0-63856-3","edition":"2"},{"issue":"S1","key":"10_CR5","doi-asserted-by":"publisher","first-page":"S102","DOI":"10.1016\/j.diin.2015.01.014","volume":"12","author":"E Casey","year":"2015","unstructured":"Casey, E., Back, G., Barnum, S.: Leveraging CybOX\u2122 to standardize representation and exchange of digital forensic information. Digit. Investig. 12(S1), S102\u2013S110 (2015). \nhttps:\/\/doi.org\/10.1016\/j.diin.2015.01.014","journal-title":"Digit. Investig."},{"key":"10_CR6","doi-asserted-by":"publisher","first-page":"S95","DOI":"10.1016\/j.diin.2014.05.009","volume":"11","author":"Y Chabot","year":"2014","unstructured":"Chabot, Y., Bertaux, A., Nicolle, C., Kechadi, M.T.: A complete formalized knowledge representation model for advanced digital forensics timeline analysis. Digit. Investig. 11, S95\u2013S105 (2014). \nhttps:\/\/doi.org\/10.1016\/j.diin.2014.05.009\n\n. \nhttp:\/\/www.sciencedirect.com\/science\/article\/pii\/S1742287614000528","journal-title":"Digit. Investig."},{"key":"10_CR7","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.diin.2015.07.005","volume":"15","author":"Y Chabot","year":"2015","unstructured":"Chabot, Y., Bertaux, A., Nicolle, C., Kechadi, T.: An ontology-based approach for the reconstruction and analysis of digital incidents timelines. Digit. Investig. 15, 83\u2013100 (2015). \nhttps:\/\/doi.org\/10.1016\/j.diin.2015.07.005","journal-title":"Digit. Investig."},{"key":"10_CR8","unstructured":"Chao, J., Graphista, N.: Graph Databases for Beginners: Native vs. Non-Native Graph Technology (2016). \nhttps:\/\/neo4j.com\/blog\/native-vs-non-native-graph-technology\/"},{"issue":"2","key":"10_CR9","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.diin.2004.03.001","volume":"1","author":"P Gladyshev","year":"2004","unstructured":"Gladyshev, P., Patel, A.: Finite state machine approach to digital event reconstruction. Digit. Investig. 1(2), 130\u2013149 (2004). \nhttps:\/\/doi.org\/10.1016\/j.diin.2004.03.001","journal-title":"Digit. Investig."},{"key":"10_CR10","unstructured":"GraphAware: GraphAware Neo4j TimeTree (2018). \nhttps:\/\/github.com\/graphaware\/neo4j-timetree"},{"key":"10_CR11","unstructured":"Gu$$\\eth $$jonss\u00f3n, K.: Mastering the Super Timeline With log2timeline (2010). \nhttps:\/\/www.sans.org\/reading-room\/whitepapers\/logging\/mastering-super-timeline-log2timeline-33438"},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"S69","DOI":"10.1016\/j.diin.2012.05.006","volume":"9(Suppl.)","author":"C Hargreaves","year":"2012","unstructured":"Hargreaves, C., Patterson, J.: An automated timeline reconstruction approach for digital forensic investigations. Digit. Investig. 9(Suppl.), S69\u2013S79 (2012). \nhttps:\/\/doi.org\/10.1016\/j.diin.2012.05.006","journal-title":"Digit. Investig."},{"key":"10_CR13","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-3-642-11534-9","volume":"31","author":"J James","year":"2010","unstructured":"James, J., Gladyshev, P., Abdullah, M., Zhu, Y.: Analysis of evidence using formal event reconstruction. Digit. Forensics Cyber Crime 31, 85\u201398 (2010). \nhttps:\/\/doi.org\/10.1007\/978-3-642-11534-9","journal-title":"Digit. Forensics Cyber Crime"},{"key":"10_CR14","unstructured":"Khan, M.N., Mnakhansussexacuk, E., Wakeman, I.: Machine Learning for Post-Event Timeline Reconstruction. PGnet (January 2006), 1\u20134 (2006)"},{"key":"10_CR15","first-page":"71","volume":"71","author":"A Marrington","year":"2007","unstructured":"Marrington, A., Mohay, G., Clark, A., Morarji, H.: Event-based computer profiling for the forensic reconstruction of computer activity. AusCERT2007 R&D Stream 71, 71\u201387 (2007). \nhttp:\/\/eprints.qut.edu.au\/15579","journal-title":"AusCERT2007 R&D Stream"},{"key":"10_CR16","unstructured":"Okolica, J.S.: Temporal Event Abstraction and Reconstruction. Ph.D. thesis, AFIT (2017)"},{"key":"10_CR17","volume-title":"Graph Databases","author":"I Robinson","year":"2015","unstructured":"Robinson, I., Webber, J., Eifrem, E.: Graph Databases, 2nd edn. O\u2019Reilly Media Inc., Sebastopol (2015)","edition":"2"},{"key":"10_CR18","doi-asserted-by":"publisher","unstructured":"Rodriguez, M.A., Neubauer, P.: The graph traversal pattern. Computing Re-search Repository, pp. 1\u201318 (2010). \nhttps:\/\/doi.org\/10.4018\/978-1-61350-053-8\n\n, \nhttp:\/\/arxiv.org\/abs\/1004.1001","DOI":"10.4018\/978-1-61350-053-8"},{"key":"10_CR19","unstructured":"Schatz, B., Mohay, G., Clark, A.: Rich Event Representation for Computer Forensics. In: Asia Pacific Industrial Engineering and Management Systems APIEMS 2004, pp. 1\u201316 (2004)"},{"key":"10_CR20","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1016\/j.diin.2015.04.004","volume":"13","author":"B Turnbull","year":"2015","unstructured":"Turnbull, B., Randhawa, S.: Automated event and social network extraction from digital evidence sources with ontological mapping. Digit. Investig. 13, 94\u2013106 (2015). \nhttps:\/\/doi.org\/10.1016\/j.diin.2015.04.004","journal-title":"Digit. Investig."}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-05487-8_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,12,29]],"date-time":"2018-12-29T13:14:13Z","timestamp":1546089253000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-05487-8_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,30]]},"ISBN":["9783030054861","9783030054878"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-05487-8_10","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2018,12,30]]},"assertion":[{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Orleans, LA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 September 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 September 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/d-forensics.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}