{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T23:09:05Z","timestamp":1743030545019,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030471309"},{"type":"electronic","value":"9783030471316"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-47131-6_4","type":"book-chapter","created":{"date-parts":[[2020,7,25]],"date-time":"2020-07-25T08:03:54Z","timestamp":1595664234000},"page":"51-77","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Forensic Investigation of Ransomware Activities\u2014Part 1"],"prefix":"10.1007","author":[{"given":"Cian","family":"Young","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Robert","family":"McArdle","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nhien-An","family":"Le-Khac","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kim-Kwang Raymond","family":"Choo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,7,26]]},"reference":[{"key":"4_CR1","unstructured":"cert-ist: The Reveton ransomware (2013). Available: \nhttps:\/\/www.cert-ist.com\/public\/en\/SO_detail?code=201301_article\n\n. Last accessed 04 Dec 2019"},{"key":"4_CR2","unstructured":"Symantec: ISTR (2016). Available: \nhttps:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/reports\/istr-21-2016-en.pdf\n\n. Last accessed 01 Dec 2019"},{"key":"4_CR3","unstructured":"Schaefer, E., Le-Khac, N-A., Scanlon M.: Integration of ether unpacker into ragpicker for plugin-based malware analysis and identification. In: 16th European Conference on Cyber Warfare and Security, Dublin, Ireland, June 2017"},{"key":"4_CR4","doi-asserted-by":"publisher","unstructured":"Linke, A., Le-Khac, N-A.: Control flow change in assembly as a classifier in malware analysis. In: 4th IEEE International Symposium on Digital Forensics and Security, Arkansas, USA, April 2016. \nhttps:\/\/doi.org\/10.1109\/ISDFS.2016.7473514","DOI":"10.1109\/ISDFS.2016.7473514"},{"key":"4_CR5","unstructured":"Pilkey, A.: Ransomware likely to continue exponential growth unless governments act, says f-secure labs (2017). Available: \nhttps:\/\/www.f-secure.com\/en_GB\/web\/press_gb\/news\/news-archive\/-\/journal_content\/56\/1075444\/1992103?p_p_auth=TAbI9XWV&refererPlid=1769223\n\n. Last accessed 25 June 2019"},{"key":"4_CR6","unstructured":"Wikipedia: AIDS (Trojan horse) (2006). Available: \nhttps:\/\/en.wikipedia.org\/wiki\/AIDS_(Trojan_horse\n\n). Last accessed 29 May 2019"},{"key":"4_CR7","unstructured":"Young, A., et al.: Cryptovirology: extortion-based security threats and countermeasures (1996). Available: \nhttp:\/\/ieeexplore.ieee.org\/document\/502676\/?reload=true\n\n. Last accessed 22 May 2019"},{"key":"4_CR8","unstructured":"Ducklin, P.: Reveton\/FBI ransomware\u2014exposed, explained and eliminated (2012). Available: \nhttps:\/\/nakedsecurity.sophos.com\/2012\/08\/29\/reveton-ransomware-exposed-explained-and-eliminated\/\n\n. Last accessed 18 Jan 2019"},{"key":"4_CR9","unstructured":"SONICWALL: 2017 annual threat report (2017). SONICWALL, UK. Last accessed 01 May 2019"},{"key":"4_CR10","unstructured":"US Government: How To Protect Your Networks From Ransomware (2017). Available: \nhttps:\/\/www.justice.gov\/criminal-ccips\/file\/872771\/download\n\n. Last accessed 03 Aug 2017"},{"key":"4_CR11","unstructured":"Blake, A.: Cybercriminals rake in $325M from CryptoWall ransomware: report (2015). Available: \nhttp:\/\/www.washingtontimes.com\/news\/2015\/nov\/2\/cybercriminals-rake-in-325m-cryptowall-ransomware\/\n\n. Last accessed 09 Aug 2019"},{"key":"4_CR12","unstructured":"Bursztein, E., McRoberts, K., Invernizzi, L.: Tracking desktop ransomware payments (2017). Available: \nhttps:\/\/www.blackhat.com\/docs\/us-17\/wednesday\/us-17-Invernizzi-Tracking-Ransomware-End-To-End.pdf\n\n. Last accessed 31 July 2019"},{"key":"4_CR13","unstructured":"Schrott, U.: Social engineering and ransomware (2017). Available: \nhttps:\/\/blog.eset.ie\/2017\/07\/28\/social-engineering-and-ransomware\/\n\n. Last accessed 29 July 2019"},{"key":"4_CR14","unstructured":"quttera: From compromised website to ransomware infection (2016). Available: \nhttps:\/\/blog.quttera.com\/post\/from-compromised-website-to-ransomware-infection\/\n\n. Last accessed 17 Jun 2019"},{"key":"4_CR15","unstructured":"Zamora, W.: Malvertising and ransomware: the Bonnie and Clyde of advanced threats (2016). Available: \nhttps:\/\/blog.malwarebytes.com\/101\/2016\/06\/malvertising-and-ransomware-the-bonnie-and-clyde-of-advanced-threats\/\n\n. Last accessed 21 Feb 2019"},{"key":"4_CR16","unstructured":"Ducklin, P.: Destructive malware \u201cCryptoLocker\u201d on the loose\u2014here\u2019s what to do. Available: \nhttps:\/\/nakedsecurity.sophos.com\/2013\/10\/12\/destructive-malware-cryptolocker-on-the-loose\/\n\n. Last accessed 12 Feb 2019"},{"key":"4_CR17","unstructured":"Wikipedia: List of cryptocurrencies (2017). Available: \nhttps:\/\/en.wikipedia.org\/wiki\/List_of_cryptocurrencies\n\n. Last accessed 19 May 2019"},{"key":"4_CR18","unstructured":"Wikipedia: Conficker (2016). Available: \nhttps:\/\/en.wikipedia.org\/wiki\/Conficker\n\n. Last accessed 22 Dec 2019"},{"key":"4_CR19","unstructured":"Microsoft: Microsoft Security Bulletin MS02-039\u2014Critical (2003). Available: \nhttps:\/\/technet.microsoft.com\/library\/security\/ms02-039\n\n. Last accessed 24 Dec 2019"},{"key":"4_CR20","unstructured":"Marvin the Robot: ZCryptor: The conqueror worm (2016). Available: \nhttps:\/\/www.kaspersky.com\/blog\/zcryptor-ransomware\/12268\/\n\n. Last accessed 16 Jan 2019"},{"key":"4_CR21","unstructured":"Symantec Security Response: Samsam may signal a new trend of targeted ransomware (2016). Available: \nhttps:\/\/www.symantec.com\/connect\/blogs\/samsam-may-signal-new-trend-targeted-ransomware\n\n. Last accessed 30 June 2019"},{"key":"4_CR22","unstructured":"Lockheed Martin: The Cyber Kill Chain (2016). Available: \nhttp:\/\/www.lockheedmartin.com\/us\/what-we-do\/aerospace-defense\/cyber\/cyber-kill-chain.html\n\n. Last accessed 29 Jan 2019"},{"key":"4_CR23","unstructured":"Mitre: CVE-2010-0738 (2010). Available: \nhttp:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2010-0738\n\n. Last accessed 10 Aug 2019"},{"key":"4_CR24","unstructured":"Joaomatosf: jexboss (2017). Available: \nhttps:\/\/github.com\/joaomatosf\/jexboss\n\n. Last accessed 13 Apr 2019"},{"key":"4_CR25","unstructured":"Beek, C., Furtak, A.: Targeted ransomware no longer a future threat (2016). Available: \nhttp:\/\/www.intelsecurity.com\/advanced-threat-research\/content\/Analysis_SamSa_Ransomware.pdf\n\n. Last accessed 06 Aug 2019"},{"key":"4_CR26","unstructured":"gentilkiwi: mimikatz (2015). Available: \nhttps:\/\/github.com\/gentilkiwi\/mimikatz\n\n. Last accessed 07 Aug 2019"},{"key":"4_CR27","unstructured":"xd4d: de4dot (2017). Available: \nhttps:\/\/github.com\/0xd4d\/de4dot\n\n. Last accessed 16 May 2019"},{"key":"4_CR28","unstructured":"ILSpy: ILSpy.NET Decompiler (2017). Available: \nhttp:\/\/ilspy.net\/\n\n. Last accessed 17 May 2019"},{"key":"4_CR29","unstructured":"cve.mitre.org: CVE-2017-0146 (2017). Available: \nhttps:\/\/www.cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-0146\n\n. Last accessed 08 July 2019"},{"key":"4_CR30","unstructured":"Microsoft: Microsoft Security Bulletin MS17-010\u2014Critical (2017).Available: \nhttps:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\n\n. Last accessed 04 Aug 2019"},{"key":"4_CR31","unstructured":"Shodan: Port 445 exposed externally (2017). Available: \nhttps:\/\/www.shodan.io\/search?query=port%3A445&language=en\n\n. Last accessed 02 Feb 2019"},{"key":"4_CR32","unstructured":"MSDN: SMB requests (2017). Available: \nhttps:\/\/msdn.microsoft.com\/en-us\/library\/ee441730.aspx\n\n. Last accessed 24 May 2019"},{"key":"4_CR33","unstructured":"Trend Micro: Malware using exploits from shadow brokers leak reportedly in the wild (2017). Available: \nhttps:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/malware-using-exploits-from-shadow-brokers-in-the-wild\n\n. Last accessed 07 Aug 2019"},{"key":"4_CR34","unstructured":"Wikipedia: Epidemiology (2017). Available: \nhttps:\/\/en.wikipedia.org\/wiki\/Epidemiology\n\n. Last accessed 09 Aug 2019"},{"key":"4_CR35","unstructured":"Tuthill, K.: John Snow and the broad street pump (2003). Available: \nhttp:\/\/www.ph.ucla.edu\/epi\/snow\/snowcricketarticle.html\n\n. Last accessed 10 Aug 2017"},{"key":"4_CR36","unstructured":"Mandiant: RPT-M-Trends (2017). Mandiant US 47"},{"key":"4_CR37","unstructured":"BBC: Edward Snowden: leaks that exposed US spy programme. Available: \nhttp:\/\/www.bbc.com\/news\/world-us-canada-23123964\n\n. Last accessed 10 Aug 2017"},{"key":"4_CR38","unstructured":"Chirgwin, R.: Ex-NSA contractor Harold Martin indicted: he spent \u2018up to 20\u00a0years stealing top-secret files\u2019 (2017). Available: \nhttps:\/\/www.theregister.co.uk\/2017\/02\/08\/us_grand_jury_indicts_harold_martin_nsa\/\n\n. Last accessed 10 Aug 2017"},{"key":"4_CR39","doi-asserted-by":"publisher","unstructured":"Goudbeek, A., Choo, K.-K.R., Le-Khac, N.-A.: A Forensic investigation framework for smart home environment. In: 17th IEEE international conference on trust, security and privacy in computing and communications (IEEE TrustCom-18), New York, USA, Aug 2018. \nhttps:\/\/doi.org\/10.1109\/TrustCom\/BigDataSE.2018.00201","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00201"},{"key":"4_CR40","doi-asserted-by":"publisher","unstructured":"Le-Khac, N.-A., Jacobs, D., Nijhoff, J., Bertens, K., Choo, K.-K.R.: Smart vehicle forensics: challenges and case study. Future generation of computer systems. Elsevier, New York, July 2018. \nhttps:\/\/doi.org\/10.1016\/j.future.2018.05.081","DOI":"10.1016\/j.future.2018.05.081"}],"container-title":["Studies in Big Data","Cyber and Digital Forensic Investigations"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-47131-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,25]],"date-time":"2020-07-25T08:15:35Z","timestamp":1595664935000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-47131-6_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030471309","9783030471316"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-47131-6_4","relation":{},"ISSN":["2197-6503","2197-6511"],"issn-type":[{"type":"print","value":"2197-6503"},{"type":"electronic","value":"2197-6511"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"26 July 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}