{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T09:25:49Z","timestamp":1743067549374,"version":"3.40.3"},"publisher-location":"Cham","reference-count":11,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030859862"},{"type":"electronic","value":"9783030859879"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-85987-9_4","type":"book-chapter","created":{"date-parts":[[2021,8,26]],"date-time":"2021-08-26T20:03:04Z","timestamp":1630008184000},"page":"64-73","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["(Short Paper) Evidence Collection and Preservation System with Virtual Machine Monitoring"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2530-648X","authenticated-orcid":false,"given":"Toru","family":"Nakamura","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hiroshi","family":"Ito","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shinsaku","family":"Kiyomoto","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6226-5715","authenticated-orcid":false,"given":"Toshihiro","family":"Yamauchi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,8,27]]},"reference":[{"key":"4_CR1","unstructured":"Linux Audit. https:\/\/people.redhat.com\/sgrubb\/audit\/. Accessed 02 Dec 2020"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Latzo, T., Freiling, F.: Characterizing the limitations of forensic event reconstruction based on log files. In: Proceedings of 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/13th IEEE International Conference on Big Data Science and Engineering (TrustCom\/BigDataSE), pp. 466\u2013475 (2019)","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00069"},{"key":"4_CR3","unstructured":"Ma, S., Zhai, J., Kwon, Y., et al.: Kernel-supported cost-effective audit logging for causality tracking. In: Proceedings of 2018 USENIX Annual Technical Conference (USENIX ATC 2018), pp. 241\u2013253 (2018)"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Pfoh, J., Schneider, C., Eckert, C.: Nitro: hardware-based system call tracing for virtual machines. In: Proceedings of 6th International conference on Advances in Information and Computer Security, pp. 96\u2013112 (2011)","DOI":"10.1007\/978-3-642-25141-2_7"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Yan, L.K., Jayachandra, M., Zhang, M., Yin, H.: V2E: combining hardware virtualization and softwareemulation for transparent and extensible malware analysis. In: Proceedings of 8th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (VEE 2012), pp. 227\u2013237 (2012)","DOI":"10.1145\/2151024.2151053"},{"key":"4_CR6","doi-asserted-by":"crossref","unstructured":"Hassan, W.U., Noureddine, M.A., Datta, P., Bates, A.: OmegaLog: high-fidelity attack investigation via transparent multi-layer log analysis. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2020), pp. 1\u201316 (2020)","DOI":"10.14722\/ndss.2020.24270"},{"key":"4_CR7","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of Network and Distributed Systems Security Symposium (NDSS 2003) (2003)"},{"key":"4_CR8","unstructured":"Chen, P.M., Noble, B.D.: When virtual is better than real. In: Proceedings of 8th Workshop on Hot Topics in Operating Systems, pp. 133\u2013138 (2001)"},{"issue":"5","key":"4_CR9","doi-asserted-by":"publisher","first-page":"1841","DOI":"10.1007\/s11227-016-1671-5","volume":"72","author":"S Fujii","year":"2016","unstructured":"Fujii, S., Sato, M., Yamauchi, T., Taniguchi, H.: Evaluation and design of function for tracing diffusion of classified information for file operations with KVM. J. Supercomput. 72(5), 1841\u20131861 (2016)","journal-title":"J. Supercomput."},{"key":"4_CR10","unstructured":"Linux Integrity Subsystem. http:\/\/linux-ima.sourceforge.net\/. Accessed 04 Dec 2020"},{"key":"4_CR11","unstructured":"Linux Kernel Crypto API. https:\/\/www.kernel.org\/doc\/html\/v4.15\/crypto\/index.html. Accessed 04 Dec 2020"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-85987-9_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,1]],"date-time":"2021-09-01T00:48:23Z","timestamp":1630457303000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-85987-9_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030859862","9783030859879"],"references-count":11,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-85987-9_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"27 August 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IWSEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwsec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iwsec.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"37","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.9","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5.1","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}