{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,15]],"date-time":"2025-07-15T03:36:56Z","timestamp":1752550616814,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031565823"},{"type":"electronic","value":"9783031565830"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-56583-0_3","type":"book-chapter","created":{"date-parts":[[2024,4,2]],"date-time":"2024-04-02T05:02:23Z","timestamp":1712034143000},"page":"31-53","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Password Managers and Vault Application Security and Forensics: Research Challenges and Future Opportunities"],"prefix":"10.1007","author":[{"given":"Aleck","family":"Nash","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9208-5336","authenticated-orcid":false,"given":"Kim-Kwang Raymond","family":"Choo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,3]]},"reference":[{"key":"3_CR1","doi-asserted-by":"crossref","unstructured":"Alkaldi, N., Renaud, K.: MIGRANT: modeling smartphone password manager adoption using migration theory. ACM SIGMIS Database: DATABASE Adv. Inf. Syst. 53(2), 63\u201395 (2022)","DOI":"10.1145\/3533692.3533698"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"AlMuhanna, A., AlFaadhel, A., Ara, A.: Enhanced system for securing password manager using honey encryption. In: 2022 Fifth International Conference of Women in Data Science at Prince Sultan University (WiDS PSU). IEEE (2022)","DOI":"10.1109\/WiDS-PSU54548.2022.00042"},{"key":"3_CR3","doi-asserted-by":"crossref","unstructured":"Aonzo, S., et al.: Phishing attacks on modern android. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (2018)","DOI":"10.1145\/3243734.3243778"},{"key":"3_CR4","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-642-37437-1_15","volume-title":"I3E 2013","author":"D Apostolopoulos","year":"2013","unstructured":"Apostolopoulos, D., Marinakis, G., Ntantogian, C., Xenakis, C.: Discovering authentication credentials in volatile memory of android mobile devices. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds.) I3E 2013. IFIP Advances in Information and Communication Technology, vol. 399, pp. 178\u2013185. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-37437-1_15"},{"key":"3_CR5","unstructured":"Barten, D.: Client-side attacks on the LastPass browser extension (2019)"},{"key":"3_CR6","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-030-58201-2_18","volume-title":"SEC 2020","author":"M Carr","year":"2020","unstructured":"Carr, M., Shahandashti, S.F.: Revisiting security vulnerabilities in commercial password managers. In: H\u00f6lbl, M., Rannenberg, K., Welzer, T. (eds.) SEC 2020. IFIP Advances in Information and Communication Technology, vol. 580, pp. 265\u2013279. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58201-2_18"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"Chatterjee, R., et al.: Cracking-resistant password vaults using natural language encoders. In: 2015 IEEE Symposium on Security and Privacy. IEEE (2015)","DOI":"10.1109\/SP.2015.36"},{"key":"3_CR8","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1016\/j.cosrev.2019.03.002","volume":"33","author":"S Chaudhary","year":"2019","unstructured":"Chaudhary, S., et al.: Usability, security and trust in password managers: a quest for user-centric properties and features. Comput. Sci. Rev. 33, 69\u201390 (2019)","journal-title":"Comput. Sci. Rev."},{"key":"3_CR9","first-page":"301007","volume":"33","author":"G Dorai","year":"2020","unstructured":"Dorai, G., et al.: Vide-vault app identification and extraction system for iOS devices. Forensic Sci. Int.: Digit. Invest. 33, 301007 (2020)","journal-title":"Forensic Sci. Int.: Digit. Invest."},{"issue":"1","key":"3_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s13673-017-0093-6","volume":"7","author":"M Fagan","year":"2017","unstructured":"Fagan, M., et al.: An investigation into users\u2019 considerations towards using password managers. Hum.-Cent. Comput. Inf. Sci. 7(1), 1\u201320 (2017)","journal-title":"Hum.-Cent. Comput. Inf. Sci."},{"key":"3_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-39884-1_12","volume-title":"FC 2013","author":"S Fahl","year":"2013","unstructured":"Fahl, S., Harbach, M., Oltrogge, M., Muders, T., Smith, M.: Hey, you, get off of my clipboard. In: Sadeghi, A.R. (ed.) FC 2013. Lecture Notes in Computer Science, vol. 7859, pp. 144\u2013161. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39884-1_12"},{"key":"3_CR12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"770","DOI":"10.1007\/978-3-642-33167-1_44","volume-title":"ESORICS 2012","author":"P Gasti","year":"2012","unstructured":"Gasti, P., Rasmussen, K.B.: On the security of password manager database formats. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 770\u2013787. Springer, Berlin, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33167-1_44"},{"issue":"1","key":"3_CR13","first-page":"1","volume":"17","author":"A Gilbert","year":"2022","unstructured":"Gilbert, A., Seigfried-Spellar, K.C., Gilbert, A.K.: Forensic discoverability of iOS vault applications. J. Digit. Forensics Secur. Law 17(1), 1 (2022)","journal-title":"J. Digit. Forensics Secur. Law"},{"key":"3_CR14","unstructured":"Gonzalez, R., Chen, E.Y., Jackson, C.: Automated password extraction attack on modern password managers. arXiv preprint arXiv:1309.1416 (2013)"},{"key":"3_CR15","doi-asserted-by":"crossref","unstructured":"Gray, J., Franqueira, V.N.L., Yu, Y.: Forensically-sound analysis of security risks of using local password managers. In: 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW). IEEE (2016)","DOI":"10.1109\/REW.2016.034"},{"issue":"1","key":"3_CR16","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/s11859-016-1138-9","volume":"21","author":"Y He","year":"2016","unstructured":"He, Y., Wang, R., Shi, W.: Implementation of a TPM-based security enhanced browser password manager. Wuhan Univ. J. Nat. Sci. 21(1), 56\u201362 (2016)","journal-title":"Wuhan Univ. J. Nat. Sci."},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Huaman, N., et al.: They would do better if they worked together: the case of interaction problems between password managers and websites. In: 2021 IEEE Symposium on Security and Privacy (SP). IEEE (2021)","DOI":"10.1109\/SP40001.2021.00094"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Li, Z., et al.: The {Emperor\u2019s} new password manager: security analysis of web-based password managers. In: 23rd USENIX Security Symposium (USENIX Security 2014) (2014)","DOI":"10.21236\/ADA614474"},{"key":"3_CR19","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-319-78813-5_10","volume-title":"SecureComm 2017","author":"Y Li","year":"2018","unstructured":"Li, Y., Wang, H., Sun, K.: Bluepass: a secure hand-free password manager. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 238, pp. 185\u2013205. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-78813-5_10"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Luevanos, C., et al.: Analysis on the security and use of password managers. In: 2017 18th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT). IEEE (2017)","DOI":"10.1109\/PDCAT.2017.00013"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Martini, B., Do, Q., Choo, K.-K.R.: Mobile cloud forensics: an analysis of seven popular Android apps. arXiv preprint arXiv:1506.05533 (2015)","DOI":"10.1016\/B978-0-12-801595-7.00015-X"},{"key":"3_CR22","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1016\/j.cose.2014.01.004","volume":"42","author":"C Ntantogian","year":"2014","unstructured":"Ntantogian, C., et al.: Evaluating the privacy of Android mobile applications under forensic analysis. Comput. Secur. 42, 66\u201376 (2014)","journal-title":"Comput. Secur."},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Oesch, S., et al.: \u201cIt basically started using me\u201d: an observational study of password manager usage. In: CHI Conference on Human Factors in Computing Systems (2022)","DOI":"10.1145\/3491102.3517534"},{"key":"3_CR24","doi-asserted-by":"crossref","unstructured":"Oesch, S., Gautam, A., Ruoti, S.: The emperor\u2019s new autofill framework: a security analysis of autofill on iOS and Android. In: Annual Computer Security Applications Conference (2021)","DOI":"10.1145\/3485832.3485884"},{"key":"3_CR25","unstructured":"Oesch, S., Ruoti, S.: That was then, this is now: a security evaluation of password generation, storage, and autofill in browser-based password managers. In: Proceedings of the 29th USENIX Conference on Security Symposium (2020)"},{"key":"3_CR26","doi-asserted-by":"crossref","unstructured":"Peng, M., et al.: DECADE-deep learning based content-hiding application detection system for Android. In: 2021 IEEE International Conference on Big Data (Big Data). IEEE (2021)","DOI":"10.1109\/BigData52589.2021.9671842"},{"key":"3_CR27","first-page":"103152","volume":"67","author":"P Sabev","year":"2022","unstructured":"Sabev, P., Petrov, M.: Android password managers and vault applications: data storage security issues identification. J. Inf. Secur. Appl. 67, 103152 (2022)","journal-title":"J. Inf. Secur. Appl."},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Sabev, P., Petrov, M.: Android password managers and vault applications: an investigation on data remanence in main memory (2021a)","DOI":"10.1109\/ICAI52893.2021.9639693"},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Ruffin, M., et al.: Casing the vault: security analysis of vault applications. In: Proceedings of the 21st Workshop on Privacy in the Electronic Society (2022)","DOI":"10.1145\/3559613.3563204"},{"key":"3_CR30","doi-asserted-by":"crossref","unstructured":"Sabev, P., Petrov, M.: Android password managers and vault applications: comparative security analysis. In: 2021 International Conference Automatics and Informatics (ICAI). IEEE (2021b)","DOI":"10.1109\/ICAI52893.2021.9639693"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Shirvanian, M., et al.: A hidden-password online password manager. In: Proceedings of the 36th Annual ACM Symposium on Applied Computing (2021)","DOI":"10.1145\/3412841.3442131"},{"key":"3_CR32","unstructured":"Silver, D., et al.: Password managers: attacks and defenses. In: 23rd USENIX Security Symposium (USENIX Security 2014) (2014)"},{"key":"3_CR33","doi-asserted-by":"crossref","unstructured":"Stobert, E., Biddle, R.: A password manager that doesn\u2019t remember passwords. In: Proceedings of the 2014 New Security Paradigms Workshop (2014)","DOI":"10.1145\/2683467.2683471"},{"key":"3_CR34","doi-asserted-by":"crossref","unstructured":"Stock, B., Johns, M.: Protecting users against XSS-based password manager abuse. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications security (2014)","DOI":"10.1145\/2590296.2590336"},{"key":"3_CR35","unstructured":"Walkup, E.: The password problem. No. SAND2016-5208T. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States) (2016)"},{"key":"3_CR36","doi-asserted-by":"crossref","unstructured":"Yu, F., Yin, H.: A security analysis of the authentication mechanism of password managers. In: 2021 IEEE 21st International Conference on Communication Technology (ICCT). IEEE (20210","DOI":"10.1109\/ICCT52962.2021.9657969"},{"key":"3_CR37","doi-asserted-by":"publisher","first-page":"516","DOI":"10.1016\/j.cose.2017.07.011","volume":"70","author":"X Zhang","year":"2017","unstructured":"Zhang, X., Baggili, I., Breitinger, F.: Breaking into the vault: privacy, security and forensic analysis of Android vault applications. Comput. Secur. 70, 516\u2013531 (2017)","journal-title":"Comput. Secur."},{"key":"3_CR38","doi-asserted-by":"crossref","unstructured":"Zhao, R., Yue, C., Sun, K.: A security analysis of two commercial browser and cloud based password managers. In: 2013 International Conference on Social Computing. IEEE (2013)","DOI":"10.1109\/SocialCom.2013.70"},{"key":"3_CR39","doi-asserted-by":"crossref","unstructured":"Zhao, R., Yue, C.: All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design. In: Proceedings of the third ACM Conference on Data and Application Security and Privacy (2013)","DOI":"10.1145\/2435349.2435397"},{"issue":"4","key":"3_CR40","first-page":"1","volume":"1","author":"R Zhao","year":"2013","unstructured":"Zhao, R., Yue, C., Sun, K.: Vulnerability and risk analysis of two commercial browser and cloud based password managers. ASE Sci. J. 1(4), 1\u201315 (2013)","journal-title":"ASE Sci. J."}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-56583-0_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T10:03:30Z","timestamp":1724925810000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-56583-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031565823","9783031565830"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-56583-0_3","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"3 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"105","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"41","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}