{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T04:25:17Z","timestamp":1754195117049,"version":"3.40.4"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031710247"},{"type":"electronic","value":"9783031710254"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-71025-4_12","type":"book-chapter","created":{"date-parts":[[2025,1,6]],"date-time":"2025-01-06T07:45:39Z","timestamp":1736149539000},"page":"225-246","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Generating Usable and Assessable Datasets Containing Anti-Forensic Traces at the Filesystem Level"],"prefix":"10.1007","author":[{"given":"Thomas","family":"G\u00f6bel","sequence":"first","affiliation":[]},{"given":"Harald","family":"Baier","sequence":"additional","affiliation":[]},{"given":"Jan","family":"T\u00fcrr","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,7]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"G. Abduhalil, M. Obid and Y. Rakhmatulla, Algorithm for steganographic hiding of information using a filesystem, Proceedings of the International Conference on Information Science and Communications Technologies, 2021.","DOI":"10.1109\/ICISCT52966.2021.9670055"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"S. Abt and H. Baier, Are we missing labels? A study of the availability of ground truth in network security research, Proceedings of the Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 40\u201355, 2014.","DOI":"10.1109\/BADGERS.2014.11"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"H. Berghel, D. Hoelzer and M. Sthultz, Data hiding tactics for Windows and Unix filesystems, Advances in Computers, vol. 74, pp. 1\u201317, 2008.","DOI":"10.1016\/S0065-2458(08)00601-3"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"W. Bhat and M. Wani, Forensic analysis of the B-tree filesystem (Btrfs), Digital Investigation, vol. 27, pp. 57\u201370, 2018.","DOI":"10.1016\/j.diin.2018.09.001"},{"key":"12_CR5","unstructured":"Btrfs Contributors, Wikipedia: The Free Encyclopedia (en.wikipedia.org\/wiki\/Btrfs), 2024."},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"A. Ceballos Delgado, W. Glisson, G. Grispos and K. Choo, FADE: A forensic image generator for Android device education, Wiley Interdisciplinary Reviews: Forensic Science, vol. 4(2), article no. e1432, 2022.","DOI":"10.1002\/wfs2.1432"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"K. Conlan, I. Baggili and F. Breitinger, Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy, Digital Investigation, vol. 18(S), pp. S66\u2013S75, 2016.","DOI":"10.1016\/j.diin.2016.04.006"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"X. Du, C. Hargreaves, J. Sheppard and M. Scanlon, TraceGen: User activity emulation for digital forensic test image generation, Digital Investigation, vol. 38(S), article no. 301133, 2021.","DOI":"10.1016\/j.fsidi.2021.301133"},{"key":"12_CR9","unstructured":"K. Eckstein and M. Jahnke, Data hiding in journaling filesystems, presented at the Digital Forensic Research Workshop, 2005."},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"D. Forte, Dealing with forensic software vulnerabilities: Is anti-forensics a real danger? Network Security, vol. 2008(12), pp. 18\u201320, 2008.","DOI":"10.1016\/S1353-4858(08)70143-0"},{"key":"12_CR11","unstructured":"A. Gehrke, Forensic Analysis of Timestamps in Selected Filesystems (in German), Bachelor of Engineering Thesis, IT Forensics, Hochschule Wismar, University of Applied Sciences: Technology, Business and Design, Wismar, Germany (it-forensik.fiw.hs-wismar.de\/images\/9\/95\/BT_AGehrke.pdf), 2020."},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"T. G\u00f6bel and H. Baier, Anti-forensics in ext4: On secrecy and usability of timestamp-based data hiding, Digital Investigation, vol. 24(S), pp. S111\u2013S120, 2018.","DOI":"10.1016\/j.diin.2018.01.014"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"T. G\u00f6bel and H. Baier, fishy \u2013 A framework for implementing filesystem-based data hiding techniques, in Digital Forensics and Cyber Crime, F. Breitinger and I. Baggili (Eds.), Springer, Cham, Switzerland, pp. 23\u201342, 2019.","DOI":"10.1007\/978-3-030-05487-8_2"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"T. G\u00f6bel, H. Baier and F. Breitinger, Data for digital forensics: Why a discussion on \u201chow realistic is synthetic data\u201d is dispensable, Digital Threats: Research and Practice, vol. 4(3), article no. 38, 2023.","DOI":"10.1145\/3609863"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"T. G\u00f6bel, S. Maltan, J. T\u00fcrr, H. Baier and F. Mann, ForTrace \u2013 A holistic forensic dataset synthesis framework, Forensic Science International: Digital Investigation, vol. 40(S), article no. 301344, 2022.","DOI":"10.1016\/j.fsidi.2022.301344"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"T. G\u00f6bel, T. Sch\u00e4fer, J. Hachenberger, J. T\u00fcrr and H. Baier, A novel approach for generating synthetic datasets for digital forensics, in Advances in Digital Forensics XVI, G. Peterson and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 73\u201393, 2020.","DOI":"10.1007\/978-3-030-56223-6_5"},{"key":"12_CR17","doi-asserted-by":"crossref","unstructured":"C. Grajeda, F. Breitinger and I. Baggili, Availability of datasets for digital forensics \u2013 And what is missing, Digital Investigation, vol. 22(S), pp. S94\u2013S105, 2017.","DOI":"10.1016\/j.diin.2017.06.004"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"R. Harris, Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem, Digital Investigation, vol 3(S), S44\u2013S49, 2006.","DOI":"10.1016\/j.diin.2006.06.005"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"J. Heeger, Y. Yannikos and M. Steinebach, Exhide: Hiding data within the exFAT filesystem, Proceedings of the Sixteenth International Conference on Availability, Reliability and Security, article no. 77, 2021.","DOI":"10.1145\/3465481.3470117"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"J. Hilgert, M. Lambertz and S. Yang, Forensic analysis of multiple device Btrfs configurations using The Sleuth Kit, Digital Investigation, vol. 26(S), pp. S21\u2013S29, 2018.","DOI":"10.1016\/j.diin.2018.04.020"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"E. Huebner, D. Bem and C. Wee, Data hiding in the NTFS filesystem, Digital Investigation, vol. 3(4), pp. 211\u2013226, 2006.","DOI":"10.1016\/j.diin.2006.10.005"},{"key":"12_CR22","unstructured":"M. Joye, On white-box cryptography, in Security of Information and Networks, A. Elci, S. Ors and B. Preneel (Eds.), Trafford Publishing, Victoria, Canada, pp. 7\u201312, 2008."},{"key":"12_CR23","unstructured":"A. Juch, Btrfs Filesystem Forensics, Master\u2019s Thesis, Software Engineering\/Internet Program, Faculty of Informatics, Vienna University of Technology, Vienna, Austria, 2014."},{"key":"12_CR24","unstructured":"A. Kailus, C. Hecht and T. G\u00f6bel, fishy \u2013 A framework for implementing hiding techniques in filesystems, Proceedings of the D-A-CH Security Conference, 2018."},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"X. Lin, Introductory Computer Forensics: A Hands-On Practical Approach, Springer, Cham, Switzerland, 2018.","DOI":"10.1007\/978-3-030-00581-8"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"A. McDonald and M. Kuhn, StegFS: A steganographic filesystem for Linux, Proceedings of the Third International Workshop on Information Hiding, pp. 463\u2013477, 1999.","DOI":"10.1007\/10719724_32"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"C. Moch and F. Freiling, The Forensic Image Generator Generator (Forensig$$^2$$), Proceedings of the Fifth International Conference on IT Security Incident Management and IT Forensics, pp. 78\u201393, 2009.","DOI":"10.1109\/IMF.2009.8"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"C. Moch and F. Freiling, Evaluating the Forensic Image Generator Generator, Proceedings of the International Conference on Digital Forensics and Cyber Crime, pp. 238\u2013252, 2011.","DOI":"10.1007\/978-3-642-35515-8_20"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"S. Neuner, A. Voyiatzis, M. Schmiedecker, S. Brunthaler, S. Katzenbeisser and E. Weippl, Time is on my side: Steganography in filesystem metadata, Digital Investigation, vol. 18(S), pp. S76\u2013S86, 2016.","DOI":"10.1016\/j.diin.2016.04.010"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"J. Park, TREDE and VMPOP: Cultivating multi-purpose datasets for digital forensics \u2013 A windows registry corpus as an example, Digital Investigation, vol. 26, pp. 3\u201318, 2018.","DOI":"10.1016\/j.diin.2018.04.025"},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"A. Qadir and A. Varol, The role of machine learning in digital forensics, Proceedings of the Eighth International Symposium on Digital Forensics and Security, 2020.","DOI":"10.1109\/ISDFS49300.2020.9116298"},{"key":"12_CR32","doi-asserted-by":"crossref","unstructured":"O. Rodeh, J. Bacik and C. Mason, BTRFS: The Linux B-tree filesystem, ACM Transactions on Storage, vol. 9(3), article no. 9, 2013.","DOI":"10.1145\/2501620.2501623"},{"key":"12_CR33","unstructured":"M. Rogers and M. Lockheed, Anti-Forensics, Center for Education and Research in Information Assurance and Security, Department of Information and Computer Technology, Purdue University, West Lafayette, Indiana, 2005."},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"M. Scanlon, X. Du and D. Lillis, EviPlant: An efficient digital forensics challenge creation, manipulation and distribution solution, Digital Investigation, vol. 20(S), pp. S29\u2013S36, 2017.","DOI":"10.1016\/j.diin.2017.01.010"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"J. Schneider, M. Eichhorn and F. Freiling, Ambiguous filesystem partitions, Forensic Science International: Digital Investigation, vol. 42(S), article no. 301399, 2022.","DOI":"10.1016\/j.fsidi.2022.301399"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"H. Visti, S. Tohill and P. Douglas, Automatic creation of computer forensic test images, in Computational Forensics, U. Garain and F. Shafait (Eds.), Springer, Cham, Switzerland, pp. 163\u2013175, 2015.","DOI":"10.1007\/978-3-319-20125-2_14"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"M. Wani, A. AlZahrani and W. Bhat, Filesystem anti-forensics \u2013 Types, techniques and tools, Computer Fraud and Security, vol. 2020(3), pp. 14\u201319, 2020.","DOI":"10.1016\/S1361-3723(20)30030-0"},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"M. Wani, W. Bhat and A. Dehghantanha, An analysis of anti-forensic capabilities of the B-tree filesystem (Btrfs), Australian Journal of Forensic Sciences, vol. 52(4), pp. 371\u2013386, 2020.","DOI":"10.1080\/00450618.2018.1533038"},{"key":"12_CR39","unstructured":"K. Woods, C. Lee, S. Garfinkel, D. Dittrich, A. Russell and K. Kearton, Creating realistic corpora for security and forensic education, Proceedings of the Sixth Annual Conference on Digital Forensics, Security and Law, 2011."},{"key":"12_CR40","unstructured":"U. Wurst, Use of Cryptographic Methods on Highly Resource-Limited Devices (in German), Ph.D. Thesis, Faculty of Computer Science, University of Stuttgart, Stuttgart, Germany (d-nb.info\/1042941734\/34), 2003."},{"key":"12_CR41","doi-asserted-by":"crossref","unstructured":"B. Wyseur, W. Michiels, P. Gorissen and B. Preneel, Cryptanalysis of white-box DES implementations with arbitrary external encodings, Proceedings of the Fourteenth International Workshop on Selected Areas in Cryptography, pp. 264\u2013277, 2007.","DOI":"10.1007\/978-3-540-77360-3_17"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XX"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-71025-4_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T11:14:58Z","timestamp":1745320498000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-71025-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031710247","9783031710254"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-71025-4_12","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"7 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Delhi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 January 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 January 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}