{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T20:26:56Z","timestamp":1757622416451,"version":"3.44.0"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032006370"},{"type":"electronic","value":"9783032006356"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-00635-6_2","type":"book-chapter","created":{"date-parts":[[2025,8,8]],"date-time":"2025-08-08T13:36:16Z","timestamp":1754660176000},"page":"23-41","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Reconstructing File Versions and\u00a0Timestamps: Challenges and\u00a0Guidelines in\u00a0Network Forensics"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-6058-3207","authenticated-orcid":false,"given":"Axel","family":"Mahr","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5308-5712","authenticated-orcid":false,"given":"Jan-Niclas","family":"Hilgert","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0007-1156-5807","authenticated-orcid":false,"given":"Martin","family":"Lambertz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,9]]},"reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Asim, M., McKinnel, D.R., Dehghantanha, A., Parizi, R.M., Hammoudeh, M., Epiphaniou, G.: Big data forensics: Hadoop distributed file systems as a case study. In: Handbook of Big Data and IoT Security, pp. 179\u2013210 (2019)","DOI":"10.1007\/978-3-030-10543-3_8"},{"key":"2_CR2","first-page":"301755","volume":"49","author":"LM Dreier","year":"2024","unstructured":"Dreier, L.M., Vanini, C., Hargreaves, C.J., Breitinger, F., Freiling, F.: Beyond timestamps: integrating implicit timing information into digital forensic timelines. Forensic Sci. Int. Digit. Invest. 49, 301755 (2024)","journal-title":"Forensic Sci. Int. Digit. Invest."},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Hansen, R.A., et al.: File toolkit for selective analysis & reconstruction (filetsar) for large-scale networks. In: 2018 IEEE International Conference on Big Data (Big Data), pp. 3059\u20133065. IEEE (2018)","DOI":"10.1109\/BigData.2018.8621914"},{"key":"2_CR4","first-page":"301678","volume":"48","author":"JN Hilgert","year":"2024","unstructured":"Hilgert, J.N., Lambertz, M., Baier, D.: Forensic implications of stacked file systems. Forensic Sci. Int. Digit. Invest. 48, 301678 (2024)","journal-title":"Forensic Sci. Int. Digit. Invest."},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Hilgert, J.N., Mahr, A., Lambertz, M.: Mount smb.pcap: reconstructing file systems and file operations from network traffic. Forensic Sci. Int. Digit. Invest. 50, 301807 (2024)","DOI":"10.1016\/j.fsidi.2024.301807"},{"issue":"4","key":"2_CR6","doi-asserted-by":"publisher","first-page":"2037","DOI":"10.1109\/COMST.2014.2321898","volume":"16","author":"R Hofstede","year":"2014","unstructured":"Hofstede, R., \u010celeda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., Pras, A.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Commun. Surv. Tutorials 16(4), 2037\u20132064 (2014)","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. Technical Report, NIST SP 800-86, National Institute of Standards and Technology (2006)","DOI":"10.6028\/NIST.SP.800-86"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Lee, P.T., Yang, B.: Indexing architecture for file extraction from network traffic. In: Proceedings of the 6th Annual Conference on Research in Information Technology, pp. 17\u201321 (2017)","DOI":"10.1145\/3125649.3125655"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Liberatore, M., Erdely, R., Kerle, T., Levine, B.N., Shields, C.: Forensic investigation of peer-to-peer file sharing networks. Digit. Invest. 7, S95\u2013S103 (2010)","DOI":"10.1016\/j.diin.2010.05.012"},{"key":"2_CR10","unstructured":"National Security Agency: Network infrastructure security guide. Technical Report, National Security Agency (2023)"},{"key":"2_CR11","first-page":"301019","volume":"35","author":"J Pluskal","year":"2020","unstructured":"Pluskal, J., Breitinger, F., Ry\u0161av\u1ef3, O.: Netfox detective: a novel open-source network forensics analysis tool. Forensic Sci. Int. Digit. Invest. 35, 301019 (2020)","journal-title":"Forensic Sci. Int. Digit. Invest."},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Schatz, B., Mohay, G., Clark, A.: A correlation method for establishing provenance of timestamps in digital evidence. Digit. Invest. 3, 98\u2013107 (2006)","DOI":"10.1016\/j.diin.2006.06.009"},{"key":"2_CR13","first-page":"200892","volume":"32","author":"LF Sikos","year":"2020","unstructured":"Sikos, L.F.: Packet analysis for network forensics: a comprehensive survey. Forensic Sci. Int. Digit. Invest. 32, 200892 (2020)","journal-title":"Forensic Sci. Int. Digit. Invest."},{"issue":"3","key":"2_CR14","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1016\/j.diin.2004.07.003","volume":"1","author":"MW Stevens","year":"2004","unstructured":"Stevens, M.W.: Unification of relative time frames for digital forensics. Digit. Investig. 1(3), 225\u2013239 (2004)","journal-title":"Digit. Investig."},{"key":"2_CR15","first-page":"301759","volume":"49","author":"C Vanini","year":"2024","unstructured":"Vanini, C., Hargreaves, C.J., van Beek, H., Breitinger, F.: Was the clock correct? exploring timestamp interpretation through time anchors for digital forensic event reconstruction. Forensic Sci. Int. Digit. Invest. 49, 301759 (2024)","journal-title":"Forensic Sci. Int. Digit. Invest."},{"key":"2_CR16","unstructured":"Weil, M.C.: Dynamic time & date stamp analysis. Int. J. Digit. Evidence 1(2) (2002)"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-00635-6_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T19:42:12Z","timestamp":1757360532000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-00635-6_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032006370","9783032006356"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-00635-6_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"9 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ghent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Belgium","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ares-12025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2025.ares-conference.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}