{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T21:20:33Z","timestamp":1742937633035,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319672076"},{"type":"electronic","value":"9783319672083"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-67208-3_9","type":"book-chapter","created":{"date-parts":[[2017,8,30]],"date-time":"2017-08-30T12:21:00Z","timestamp":1504095660000},"page":"149-167","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Insider Threat Detection Using Time-Series-Based Raw Disk Forensic Analysis"],"prefix":"10.1007","author":[{"given":"Nicole","family":"Beebe","sequence":"first","affiliation":[]},{"given":"Lishu","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Zi","family":"Ye","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,31]]},"reference":[{"key":"9_CR1","unstructured":"Band, S., Cappelli, D., Fischer, L., Moore, A., Shaw, E., Trzeciak, R.: Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis, Technical Report CMU\/SEI-2006-TR-026, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania (2006)"},{"key":"9_CR2","volume-title":"Outliers in Statistical Data","author":"V Barnett","year":"1994","unstructured":"Barnett, V., Lewis, T.: Outliers in Statistical Data. John Wiley and Sons, New York (1994)"},{"issue":"4","key":"9_CR3","doi-asserted-by":"publisher","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","volume":"39","author":"S Boss","year":"2015","unstructured":"Boss, S., Galletta, D., Lowry, P., Moody, G., Polak, P.: What do users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. Management Information Systems Quarterly 39(4), 837\u2013864 (2015)","journal-title":"Management Information Systems Quarterly"},{"issue":"1","key":"9_CR4","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s10796-010-9268-7","volume":"15","author":"H Chivers","year":"2013","unstructured":"Chivers, H., Clark, J., Nobles, P., Shaikh, S., Chen, H.: Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise. Information Systems Frontiers 15(1), 17\u201334 (2013)","journal-title":"Information Systems Frontiers"},{"key":"9_CR5","unstructured":"Costa, D., Collins, M., Perl, S., Albrethsen, M., Silowash, G., Spooner, D.: An ontology for insider threat indicators: development and application. In: Proceedings of the Ninth Conference on Semantic Technology for Intelligence, Defense and Security, pp. 48\u201353 (2014)"},{"key":"9_CR6","unstructured":"Dishneau, D.: Army general upholds Chelsea Manning\u2019s conviction, 35-year sentence in WikiLeaks case, U.S. News and World Report, April 14, 2014"},{"issue":"1","key":"9_CR7","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/s10796-010-9265-x","volume":"15","author":"F Farahmand","year":"2013","unstructured":"Farahmand, F., Spafford, E.: Understanding insiders: An analysis of risk-taking behavior. Information Systems Frontiers 15(1), 5\u201315 (2013)","journal-title":"Information Systems Frontiers"},{"key":"9_CR8","unstructured":"Gallu, J.: Snowden used \u201cweb crawler\u201d to scrape NSA: New York Times, Bloomberg Technology, February 9, 2014"},{"key":"9_CR9","unstructured":"Garfinkel, S.: M57-Patents Scenario, Digital Corpora (2017). digitalcorpora.org\/corpora\/scenarios\/m57-patents-scenario"},{"issue":"S","key":"9_CR10","doi-asserted-by":"publisher","first-page":"S2","DOI":"10.1016\/j.diin.2009.06.016","volume":"6","author":"S Garfinkel","year":"2009","unstructured":"Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digital Investigation 6(S), S2\u2013S11 (2009)","journal-title":"Digital Investigation"},{"issue":"2","key":"9_CR11","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","volume":"28","author":"K Guo","year":"2011","unstructured":"Guo, K., Yuan, Y., Archer, N., Connelly, C.: Understanding non-malicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems 28(2), 203\u2013236 (2011)","journal-title":"Journal of Management Information Systems"},{"key":"9_CR12","doi-asserted-by":"crossref","unstructured":"Hanley, M., Montelibano, J.: Insider Threat Control: Using Centralized Logging to Detect Data Exfiltration Near Insider Termination, Technical Note CMU\/SEI-2011-TN-024, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania (2011)","DOI":"10.21236\/ADA610463"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Herbig, K., Wiskoff, M.: Espionage Against the United States by American Citizens 1947\u20132001, Technical Report 02\u20135. Defense Personnel Security Research Center, Monterey, California (2002)","DOI":"10.21236\/ADA411004"},{"key":"9_CR14","doi-asserted-by":"publisher","DOI":"10.1002\/9780470434697","volume-title":"Robust Statistics","author":"P Huber","year":"2009","unstructured":"Huber, P., Ronchetti, E.: Robust Statistics. John Wiley and Sons, Hoboken (2009)"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Kramer, L., Heuer, R., Crawford, K.: Technological, Social and Economic Trends that are Increasing U.S. Vulnerability to Insider Espionage, Technical Report 05\u201310, Defense Personnel Security Research Center, Monterey, California (2005)","DOI":"10.21236\/ADA433793"},{"key":"9_CR16","unstructured":"Maasberg, M.: Insider espionage: recognizing ritualistic behavior by abstracting technical indicators from past cases. In: Proceedings of the Twentieth Americas Conference on Information Systems (2014)"},{"key":"9_CR17","unstructured":"Mandiant, M-Trends 2015: A View from the Front Line, Threat Report, Alexandria, Virginia (2014)"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"Moore, A., McIntire, D., Mundie, D., Zubrow, D.: The justification of a pattern for detecting intellectual property theft by departing insiders. In: Proceedings of the Nineteenth Conference on Pattern Languages of Programs, article no. 8 (2012)","DOI":"10.21236\/ADA585504"},{"key":"9_CR19","unstructured":"Ponemon Institute, 2015 Cost of Data Breach Study: Global Analysis, Ponemon Institute Research Report, Traverse City, Michigan (2015)"},{"key":"9_CR20","volume-title":"Robust Regression and Outlier Detection","author":"P Rousseeuw","year":"2003","unstructured":"Rousseeuw, P., Leroy, A.: Robust Regression and Outlier Detection. John Wiley and Sons, Hoboken (2003)"},{"issue":"1","key":"9_CR21","first-page":"307","volume":"9","author":"K Singh","year":"2012","unstructured":"Singh, K., Upadhyaya, S.: Outlier detection: Applications and techniques. International Journal of Computer Science Issues 9(1), 307\u2013323 (2012)","journal-title":"International Journal of Computer Science Issues"},{"key":"9_CR22","unstructured":"Vormetric Data Security, 2015 Vormetric Insider Threat Report, San Jose, California (2015)"},{"issue":"1","key":"9_CR23","doi-asserted-by":"publisher","first-page":"91","DOI":"10.25300\/MISQ\/2015\/39.1.05","volume":"39","author":"J Wang","year":"2015","unstructured":"Wang, J., Gupta, M., Rao, R.: Insider threats in a financial institution: Analysis of attack-proneness of information systems applications. Management Information Systems Quarterly 39(1), 91\u2013112 (2015)","journal-title":"Management Information Systems Quarterly"},{"issue":"1","key":"9_CR24","doi-asserted-by":"crossref","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","volume":"37","author":"R Willison","year":"2013","unstructured":"Willison, R., Warkentin, M.: Beyond deterrence: An expanded view of employee computer abuse. Management Information Systems Quarterly 37(1), 1\u201320 (2013)","journal-title":"Management Information Systems Quarterly"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-67208-3_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,31]],"date-time":"2021-08-31T00:07:02Z","timestamp":1630368422000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-67208-3_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319672076","9783319672083"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-67208-3_9","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"31 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Orlando","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 January 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 February 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/ConferenceProgram2017.pdf","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}