{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T18:53:25Z","timestamp":1768416805892,"version":"3.49.0"},"publisher-location":"Cham","reference-count":14,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319736969","type":"print"},{"value":"9783319736976","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-73697-6_7","type":"book-chapter","created":{"date-parts":[[2018,1,5]],"date-time":"2018-01-05T02:53:43Z","timestamp":1515120823000},"page":"97-105","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Novel File Carving Algorithm for EVTX Logs"],"prefix":"10.1007","author":[{"given":"Ming","family":"Xu","sequence":"first","affiliation":[]},{"given":"Jinkai","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Ning","family":"Zheng","sequence":"additional","affiliation":[]},{"given":"Tong","family":"Qiao","sequence":"additional","affiliation":[]},{"given":"Yiming","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Kai","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Haidong","family":"Ge","sequence":"additional","affiliation":[]},{"given":"Tao","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,1,6]]},"reference":[{"key":"7_CR1","unstructured":"Sharma, H., Sabharwal, N.: Investigating the implications of virtual forensics. In: 2012 International Conference on Advances in Engineering, Science and Management (ICAESM), pp. 617\u2013620. IEEE (2012)"},{"key":"7_CR2","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1016\/j.diin.2007.06.017","volume":"4","author":"SL Garfinkel","year":"2007","unstructured":"Garfinkel, S.L.: Carving contiguous and fragmented files with fast object validation. Digit. Invest. 4, 2\u201312 (2007)","journal-title":"Digit. Invest."},{"key":"7_CR3","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.diin.2007.06.012","volume":"4","author":"R Murphey","year":"2007","unstructured":"Murphey, R.: Automated windows event log forensics. Digit. Invest. 4, 92\u2013100 (2007)","journal-title":"Digit. Invest."},{"key":"7_CR4","unstructured":"Al-Nemrat, A., Ibrahim, N., Jahankhan, H.: Sufficiency of windows event log as evidence in digital forensics. University of East London, London"},{"key":"7_CR5","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.diin.2007.06.015","volume":"4","author":"A Schuster","year":"2007","unstructured":"Schuster, A.: Introducing the Microsoft Vista event log file format. Digit. Invest. 4, 65\u201372 (2007)","journal-title":"Digit. Invest."},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Xiaoyu, H., Shunxiang, W.: Vista event log file parsing based on XML technology. In: 4th International Conference on Computer Science & Education, ICCSE 2009, pp. 1186\u20131190. IEEE (2009)","DOI":"10.1109\/ICCSE.2009.5228462"},{"key":"7_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/978-3-319-20125-2_13","volume-title":"Computational Forensics","author":"J Talebi","year":"2015","unstructured":"Talebi, J., Dehghantanha, A., Mahmoud, R.: Introducing and analysis of the Windows 8 event log for forensic purposes. In: Garain, U., Shafait, F. (eds.) IWCF 2012\/2014. LNCS, vol. 8915, pp. 145\u2013162. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20125-2_13"},{"key":"7_CR8","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-662-44952-3_7","volume-title":"Advances in Digital Forensics X","author":"Q Do","year":"2014","unstructured":"Do, Q., Martini, B., Looi, J., Wang, Y., Choo, K.-K.: Windows event forensic process. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2014. IAICT, vol. 433, pp. 87\u2013100. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44952-3_7"},{"key":"7_CR9","unstructured":"Mikus, N.: An analysis of disc carving techniques. Technical report, DTIC Document (2005)"},{"key":"7_CR10","unstructured":"Richard III, G.G., Roussev, V.: Scalpel: a frugal, high performance file carver. In: Refereed Proceedings of the Digital Forensic Research Workshop, DFRWS 2005, pp. 1\u201310, Astor Crowne Plaza, New Orleans, Louisiana, USA, August (2005)"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Karresand, M., Shahmehri, N.: Reassembly of fragmented JPEG images containing restart markers. In: European Conference on Computer Network Defense, EC2ND 2008, pp. 25\u201332. IEEE (2008)","DOI":"10.1109\/EC2ND.2008.10"},{"issue":"2","key":"7_CR12","doi-asserted-by":"publisher","first-page":"517","DOI":"10.1109\/TIP.2013.2285625","volume":"23","author":"G-H Na","year":"2014","unstructured":"Na, G.-H., Shim, K.-S., Moon, K.-W., Kong, S.G., Kim, E.-S., Lee, J.: Frame-based recovery of corrupted video files using video codec specifications. IEEE Trans. Image Process. 23(2), 517\u2013526 (2014)","journal-title":"IEEE Trans. Image Process."},{"issue":"3","key":"7_CR13","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1016\/j.diin.2007.10.001","volume":"4","author":"MI Cohen","year":"2007","unstructured":"Cohen, M.I.: Advanced carving techniques. Digital Invest. 4(3), 119\u2013128 (2007)","journal-title":"Digital Invest."},{"key":"7_CR14","unstructured":"Boddington, R., Hobbs, V., Mann, G.: Validating digital evidence for legal argument, p. 42 (2008)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-73697-6_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,29]],"date-time":"2025-06-29T10:59:53Z","timestamp":1751194793000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-73697-6_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319736969","9783319736976"],"references-count":14,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-73697-6_7","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"6 January 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Prague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Czech Republic","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 October 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 October 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/d-forensics.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}