{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T17:15:13Z","timestamp":1725556513370},"publisher-location":"Berlin, Heidelberg","reference-count":18,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642132407"},{"type":"electronic","value":"9783642132414"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-13241-4_21","type":"book-chapter","created":{"date-parts":[[2010,5,19]],"date-time":"2010-05-19T05:16:49Z","timestamp":1274246209000},"page":"233-244","source":"Crossref","is-referenced-by-count":3,"title":["Detecting Hidden Encrypted Volumes"],"prefix":"10.1007","author":[{"given":"Christopher","family":"Hargreaves","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Howard","family":"Chivers","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"unstructured":"Casey, E.: Practical Approaches to Recovering Encrypted Digital Evidence. International Journal for Digital Evidence\u00a01 (2002)","key":"21_CR1"},{"doi-asserted-by":"crossref","unstructured":"Wolfe, H.B.: Encountering Encrypted Evidence (Potential). In: Proceedings of the 4th Conference on Information Technology Curriculum (2002)","key":"21_CR2","DOI":"10.28945\/2590"},{"key":"21_CR3","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1016\/S0167-4048(03)00504-2","volume":"22","author":"H. Wolfe","year":"2003","unstructured":"Wolfe, H.: Encountering Encryption. Computers and Security\u00a022, 388\u2013391 (2003)","journal-title":"Computers and Security"},{"key":"21_CR4","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1016\/j.diin.2004.04.002","volume":"1","author":"H. Wolfe","year":"2004","unstructured":"Wolfe, H.: Penetrating Encrypted Evidence. Digital Investigation\u00a01, 102\u2013105 (2004)","journal-title":"Digital Investigation"},{"unstructured":"United Kingdom: Regulation of Investigatory Powers Act 2000. HMSO (2000)","key":"21_CR5"},{"unstructured":"Home Office: Investigation of Protected Electronic Information: Code of Practice (2007)","key":"21_CR6"},{"unstructured":"TrueCrypt: TrueCrypt Documentation (2009), \n                    \n                      http:\/\/www.truecrypt.org\/docs\/","key":"21_CR7"},{"unstructured":"TrueCrypt: TrueCrypt Documentation: Hidden Volume (2009)","key":"21_CR8"},{"unstructured":"Czeskis, A., Hilaire, D.J.S., Koscher, K., Gribble, S.D., Kohno, T., Schneier, B.: Defeating encrypted and deniable file systems: TrueCrypt v5. 1a and the case of the tattling OS and applications (2008)","key":"21_CR9"},{"unstructured":"Craiger, J.P., Pollitt, M., Swauger, J.: Law Enforcement and Digital Evidence (2005), \n                    \n                      http:\/\/ncfs.org\/craiger.delf.revision.pdf","key":"21_CR10"},{"unstructured":"Microsoft: Learn about the features: Shadow Copy (2007), \n                    \n                      http:\/\/www.microsoft.com\/windows\/products\/windowsvista\/features\/details\/shadowcopy.mspx","key":"21_CR11"},{"unstructured":"Microsoft: System Restore: frequently asked questions (2008)","key":"21_CR12"},{"unstructured":"Titheridge, D.: Microsoft Windows Vista Registry. MSc. Cranfield University (2009)","key":"21_CR13"},{"key":"21_CR14","volume-title":"File System Forensic Analysis","author":"B. Carrier","year":"2005","unstructured":"Carrier, B.: File System Forensic Analysis. Addison-Wesley, Reading (2005)"},{"key":"21_CR15","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-84628-732-9","volume-title":"Forensic Computing: A Practitioners Guide","author":"T. Sammes","year":"2007","unstructured":"Sammes, T., Jenkinson, B.: Forensic Computing: A Practitioners Guide, 2nd edn. Springer, Heidelberg (2007)","edition":"2"},{"unstructured":"Microsoft: Default cluster size for NTFS, FAT, and exFAT (2009), \n                    \n                      http:\/\/support.microsoft.com\/kb\/140365","key":"21_CR16"},{"unstructured":"Assange, J., Weinmann, R.P., Dreyfus, S.: Rubberhose, \n                    \n                      http:\/\/iq.org\/~proff\/marutukku.org\/\n                    \n                    \n                   (Undated)","key":"21_CR17"},{"doi-asserted-by":"crossref","unstructured":"Hargreaves, C., Chivers, H.: Recovery of Encryption Keys from Memory Using a Linear Scan. In: The International Workshop on Digital Forensics, Barcelona, Spain (2008)","key":"21_CR18","DOI":"10.1109\/ARES.2008.109"}],"container-title":["Lecture Notes in Computer Science","Communications and Multimedia Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-13241-4_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T14:47:07Z","timestamp":1558277227000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-13241-4_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642132407","9783642132414"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-13241-4_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}