{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T21:11:07Z","timestamp":1725570667419},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642155055"},{"type":"electronic","value":"9783642155062"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-15506-2_14","type":"book-chapter","created":{"date-parts":[[2010,11,26]],"date-time":"2010-11-26T12:20:33Z","timestamp":1290774033000},"page":"195-204","source":"Crossref","is-referenced-by-count":5,"title":["A Compiled Memory Analysis Tool"],"prefix":"10.1007","author":[{"given":"James","family":"Okolica","sequence":"first","affiliation":[]},{"given":"Gilbert","family":"Peterson","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"14_CR1","unstructured":"A. Boileau, Hit by a bus: Physical access attacks with FireWire (www.storm.net.nz\/static\/files\/ab_firewire_rux2k6-final.pdf), 2006."},{"key":"14_CR2","unstructured":"S. Brenner, B. Carrier and J. Henninger, The Trojan Horse Defense in Cybercrime Cases, CERIAS Tech Report 2005-15, Center for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, Indiana, 2005."},{"key":"14_CR3","volume-title":"File System Forensic Analysis","author":"B. Carrier","year":"2005","unstructured":"B. Carrier, File System Forensic Analysis, Pearson, Upper Saddle River, New Jersey, 2005."},{"issue":"1","key":"14_CR4","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.diin.2003.12.001","volume":"1","author":"B. Carrier","year":"2004","unstructured":"B. Carrier and J. Grand, A hardware-based memory acquisition procedure for digital investigations, Digital Investigation, vol. 1(1), pp. 50\u201360, 2004.","journal-title":"Digital Investigation"},{"key":"14_CR5","volume-title":"Windows Forensic Analysis","author":"H. Carvey","year":"2007","unstructured":"H. Carvey, Windows Forensic Analysis, Syngress, Burlington, Massachusetts, 2007."},{"key":"14_CR6","unstructured":"B. Dolan-Gavitt, Finding kernel global variables in Windows (mo yix.blogspot.com\/2008\/04\/finding-kernel-global-variables-in.html), April 16, 2008."},{"issue":"S","key":"14_CR7","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.diin.2008.05.003","volume":"5","author":"B. Dolan-Gavitt","year":"2008","unstructured":"B. Dolan-Gavitt, Forensic analysis of the Windows registry in memory, Digital Investigation, vol. 5(S), pp. S26\u2013S32, 2008.","journal-title":"Digital Investigation"},{"key":"14_CR8","unstructured":"B. Dolan-Gavitt, Linking processes to users (moyix.blogspot.com \/2008\/08\/linking-processes-to-users.html), August 16, 2008."},{"issue":"3","key":"14_CR9","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1145\/1368506.1368510","volume":"42","author":"E. Libster","year":"2008","unstructured":"E. Libster and J. Kornblum, A proposal for an integrated memory acquisition mechanism, ACM SIGOPS Operating Systems Review, vol. 42(3), pp. 14\u201320, 2008.","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"14_CR10","volume-title":"Incident Response and Computer Forensics","author":"K. Mandia","year":"2003","unstructured":"K. Mandia, C. Prosise and M. Pepe, Incident Response and Computer Forensics, McGraw-Hill\/Osborne, Emeryville, California, 2003."},{"key":"14_CR11","unstructured":"Mandiant, Memoryze, Washington, DC (www.mandiant.com\/software\/memoryze.htm)."},{"key":"14_CR12","unstructured":"ManTech, Memory DD, Vienna, Virginia (cybersolutions.mantech.com\/products.htm)."},{"key":"14_CR13","unstructured":"National Institite of Justice, Electronic Crime Scene Investigation: An On-the-Scene Reference for First Responders, U.S. Department of Justice, Washington, DC, 2009."},{"key":"14_CR14","unstructured":"M. Russinovich, Sysinternals Suite, Microsoft Corporation, Redmond, Washington (technet.microsoft.com\/en-us\/sysinternals\/bb842062.aspx)."},{"key":"14_CR15","volume-title":"Microsoft Windows Internals","author":"M. Russinovich","year":"2005","unstructured":"M. Russinovich and D. Solomon, Microsoft Windows Internals, Microsoft Press, Redmond, Washington, 2005."},{"key":"14_CR16","unstructured":"J. Rutkowska, Beyond the CPU: Defeating hardware-based RAM acquisition (Part I: AMD case), presented at the Black Hat DC 2007 Conference (www.first.org\/conference\/2007\/papers\/rutkowska-joa nna-slides.pdf), 2007."},{"key":"14_CR17","unstructured":"A. Schuster, PTfinder (version 0.2.00), Bonn, Germany (computer.forensikblog.de\/en\/2006\/03\/ptfinder_0_2_00.html), 2006."},{"issue":"S","key":"14_CR18","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1016\/j.diin.2006.06.010","volume":"3","author":"A. Schuster","year":"2006","unstructured":"A. Schuster, Searching for processes and threads in Microsoft Windows memory dumps, Digital Investigation, vol. 3(S), pp. S10\u2013S16, 2006.","journal-title":"Digital Investigation"},{"key":"14_CR19","unstructured":"S. Shankland, Amazon suffers U.S. outage on Friday, CNET, San Francisco, California (news.cnet.com\/8301-10784_3-9962010-7.html), June 6, 2008."},{"key":"14_CR20","unstructured":"P. Silberman, FUTo, Uninformed, vol. 3 (www.uninformed.org\/?v=3&a=7&t=sumry), January 2006."},{"key":"14_CR21","unstructured":"SourceForge.net, Memparser (sourceforge.net\/projects\/memparser), 2006."},{"key":"14_CR22","unstructured":"M. Suiche, Sandman Project (sandman.msuiche.net\/docs\/SandMan_Project.pdf), 2008."},{"key":"14_CR23","unstructured":"M. Suiche, win32dd (win32dd.msuiche.net)."},{"issue":"3","key":"14_CR24","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1145\/1368506.1368516","volume":"42","author":"I. Sutherland","year":"2008","unstructured":"I. Sutherland, J. Evans, T. Tryfonas and A. Blyth, Acquiring volatile operating system data: Tools and techniques, ACM SIGOPS Operating Systems Review, vol. 42(3), pp. 65\u201373, 2008.","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"14_CR25","unstructured":"A. Walters and N. Petroni, Volatools: Integrating volatile memory forensics into the digital investigation process, presented at Blackhat Hat DC 2007 Conference (www.blackhat.com\/presentations\/bh-dc-07\/Walters\/Paper\/bh-dc-07-Walters-WP.pdf), 2007."}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics VI"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-15506-2_14.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,30]],"date-time":"2021-04-30T12:55:55Z","timestamp":1619787355000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-15506-2_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642155055","9783642155062"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-15506-2_14","relation":{},"ISSN":["1868-4238","1861-2288"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1861-2288"}],"subject":[],"published":{"date-parts":[[2010]]}}}