{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T15:54:25Z","timestamp":1770220465510,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":17,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642195129","type":"print"},{"value":"9783642195136","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-19513-6_8","type":"book-chapter","created":{"date-parts":[[2011,3,7]],"date-time":"2011-03-07T01:58:50Z","timestamp":1299463130000},"page":"96-109","source":"Crossref","is-referenced-by-count":9,"title":["Signature Based Detection of User Events for Post-mortem Forensic Analysis"],"prefix":"10.1007","author":[{"given":"Joshua Isaac","family":"James","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Gladyshev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuandong","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","unstructured":"Gladyshev, P., Patel, A.: Formalising Event Time Bounding in Digital Investigations. International Journal of Digital Evidence\u00a04 (2005)"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Haggerty, J., Taylor, M.: FORSIGS: Forensic Signature Analysis of the Hard Drive for Multimedia File Fingerprints. In: IFIP International Federation for Information Processing, vol. 232, pp. 1\u201312 (2007)","DOI":"10.1007\/978-0-387-72367-9_1"},{"key":"8_CR3","unstructured":"James, J.: Survey of Evidence and Forensic Tool Usage in Digital Investigations (July 23, 2010), The UCD Centre for Cybercrime Investigation, \n                  \n                    http:\/\/cci.ucd.ie\/content\/survey-evidence-and-forensic-tool-usage-digital-investigations\n                  \n                  \n                 (July 26, 2010)"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Kahvedzic, D., Kechadi, T.: Extraction of user activity through comparison of windows restore points. In: 6th Australian Digital Forensics Conference (2008)","DOI":"10.15394\/jdfsl.2008.1049"},{"key":"8_CR5","doi-asserted-by":"crossref","unstructured":"Kim, D.H., In, D.H.: Cyber Criminal Activity Analysis Models using Markov Chain for Digital Forensics. In: ISA, pp. 193\u2013198 (2008)","DOI":"10.1109\/ISA.2008.90"},{"key":"8_CR6","unstructured":"McAfee. Complete Security: The Case for Combined Behavioral and Signature-Based Protection. Whitepaper. Santa Carla: McAfee Inc. (2005)"},{"key":"8_CR7","unstructured":"Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1.4 (2003)"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Ogaw\u0306a, A., Yamazaki, Y., Ueno, K., Cheng, K., Iriki, A.: Neural Correlates of Species-typical Illogical Cognitive Bias in Human Inference. Journal of Cognitive Neuroscience, Massachusetts Institute of Technology (2009), doi:10.1162\/jocn.2009.21330","DOI":"10.1162\/jocn.2009.21330"},{"key":"8_CR9","unstructured":"Personage, H.: The Meaning of (L)inkfiles (I)n (F)orensic (E)xaminations (November 2009). Computer Forensics Miscellany, \n                  \n                    http:\/\/computerforensics.parsonage.co.uk\/downloads\/TheMeaningofLIFE.pdf\n                  \n                  \n                 (Febuary 2, 2010)"},{"key":"8_CR10","unstructured":"Roiter, N.: When signature based antivirus isn\u2019t enough (May 3, 2007), \n                  \n                    http:\/\/searchsecurity.techtarget.com\/news\/article\/0,289142,sid14_gci1253602,00.html\n                  \n                  \n                 (Febuary 2, 2010)"},{"key":"8_CR11","unstructured":"Russinovich, M.: Inside the Registry (Feburary 3, 2010), \n                  \n                    http:\/\/technet.microsoft.com\/enus\/library\/cc750583.aspx"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS) SP800-94. Special Publication. NIST: National Institute of Science and Technology. National Institute of Science and Technology, Gaithersburg (2007)","DOI":"10.6028\/NIST.SP.800-94"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Sy, B.K.: Signature-Based Approach for Intrusion Detection. Machine Learning and Data Mining in Pattern Recognition, 526\u2013536 (August 8, 2005)","DOI":"10.1007\/11510888_52"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Willassen, S.Y.: Timestamp evidence correlation by model based clock hypothesis testing. In: Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia and Workshop, ICST, Brussels, Belgium, pp. 1\u20136 (2008)","DOI":"10.4108\/e-forensics.2008.2637"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Zhu, Y., James, J., Gladyshev, P.: A comparative methodology for the reconstruction of digital events using Windows Restore Points. Digital Investigation (2009a), doi:10.1016\/j.diin.2009.02.004","DOI":"10.1016\/j.diin.2009.02.004"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Zhu, Y., James, J., Gladyshev, P.: Consistency Study of the Windows Registry. In: Sixth Annual IFIP WG 11.9 International Conference on Digital Forensics (2010)","DOI":"10.1007\/978-3-642-15506-2_6"},{"key":"8_CR17","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1016\/j.diin.2009.06.009","volume":"6","author":"Y. Zhu","year":"2009","unstructured":"Zhu, Y., Gladyshev, P., James, J.: Using ShellBag Information to Reconstruct User Activities. Digital Investigation\u00a06, 69\u201377 (2009c), doi:10.1016\/j.diin.2009.06.009","journal-title":"Digital Investigation"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-19513-6_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T09:55:23Z","timestamp":1558432523000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-19513-6_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642195129","9783642195136"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-19513-6_8","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}