{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T11:30:52Z","timestamp":1725622252735},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642236013"},{"type":"electronic","value":"9783642236020"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23602-0_10","type":"book-chapter","created":{"date-parts":[[2011,10,18]],"date-time":"2011-10-18T04:31:35Z","timestamp":1318912295000},"page":"110-121","source":"Crossref","is-referenced-by-count":0,"title":["Investigating the Implications of Virtualization for Digital Forensics"],"prefix":"10.1007","author":[{"given":"Zheng","family":"Song","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Jin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yinghong","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yongqing","family":"Sun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Live View, http:\/\/liveview.sourceforge.net\/"},{"key":"10_CR2","unstructured":"Detect if your program is running inside a Virtual Machine, http:\/\/www.codeproject.com"},{"key":"10_CR3","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1145\/1113034.1113069","volume":"49","author":"B.D. Carrier","year":"2006","unstructured":"Carrier, B.D.: Risks of Live Digital Forensic Analysis. Communications of the ACM\u00a049, 56\u201361 (2006)","journal-title":"Communications of the ACM"},{"key":"10_CR4","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1080\/15567280802047135","volume":"2","author":"M. Pollitt","year":"2008","unstructured":"Pollitt, M., Nance, K., Hay, B., Dodge, R., Craiger, P., Burke, P., Marberry, C., Brubaker, B.: Virtualization and Digital Forensics: A Research and Education Agenda. Journal of Digital Forensic Practice\u00a02, 62\u201373 (2008)","journal-title":"Journal of Digital Forensic Practice"},{"key":"10_CR5","unstructured":"Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: 10th Annual Symposium on Network and Distributed System Security, pp. 191\u2013206 (2003)"},{"key":"10_CR6","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2008.134","volume":"6","author":"K. Nance","year":"2008","unstructured":"Nance, K., Bishop, M., Hay, B.: Virtual Machine Introspection: Observation or Interference? IEEE Security & Privacy\u00a06, 32\u201337 (2008)","journal-title":"IEEE Security & Privacy"},{"key":"10_CR7","unstructured":"XenAccess, http:\/\/code.google.com\/p\/xenaccess\/"},{"key":"10_CR8","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1145\/1368506.1368517","volume":"42","author":"B. Hay","year":"2008","unstructured":"Hay, B., Nance, K.: Forensic Examination of Volatile System Data using Virtual Introspection. ACM SIGOPS Operating Systems Review\u00a042, 74\u201382 (2008)","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"10_CR9","unstructured":"VMsafe, http:\/\/www.vmware.com"},{"key":"10_CR10","unstructured":"Bem, D., Huebner, E.: Computer Forensic Analysis in a Virtual Environment. International Journel of Digital Evidence\u00a06 (2007)"},{"key":"10_CR11","unstructured":"ProDiscover Basic, http:\/\/www.techpathways.com\/"},{"key":"10_CR12","unstructured":"Virtual Forensics Computing, http:\/\/www.mountimage.com\/"},{"key":"10_CR13","unstructured":"Mount Image Pro, http:\/\/www.mountimage.com\/"},{"key":"10_CR14","unstructured":"Encase Forensics Physical Disk Emulator, http:\/\/www.encaseenterprise.com\/"},{"key":"10_CR15","unstructured":"SmartMount, http:\/\/www.asrdata.com\/SmartMount\/"},{"key":"10_CR16","unstructured":"VMware DiskMount, http:\/\/www.vmware.com"},{"key":"10_CR17","unstructured":"Shavers, B.: Virtual Forensics (A Discussion of Virtual Machine Related to Forensic Analysis), http:\/\/www.forensicfocus.com\/virtual-machines-forensics-analysis"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Xu, D.: DKSM:Subverting Virtual Machine Introspection for Fun and Profit. Technical report, North Carolina State University (2010)","DOI":"10.1109\/SRDS.2010.39"},{"key":"10_CR19","volume-title":"File system forensic analysis","author":"B. Carrier","year":"2005","unstructured":"Carrier, B.: File system forensic analysis. Addison-Wesley, Boston (2005)"},{"key":"10_CR20","unstructured":"VMFS, http:\/\/www.vmware.com\/products\/vmfs\/"},{"key":"10_CR21","unstructured":"Open Source VMFS Driver, http:\/\/code.google.com\/p\/vmfs\/"},{"key":"10_CR22","volume-title":"Forensic Discovery","author":"D. Farmer","year":"2005","unstructured":"Farmer, D., Venema, W.: Forensic Discovery. Addison-Wesley, Reading (2005)"},{"key":"10_CR23","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-642-04155-6_5","volume-title":"Advances in Digital Forensics V","author":"G. Dorn","year":"2009","unstructured":"Dorn, G., Marberry, C., Conrad, S., Craiger, P.: Advances in Digital Forensics V. IFIP Advances in Information and Communication Technology, vol.\u00a0306, p. 69. Springer, Heidelberg (2009)"},{"key":"10_CR24","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1016\/j.diin.2006.12.002","volume":"4","author":"J.D. Kornblum","year":"2007","unstructured":"Kornblum, J.D.: Using every part of the buffalo in Windows memory analysis. Digital Investigation\u00a04, 24\u201329 (2007)","journal-title":"Digital Investigation"},{"key":"10_CR25","volume-title":"Computer Forensics: Incident Response Essentials","author":"W.G. Kruse II","year":"2002","unstructured":"Kruse II, W.G., Heiser, J.G.: Computer Forensics: Incident Response Essentials, 1st edn. Addison Wesley Professional, Reading (2002)","edition":"1"},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Mrdovic, S., Huseinovic, A., Zajko, E.: Combining Static and Live Digital Forensic Analysis in Virtual Environment. In: 22nd International Symposium on Information, Communication and Automation Technologies (2009)","DOI":"10.1109\/ICAT.2009.5348415"},{"key":"10_CR27","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1016\/j.diin.2005.07.002","volume":"2","author":"M.A. Penhallurick","year":"2005","unstructured":"Penhallurick, M.A.: Methodologies for the use of VMware to boot cloned\/mounted subject hard disk image. Digital Investigation\u00a02, 209\u2013222 (2005)","journal-title":"Digital Investigation"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Nance, K., Hay, B., Bishop, M.: Investigating the Implications of Virtual Machine Introspection for Digital Forensics. In: International Conference on Availability, Reliability and Security, pp. 1024\u20131029 (2009)","DOI":"10.1109\/ARES.2009.173"},{"key":"10_CR29","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1145\/945445.945462","volume-title":"Nineteenth ACM Symposium on Operating Systems Principles","author":"P. Barham","year":"2003","unstructured":"Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T.L., Ho, A., Neugebaur, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Nineteenth ACM Symposium on Operating Systems Principles, pp. 164\u2013177. ACM Press, New York (2003)"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy malware detection through vmm-based \u201cout-of-the-box\u201d semantic view reconstruction. In: 14th ACM conference on Computer and communications security, Alexandria, Virginia, USA, pp. 128\u2013138 (2007)","DOI":"10.1145\/1315245.1315262"},{"key":"10_CR31","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-540-87403-4_3","volume-title":"11th International Symposium on Recent Advances in Intrusion Detection","author":"A. Srivastava","year":"2008","unstructured":"Srivastava, A., Giffin, J.: Tamper-resistant, application-aware blocking of malicious network connections. In: 11th International Symposium on Recent Advances in Intrusion Detection, pp. 39\u201358. Springer, Heidelburg (2008)"},{"key":"10_CR32","first-page":"1","volume-title":"Annual Conference on USENIX 2006 Annual Technical Conference","author":"S.T. Jones","year":"2006","unstructured":"Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: Annual Conference on USENIX 2006 Annual Technical Conference, p. 1. USENIX Association, Berkeley (2006)"},{"key":"10_CR33","unstructured":"Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: 17th Conference on Security Symposium. USENIX Association (2008)"},{"key":"10_CR34","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1109\/HOTOS.2001.990073","volume-title":"Eighth Workshop on Hot Topics in Operating Systems","author":"P.M. Chen","year":"2001","unstructured":"Chen, P.M., Noble, B.D.: When virtual is better than real. In: Eighth Workshop on Hot Topics in Operating Systems, p. 133. IEEE Computer Society, Washington, DC (2001)"},{"key":"10_CR35","unstructured":"Volatile systems, https:\/\/www.volatilesystems.com\/default\/volatility"},{"key":"10_CR36","first-page":"555","volume-title":"16th ACM Conference on Computer and Communications Security","author":"M. Carbone","year":"2009","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: 16th ACM Conference on Computer and Communications Security, pp. 555\u2013565. ACM, New York (2009)"},{"key":"10_CR37","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Srivastava, A., Trayor, P., Giffin, J.: Robust signatures for kernel data structures. In: 16th ACM Conference on Computer and Communications Security, pp. 566\u2013577 (2009)","DOI":"10.1145\/1653662.1653730"},{"key":"10_CR38","unstructured":"VMware ESXi, http:\/\/www.vmware.com\/products\/esxi\/"},{"key":"10_CR39","unstructured":"VMware Workstation, http:\/\/www.vmware.com\/products\/workstation\/"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Forensics in Telecommunications, Information, and Multimedia"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23602-0_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,17]],"date-time":"2019-06-17T21:04:47Z","timestamp":1560805487000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23602-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236013","9783642236020"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23602-0_10","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2011]]}}}