{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T11:30:52Z","timestamp":1725622252135},"publisher-location":"Berlin, Heidelberg","reference-count":11,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642236013"},{"type":"electronic","value":"9783642236020"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23602-0_11","type":"book-chapter","created":{"date-parts":[[2011,10,18]],"date-time":"2011-10-18T00:31:35Z","timestamp":1318897895000},"page":"122-130","source":"Crossref","is-referenced-by-count":1,"title":["Acquisition of Network Connection Status Information from Physical Memory on Windows Vista Operating System"],"prefix":"10.1007","author":[{"given":"Lijuan","family":"Xu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lianhai","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lei","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhigang","family":"Kong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Brezinski, D., Killalea, T.: Guidelines for evidence collection and archiving. RFC 3227 (Best Current Practice) (February 2002), http:\/\/www.ietf.org\/rfc\/rfc3227.txt","DOI":"10.17487\/rfc3227"},{"key":"11_CR2","unstructured":"Burdach, M.: Digital forensics of the physical memory, http:\/\/forensic.seccure.net\/pdf\/mburdachdigitalforensicsofphysicalmemory.pdf"},{"key":"11_CR3","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1016\/j.diin.2006.06.010","volume":"3","author":"A. Schuster","year":"2006","unstructured":"Schuster, A.: Searching for processes and threads in Microsoft Windows memory dumps. Digital Investigation\u00a03(supplement 1), 10\u201316 (2006)","journal-title":"Digital Investigation"},{"key":"11_CR4","unstructured":"Betz, C.: memparser, http:\/\/www.dfrws.org\/2005\/challenge\/memparser.shtml"},{"key":"11_CR5","unstructured":"Walters, A., Petronic, N.: Volatools: integrating volatile memory forensics into the digital investigation process. Black Hat DC\u00a02007 (2007)"},{"key":"11_CR6","volume-title":"Real Digital Forensics","author":"K.J. Jones","year":"2005","unstructured":"Jones, K.J., Bejtlich, R., Rose, C.W.: Real Digital Forensics. Addison Wesley, Reading (2005)"},{"key":"11_CR7","volume-title":"Windows Froensics and Incident Recovery","author":"H. Carvey","year":"2005","unstructured":"Carvey, H.: Windows Froensics and Incident Recovery. Addison Wesley, Reading (2005)"},{"key":"11_CR8","unstructured":"Mandia, K., Prosise, C., Pepe, M.: Incident Response and Computer Forensics. McGrawHill Osborne Media (2003)"},{"key":"11_CR9","unstructured":"The Volatility Framework: Volatile memory artifact extraction utility framework, https:\/\/www.volatilesystems.com\/default\/volatility\/"},{"key":"11_CR10","unstructured":"Schuster, S.: Pool allocations as an information source in windows memory forensics. In: Oliver, G., Dirk, S., Sandra, F., Hardo, H., Detlef, G., Jens, N. (eds.) IT-Incident Management & IT-Forensics-IMF 2006. Lecture notes in informatics, vol.\u00a0P-97, pp. 104\u2013115 (2006)"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Zhang, R.C., Wang, L.H., Zhang, S.H.: Windows Memory Analysis Based on KPCR. In: 2009 Fifth International Conference on Information Assurance and Security, IAS, vol.\u00a02, pp. 677\u2013680 (2009)","DOI":"10.1109\/IAS.2009.103"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Forensics in Telecommunications, Information, and Multimedia"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23602-0_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,17]],"date-time":"2019-06-17T17:04:10Z","timestamp":1560791050000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23602-0_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236013","9783642236020"],"references-count":11,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23602-0_11","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2011]]}}}