{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T09:47:15Z","timestamp":1725616035057},"publisher-location":"Berlin, Heidelberg","reference-count":29,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642242113"},{"type":"electronic","value":"9783642242120"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-24212-0_13","type":"book-chapter","created":{"date-parts":[[2011,9,30]],"date-time":"2011-09-30T13:06:53Z","timestamp":1317388013000},"page":"169-182","source":"Crossref","is-referenced-by-count":3,"title":["Identifying Malware Using Cross-Evidence Correlation"],"prefix":"10.1007","author":[{"given":"Anders","family":"Flaglien","sequence":"first","affiliation":[]},{"given":"Katrin","family":"Franke","sequence":"additional","affiliation":[]},{"given":"Andre","family":"Arnes","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","volume-title":"Proceedings of the Workshop on Monitoring, Attack Detection and Mitigation","author":"Y. Al-Hammadi","year":"2006","unstructured":"Y. Al-Hammadi and U. Aickelin, Detecting botnets through log correlation, Proceedings of the Workshop on Monitoring, Attack Detection and Mitigation, 2006."},{"issue":"4","key":"13_CR2","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/s11416-006-0033-x","volume":"2","author":"A. Arnes","year":"2007","unstructured":"A. Arnes, P. Haas, G. Vigna and R. Kemmerer, Using a virtual security testbed for digital forensic reconstruction, Computer Virology, vol. 2(4), pp. 275\u2013289, 2007.","journal-title":"Computer Virology"},{"issue":"S","key":"13_CR3","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1016\/j.diin.2009.06.013","volume":"6","author":"D. Ayers","year":"2009","unstructured":"D. Ayers, A second generation computer forensic analysis system, Digital Investigation, vol. 6(S), pp. 34\u201342, 2009.","journal-title":"Digital Investigation"},{"key":"13_CR4","unstructured":"B. Carrier, The Sleuth Kit (www.sleuthkit.org)."},{"issue":"S","key":"13_CR5","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.diin.2008.05.008","volume":"5","author":"A. Case","year":"2008","unstructured":"A. Case, A. Cristina, L. Marziale, G. Richard and V. Roussev, FACE: Automated digital evidence discovery and correlation, Digital Investigation, vol. 5(S), pp. 65\u201375, 2008.","journal-title":"Digital Investigation"},{"issue":"4","key":"13_CR6","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MC.2004.1297301","volume":"37","author":"H. Chen","year":"2004","unstructured":"H. Chen, W. Chung, J. Xu, G. Wang and Y. Qin, Crime data mining: A general framework and some examples, IEEE Computer, vol. 37(4), pp. 50\u201356, 2004.","journal-title":"IEEE Computer"},{"issue":"S","key":"13_CR7","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1016\/j.diin.2009.06.010","volume":"6","author":"M. Cohen","year":"2009","unstructured":"M. Cohen, S. Garfinkel and B. Schatz, Extending the Advanced Forensic Format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow, Digital Investigation, vol. 6(S), pp. 57\u201368, 2009.","journal-title":"Digital Investigation"},{"key":"13_CR8","unstructured":"A. Flaglien, Cross-Computer Malware Detection in Digital Forensics, M.Sc. Thesis, Information Security Program, Faculty of Computer Science and Media Technology, Gjovik University College, Gjovik, Norway, 2010."},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"A. Flaglien, A. Mallasvik, M. Mustorp and A. Arnes, Storage and exchange formats for digital evidence, presented at the NISK Conference, 2010.","DOI":"10.1016\/j.diin.2011.09.002"},{"issue":"S","key":"13_CR10","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1016\/j.diin.2006.06.007","volume":"3","author":"S. Garfinkel","year":"2006","unstructured":"S. Garfinkel, Forensic feature extraction and cross-drive analysis, Digital Investigation, vol. 3(S), pp. 71\u201381, 2006.","journal-title":"Digital Investigation"},{"key":"13_CR11","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1109\/SADFE.2009.12","volume-title":"Proceedings of the Fourth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","author":"S. Garfinkel","year":"2009","unstructured":"S. Garfinkel, Automating disk forensic processing with SleuthKit, XML and Python, Proceedings of the Fourth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 73\u201384, 2009."},{"issue":"1","key":"13_CR12","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1145\/959242.959253","volume":"5","author":"L. Getoor","year":"2003","unstructured":"L. Getoor, Link mining: A new data mining challenge, ACM SIGKDD Explorations, vol. 5(1), pp. 84\u201389, 2003.","journal-title":"ACM SIGKDD Explorations"},{"issue":"2","key":"13_CR13","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1145\/1117454.1117456","volume":"7","author":"L. Getoor","year":"2005","unstructured":"L. Getoor and C. Diehl, Link mining: A survey, ACM SIGKDD Explorations, vol. 7(2), pp. 3\u201312, 2005.","journal-title":"ACM SIGKDD Explorations"},{"key":"13_CR14","unstructured":"P. Gladyshev, Formalizing Event Reconstruction in Digital Investigations, Ph.D. Dissertation, Department of Computer Science, University College Dublin, Dublin, Ireland, 2004."},{"key":"13_CR15","first-page":"139","volume-title":"Proceedings of the Seventeenth USENIX Security Symposium","author":"G. Gu","year":"2008","unstructured":"G. Gu, R. Perdisci, J. Zhang and W. Lee, BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection, Proceedings of the Seventeenth USENIX Security Symposium, pp. 139\u2013154, 2008."},{"issue":"1","key":"13_CR16","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M. Hall","year":"2009","unstructured":"M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann and I. Witten, The WEKA data mining software: An update, ACM SIGKDD Explorations, vol. 11(1), pp. 10\u201318, 2009.","journal-title":"ACM SIGKDD Explorations"},{"key":"13_CR17","volume-title":"Data Mining: Concepts and Techniques","author":"J. Han","year":"2006","unstructured":"J. Han and M. Kamber, Data Mining: Concepts and Techniques, Morgan Kaufmann, San Francisco, California, 2006."},{"key":"13_CR18","volume-title":"Principles of Data Mining","author":"D. Hand","year":"2001","unstructured":"D. Hand, H. Mannila and P. Smyth, Principles of Data Mining, MIT Press, Cambridge, Massachusetts, 2001."},{"key":"13_CR19","unstructured":"S. Hoffman, China hackers launch cyber attack on India, Dalai Lama, CRN (www.crn.com\/security\/224201581), April 6, 2010."},{"key":"13_CR20","volume-title":"Hard Hats for Data Miners: Myths and Pitfalls of Data Mining","author":"T. Khabaza","year":"2005","unstructured":"T. Khabaza, Hard Hats for Data Miners: Myths and Pitfalls of Data Mining, White Paper, SPSS, Zurich, Switzerland, 2005."},{"key":"13_CR21","volume-title":"Investigative Data Mining for Security and Criminal Detection","author":"J. Mena","year":"2003","unstructured":"J. Mena, Investigative Data Mining for Security and Criminal Detection, Elsevier Science, Burlington, Massachusetts, 2003."},{"key":"13_CR22","unstructured":"E. Messmer, The botnet world is booming, Network World, July 9, 2009."},{"key":"13_CR23","unstructured":"National Institute of Standards and Technology, National Software Reference Library, Gaithersburg, Maryland (www.nsrl.nist.gov)."},{"issue":"2","key":"13_CR24","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1145\/1113034.1113074","volume":"49","author":"G. Richard","year":"2006","unstructured":"G. Richard and V. Roussev, Next-generation digital forensics, Communications of the ACM, vol. 49(2), pp. 76\u201380, 2006.","journal-title":"Communications of the ACM"},{"key":"13_CR25","volume-title":"Botnets: The Killer Web App","author":"C. Schiller","year":"2007","unstructured":"C. Schiller, J. Binkley, D. Harley, G. Evron, T. Bradley, C. Willems and M. Cross, Botnets: The Killer Web App, Syngress, Rockland, Massachusetts, 2007."},{"key":"13_CR26","volume-title":"Pattern Recognition","author":"S. Theodoridis","year":"2006","unstructured":"S. Theodoridis and K. Koutroumbas, Pattern Recognition, Academic Press, San Diego, California, 2006."},{"key":"13_CR27","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"I. Witten","year":"2005","unstructured":"I. Witten and E. Frank, Data Mining: Practical Machine Learning Tools and Techniques, Morgan Kaufmann, San Francisco, California, 2005."},{"volume-title":"The Top Ten Algorithms in Data Mining","year":"2009","key":"13_CR28","unstructured":"X. Wu and V. Kumar (Eds.), The Top Ten Algorithms in Data Mining, Chapman and Hall\/CRC, Boca Raton, Florida, 2009."},{"key":"13_CR29","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1109\/DSN.2010.5544306","volume-title":"Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks","author":"Y. Zeng","year":"2010","unstructured":"Y. Zeng, X. Hu and K. Shin, Detection of botnets using combined host- and network-level information, Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 291\u2013300, 2010."}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics VII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-24212-0_13.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T22:15:41Z","timestamp":1606169741000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-24212-0_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642242113","9783642242120"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-24212-0_13","relation":{},"ISSN":["1868-4238","1861-2288"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1861-2288"}],"subject":[],"published":{"date-parts":[[2011]]}}}