{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T09:50:13Z","timestamp":1725702613051},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642331602"},{"type":"electronic","value":"9783642331619"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33161-9_43","type":"book-chapter","created":{"date-parts":[[2012,9,20]],"date-time":"2012-09-20T13:57:47Z","timestamp":1348149467000},"page":"289-298","source":"Crossref","is-referenced-by-count":1,"title":["Towards Sound Forensic Acquisition of Volatile Data"],"prefix":"10.1007","author":[{"given":"Sebastian","family":"Eschweiler","sequence":"first","affiliation":[]},{"given":"Elmar","family":"Gerhards-Padilla","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"43_CR1","unstructured":"Qihoo 360. Description of the Mebromi Rootkit, \n \n http:\/\/bbs.360.cn\/4005462\/251096134.html\n \n \n (last access September 2011)"},{"issue":"1","key":"43_CR2","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.diin.2003.12.001","volume":"1","author":"B.D. Carrier","year":"2004","unstructured":"Carrier, B.D., Grand, J.: A hardware-based memory acquisition procedure for digital investigations. Digital Investigation\u00a01(1), 50\u201360 (2004)","journal-title":"Digital Investigation"},{"key":"43_CR3","unstructured":"U.S. Federal Court. Forcing Defendant to decrypt Hard Drive is unconstitutional, appeals Court Rules, \n \n http:\/\/www.ca11.uscourts.gov\/opinions\/ops\/201112268.pdf\n \n \n (last access March 2012)"},{"key":"43_CR4","unstructured":"Cybermarshal. Mac Memory Reader, \n \n http:\/\/www.cybermarshal.com\/index.php\/cyber-marshal-utilities\/mac-memory-reader\n \n \n (last access March 2012)"},{"key":"43_CR5","unstructured":"Guillaume Delugr\u00ef\u0153 Closer to metal: Reverse engineering the Broadcom NetExtreme\u2019s Firmware. In: Hack.lu (2010)"},{"key":"43_CR6","unstructured":"Maximilan Dornseif. Owned by an iPod. In: PacSec (2004)"},{"key":"43_CR7","unstructured":"GNU. dd, \n \n http:\/\/www.gnu.org\/software\/coreutils\/manual\/html_node\/dd-invocation.html\n \n \n (last access March 2012)"},{"key":"43_CR8","unstructured":"Golovanov, S.: A unique \u2019fileless\u2019 bot attacks news site visitors, \n \n http:\/\/www.securelist.com\/en\/blog\/687\/A_unique_fileless_bot_attacks_news_site_visitors\n \n \n (last access March 2012)"},{"key":"43_CR9","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/1506409.1506429","volume":"52","author":"J. Alex Halderman","year":"2009","unstructured":"Alex Halderman, J., Schoen, S.D., Heninger, N., William, et al.: Lest We Remember: Cold-boot Attacks on Encryption Keys. Commun. ACM\u00a052, 91\u201398 (2009)","journal-title":"Commun. ACM"},{"key":"43_CR10","unstructured":"HBGary. FastDump PRO, \n \n http:\/\/www.hbgary.com\/fastdump-pro\n \n \n (last access March 2012)"},{"key":"43_CR11","unstructured":"Passware Inc. Passware Kit Forensic, \n \n http:\/\/www.lostpassword.com\/kit-forensic.htm\n \n \n (last access March 2012)"},{"key":"43_CR12","unstructured":"Moonsols. Windows Memory Toolkit, \n \n http:\/\/www.moonsols.com\/windows-memory-toolkit\n \n \n (last access March 2012)"},{"key":"43_CR13","first-page":"17","volume-title":"Proceedings of the 20th USENIX Conference on Security, SEC 2011","author":"T. M\u00fcller","year":"2011","unstructured":"M\u00fcller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 17. USENIX Association, Berkeley (2011)"},{"key":"43_CR14","unstructured":"Pabel, J.: FrozenCache \u2013 Mitigating cold-boot Attacks for Full-Disk-Encryption Software. In: 27C3 (2010)"},{"key":"43_CR15","unstructured":"Pikewerks. Second Look, \n \n http:\/\/pikewerks.com\/sl\/\n \n \n (last access March 2012)"},{"key":"43_CR16","unstructured":"Plohmann, D., Gerhards-Padilla, E.: Case Study of the Miner Botnet. In: Proceedings of the 4th International Conference on Cyber Conflict (to appear, 2012)"},{"key":"43_CR17","unstructured":"Rutkowska, J.: Beyond The CPU: Defeating Hardware Based RAM Acquisition. In: Black Hat DC 2007 (2007)"},{"key":"43_CR18","unstructured":"Butler, J., Sparks, S.: Shadow Walker \u2013 Raising The Bar For Windows Rootkit Detection. Phrack\u00a011(59) (2005)"},{"key":"43_CR19","unstructured":"Guidance Software. Encase Forensic, \n \n http:\/\/www.guidancesoftware.com\/forensic.htm\n \n \n (last access March 2012)"},{"key":"43_CR20","unstructured":"Symantec. Description of Trojan.Badminer (2011), \n \n http:\/\/www.symantec.com\/business\/security_response\/writeup.jsp?docid=2011-081115-5847-99&tabid=2\n \n \n (last access September 2011)"},{"key":"43_CR21","unstructured":"Volatile Systems. Volatility, \n \n https:\/\/www.volatilesystems.com\n \n \n (last access September 2011)"}],"container-title":["Communications in Computer and Information Science","Future Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33161-9_43.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T11:57:19Z","timestamp":1620129439000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-33161-9_43"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642331602","9783642331619"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33161-9_43","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2012]]}}}