{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T13:26:19Z","timestamp":1725542779333},"publisher-location":"Berlin, Heidelberg","reference-count":18,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642355141"},{"type":"electronic","value":"9783642355158"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-35515-8_11","type":"book-chapter","created":{"date-parts":[[2012,11,22]],"date-time":"2012-11-22T11:36:13Z","timestamp":1353584173000},"page":"131-140","source":"Crossref","is-referenced-by-count":2,"title":["A Novel Methodology for Malware Intrusion Attack Path Reconstruction"],"prefix":"10.1007","author":[{"given":"Ahmed F.","family":"Shosha","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joshua I.","family":"James","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Gladyshev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"Symantec. Internet Security Threat Report, vol. 16 (2010)"},{"key":"11_CR2","unstructured":"Gladyshev, P., Patel, A.: Formalizing Event Time Bounding in Digital Investigations. International Journal of Digital Evidence\u00a04(2) (2005)"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Zhu, Y., James, J., Gladyshev, P.: A comparative methodology for the reconstruction of digital events using Windows Restore Points. Paper Presented at the Digital Investigation Conference (2009)","DOI":"10.1016\/j.diin.2009.02.004"},{"key":"11_CR4","unstructured":"Microsoft. About System Restore (2010), http:\/\/msdn.microsoft.com\/en-us\/library\/aa378724(v=vs.85).aspx (retrieved 2011)"},{"key":"11_CR5","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1016\/j.diin.2006.08.008","volume":"3","author":"K. Harms","year":"2006","unstructured":"Harms, K.: Forensic analysis of System Restore points in Microsoft Windows XP. Digital Investigation\u00a03, 151\u2013158 (2006)","journal-title":"Digital Investigation"},{"key":"11_CR6","unstructured":"Carvey, H.: Windows Forensic Analysis DVD ToolKit (2009)"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Kahvedzic, D., Kechadi, T.: Extraction of User Activity through Comparison of Windows Restore Points (2008)","DOI":"10.15394\/jdfsl.2008.1049"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Kahvedzic, D., Kechadi, T.: On the persistence of deleted windows registry data structures. Paper Presented at the ACM Symposium on Applied Computing, Honolulu, Hawaii (2009)","DOI":"10.1145\/1529282.1529476"},{"key":"11_CR9","unstructured":"TechNet, Microsoft (2002). Windows XP System Restore, \n \n http:\/\/technet.microsoft.com\/en-us\/library\/bb490854.aspx\n \n \n (2011)"},{"key":"11_CR10","unstructured":"Microsoft. Monitored File Name Extensions (2010), http:\/\/msdn.microsoft.com\/en-us\/library\/aa378870(v=vs.85).aspx (retrieved 2011)"},{"key":"11_CR11","unstructured":"Microsoft. Microsoft PE and COFF Specification (2011), \n \n http:\/\/msdn.microsoft.com\/en-us\/windows\/hardware\/gg463119.aspx\n \n \n (retrieved 2011)"},{"key":"11_CR12","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1007\/978-3-642-04155-6_6","volume":"306","author":"Y. Zhu","year":"2009","unstructured":"Zhu, Y., Gladyshev, P.: Temporal Analysis of Windows MRU registry Keys. Advances in Digital Forensics\u00a0306, 83\u201393 (2009)","journal-title":"Advances in Digital Forensics"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. Paper Presented at the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA (2002)","DOI":"10.1145\/586110.586140"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Ingols, K., Lippmann, R., Piwowarski, K.: Practical Attack Graph Generation for Network Defense. Paper Presented at the Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.39"},{"key":"11_CR15","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R.: Automated Generation and Analysis of Attack Graphs. Paper Presented at the IEEE Symposium on Security and Privacy, Los Alamitos, CA, USA (2002)"},{"key":"11_CR16","unstructured":"http:\/\/www.offensivecomputing.net\/"},{"key":"11_CR17","unstructured":"http:\/\/www.nepenthespharm.com\/"},{"key":"11_CR18","unstructured":"AccessData. Forensic Toolkit (2010), \n \n http:\/\/www.accessdata.com\/forensictoolkit.html\n \n \n (retrieved November 4, 2010)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-35515-8_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,8]],"date-time":"2019-05-08T20:40:59Z","timestamp":1557348059000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-35515-8_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642355141","9783642355158"],"references-count":18,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-35515-8_11","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2012]]}}}