{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T20:21:34Z","timestamp":1725740494959},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642392559"},{"type":"electronic","value":"9783642392566"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39256-6_7","type":"book-chapter","created":{"date-parts":[[2013,7,10]],"date-time":"2013-07-10T10:30:36Z","timestamp":1373452236000},"page":"97-112","source":"Crossref","is-referenced-by-count":7,"title":["Hypervisor Event Logs as a Source of Consistent Virtual Machine Evidence for Forensic Cloud Investigations"],"prefix":"10.1007","author":[{"given":"Sean","family":"Thorpe","sequence":"first","affiliation":[]},{"given":"Indrajit","family":"Ray","sequence":"additional","affiliation":[]},{"given":"Tyrone","family":"Grandison","sequence":"additional","affiliation":[]},{"given":"Abbie","family":"Barbir","sequence":"additional","affiliation":[]},{"given":"Robert","family":"France","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"4","key":"7_CR1","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1016\/S0167-4048(03)00405-X","volume":"22","author":"M. Rodgers","year":"2003","unstructured":"Rodgers, M.: The role of criminal profiling in the computer forensics process. Computers & Security\u00a022(4), 292\u2013298 (2003)","journal-title":"Computers & Security"},{"key":"7_CR2","unstructured":"Rodgers, M., Goubalt\u2013Larrecq, J.: Log auditing through model checking. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia (June 2001)"},{"issue":"1","key":"7_CR3","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.diin.2004.01.002","volume":"1","author":"C. Boyd","year":"2004","unstructured":"Boyd, C., Forster, P.: Time and date issues in forensic computing a case study. Digital Investigation\u00a01(1), 18\u201323 (2004)","journal-title":"Digital Investigation"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Buchholz, F., Tjaden, B.: A brief study of time. In: Proceedings of the 7th Digital Forensics Workshop, Pittsburg, Pennsylvania, USA (August 2007)","DOI":"10.1016\/j.diin.2007.06.004"},{"issue":"1","key":"7_CR5","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1109\/2.84874","volume":"24","author":"C. Fidge","year":"1991","unstructured":"Fidge, C.: Logical time in distributed computing systems. Computer\u00a024(1), 28\u201333 (1991)","journal-title":"Computer"},{"issue":"2","key":"7_CR6","first-page":"1","volume":"4","author":"P. Gladyshev","year":"2005","unstructured":"Gladyshev, P., Patel, A.: Formalizing event time bounding in digital investigations. International Journal of Digital Evidence\u00a04(2), 1\u201314 (2005)","journal-title":"International Journal of Digital Evidence"},{"issue":"1","key":"7_CR7","doi-asserted-by":"publisher","first-page":"558","DOI":"10.1145\/359545.359563","volume":"21","author":"L. Lamport","year":"1978","unstructured":"Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Communications of the ACM\u00a021(1), 558\u2013565 (1978)","journal-title":"Communications of the ACM"},{"key":"7_CR8","unstructured":"Marrington, A., Mohay, G., Clark, A., Morarji, H.: Event-based computer profiling for the forensic reconstruction of computer activity. In: Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, Gold Coast, Australia (May 2007)"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Marrington, A., Mohay, G., Morarji, H., Clark, A.: A Model for Computer Profiling. In: Proceedings of the 5th International Workshop on Digital Forensics at the International Conference on Availability, Reliability and Security, Krakow, Poland (February 2010)","DOI":"10.1109\/ARES.2010.95"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Nolan, R., O\u2019Sullivan, C., Branson, J., Waits, C.: First responder\u2019s guide to computer forensics. Software Engineering Institute, Carnegie Mellon University, Pittsburg, USA (May 2005)","DOI":"10.21236\/ADA443483"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Schatz, B., Mohay, G., Clark, A.: A correlation method for establishing provenance of timestamps in digital evidence. In: Proceedings of the 6th Annual Digital Forensic Research Workshop, West Lafayette, Indiana, USA (August 2006)","DOI":"10.1016\/j.diin.2006.06.009"},{"issue":"1","key":"7_CR12","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-0-387-84927-0_7","volume":"285","author":"S.Y. Willassen","year":"2008","unstructured":"Willassen, S.Y.: Hypothesis-based investigation of digital timestamps. Advances in Digital Forensics IV\u00a0285(1), 75\u201386 (2008)","journal-title":"Advances in Digital Forensics IV"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Willassen, S.Y.: Timestamp evidence correlation by model based clock hypothesis testing. In: Proceedings of the 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia and Workshop, Adelaide, Australia (January 2008)","DOI":"10.4108\/e-forensics.2008.2637"},{"issue":"2","key":"7_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/jdcf.2009040101","volume":"1","author":"S.Y. Willassen","year":"2009","unstructured":"Willassen, S.Y.: A model based approach to timestamp evidence interpretation. International Journal of Digital Crime and Forensics\u00a01(2), 1\u201312 (2009)","journal-title":"International Journal of Digital Crime and Forensics"},{"issue":"5","key":"7_CR15","first-page":"398","volume":"6","author":"S. Thorpe","year":"2011","unstructured":"Thorpe, S., Ray, I., Grandison, T.: A Formal Temporal Log Model for the synchronized Virtual Machine Environment. Journal of Information Assurance and Security\u00a06(5), 398\u2013406 (2011)","journal-title":"Journal of Information Assurance and Security"},{"key":"7_CR16","unstructured":"Thorpe, S., Ray, I., Barbir, A., Grandison, T.: Towards a Formal Parameterized Context for a Cloud Computing Forensic Database. In: Proceedings of the 3rd Digital Forensics and Cybercrime Conference, Dublin, Ireland (October 2011)"},{"key":"7_CR17","unstructured":"Thorpe, S., Ray, I., Grandison, T.: Associative Mapping Techniques for the synchronized virtual machine environment. In: Proceedings of the 4th Computational Intelligence in Security for Information Systems Conference, Torremolinos, Spain (June 2011)"},{"key":"7_CR18","unstructured":"Thorpe, S., Ray, I., Grandison, T.: Enforcing Data Quality Rules for the synchronized virtual machine environment. In: Proceedings of the 4th Computational Intelligence in Security for Information Systems Conference, Torremolinos, Spain (June 2011)"},{"key":"7_CR19","unstructured":"Thorpe, S.: PhD Thesis - The Theory of a Cloud Computing Digital Investigation using the Hypervisor kernel logs, University of Technology Jamaica (February 2013)"},{"issue":"4","key":"7_CR20","first-page":"9","volume":"3","author":"S. Thorpe","year":"2012","unstructured":"Thorpe, S.: A Virtual Machine History Model Framework for a Data Cloud Investigation. Journal of Convergence\u00a03(4), 9\u201314 (2012)","journal-title":"Journal of Convergence"},{"key":"7_CR21","unstructured":"Srinivas, K., Snow, K., Monrose, F.: Trail of Bytes: Efficient support for Forensic Analysis. In: Proceedings of the ACM Conference on Communication Security, Chicago, Illinois, USA (October 2010)"},{"issue":"3","key":"7_CR22","doi-asserted-by":"publisher","first-page":"33","DOI":"10.4018\/jdcf.2012070103","volume":"4","author":"T. Gidwani","year":"2012","unstructured":"Gidwani, T., Argano, M., Yan, W., Issa, F.: A Comprehensive Survey of Event Analytics. International Journal of Digital Crime and Forensics\u00a04(3), 33\u201346 (2012)","journal-title":"International Journal of Digital Crime and Forensics"},{"key":"7_CR23","unstructured":"Thorpe, S., Ray, I., Grandison, T., Barbir, A.: A Model for Compiling Truthful Forensic Evidence from the Log Cloud Hypervisor Databases. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Work in Progress Session, Orlando, USA (December 2012)"},{"key":"7_CR24","unstructured":"Thorpe, S., Ray, I., Grandison, T., Barbir, A.: Log Audit Explanation Templates with Private Data Clouds. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC), Work in Progress Session, Orlando, USA (December 2012)"},{"issue":"1","key":"7_CR25","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1145\/1740390.1740412","volume":"44","author":"W. Pauw","year":"2010","unstructured":"Pauw, W., Heisig, S.: Visual and algorithmic tooling for system trace analysis: A case study. ACMSIGOPS Operating System Review\u00a044(1), 97\u2013102 (2010)","journal-title":"ACMSIGOPS Operating System Review"}],"container-title":["Lecture Notes in Computer Science","Data and Applications Security and Privacy XXVII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39256-6_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T17:59:21Z","timestamp":1557943161000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39256-6_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642392559","9783642392566"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39256-6_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}