{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,28]],"date-time":"2025-06-28T09:40:04Z","timestamp":1751103604820,"version":"3.41.0"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"S3","license":[{"start":{"date-parts":[[2017,12,7]],"date-time":"2017-12-07T00:00:00Z","timestamp":1512604800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["61273118"],"award-info":[{"award-number":["61273118"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Guangdong Science and Technology Program of China","award":["2017A040405050"],"award-info":[{"award-number":["2017A040405050"]}]},{"name":"Guangzhou High-Tech Developmental Plan","award":["201604016041"],"award-info":[{"award-number":["201604016041"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2019,5]]},"DOI":"10.1007\/s10586-017-1468-1","type":"journal-article","created":{"date-parts":[[2017,12,7]],"date-time":"2017-12-07T12:56:05Z","timestamp":1512651365000},"page":"5675-5689","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Analysis of the structure of hive files and the implementation of pivotal operations for distributed computing environment"],"prefix":"10.1007","volume":"22","author":[{"given":"Qing","family":"Su","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yihao","family":"Tang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4701-1917","authenticated-orcid":false,"given":"Zhanyi","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kai","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianyi","family":"Cheng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,12,7]]},"reference":[{"key":"1468_CR1","unstructured":"Mbatha, M.P.: Windows registry forensic artifacts. University of Nairobi, School of Computing and Informatics, Shellbags for Computer Security. College of Biological and Physical Sciences (2016)"},{"issue":"6","key":"1468_CR2","first-page":"135","volume":"3","author":"R Kaur","year":"2017","unstructured":"Kaur, R., Chadha, R.: Comparative analysis of various file formats in HIVE. Int. J. Technol. Comput. 3(6), 135\u2013139 (2017)","journal-title":"Int. J. Technol. Comput."},{"issue":"2","key":"1468_CR3","doi-asserted-by":"publisher","first-page":"101","DOI":"10.14445\/22312803\/IJCTT-V17P120","volume":"17","author":"A Ramani","year":"2014","unstructured":"Ramani, A., Dewangan, S.K.: Digital forensic identification, collection, examination and decoding of windows registry keys for discovering user activities patterns. Int. J. Comput. Trends Technol. 17(2), 101\u2013111 (2014)","journal-title":"Int. J. Comput. Trends Technol."},{"issue":"17","key":"1468_CR4","first-page":"12","volume":"43","author":"C Ravi","year":"2012","unstructured":"Ravi, C., Manoharan, R.: Malware detection using windows API sequence and machine learning. Int. J. Comput. Appl. 43(17), 12\u201316 (2012)","journal-title":"Int. J. Comput. Appl."},{"key":"1468_CR5","volume-title":"Incident Response & Computer Forensics","author":"JT Luttgens","year":"2014","unstructured":"Luttgens, J.T., Pepe, M., Mandia, K.: Incident Response & Computer Forensics. McGraw-Hill Education Group, New York (2014)"},{"key":"1468_CR6","volume-title":"Windows Internals","author":"ME Russinovich","year":"2017","unstructured":"Russinovich, M.E., Solomom, D.A., Ionescu, A.: Windows Internals, 7th edn. Microsoft Press, Redmond (2017)","edition":"7"},{"key":"1468_CR7","unstructured":"Morgan, T.D.: The Windows NT Registry File Format. http:\/\/www.sentinelchicken.com\/research\/registry_format\/ (2010)"},{"key":"1468_CR8","doi-asserted-by":"publisher","first-page":"S26","DOI":"10.1016\/j.diin.2008.05.003","volume":"5","author":"B Dolan-Gavitt","year":"2008","unstructured":"Dolan-Gavitt, B.: Forensic analysis of the Windows registry in memory. Digit. Investig. 5, S26\u2013S32 (2008)","journal-title":"Digit. Investig."},{"issue":"1","key":"1468_CR9","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/s40012-012-0008-7","volume":"1","author":"S Raghavan","year":"2013","unstructured":"Raghavan, S.: Digital forensic research: current state of the art. CSI Trans. ICT 1(1), 91\u2013114 (2013)","journal-title":"CSI Trans. ICT"},{"key":"1468_CR10","volume-title":"Forensic Analysis of Unallocated Space in Windows Registry Hive Files","author":"Jolanta Thomassen","year":"2008","unstructured":"Thomassen, Jolanta: Forensic Analysis of Unallocated Space in Windows Registry Hive Files. The University of Liverpool, Liverpool (2008)"},{"key":"1468_CR11","first-page":"201","volume-title":"Communications in Computer and Information Science","author":"Harmeet Kaur Khanuja","year":"2014","unstructured":"Khanuja, H.K., Adane, D.S.: Forensic Analysis for Monitoring Database Transactions. In: Proceedings of International Symposium on Security in Computing and Communication. Springer, Berlin, pp. 201\u2013210 (2014)"},{"key":"1468_CR12","unstructured":"Khalidi Y.A., Smith, F.J. IV, Talluri, M.: Merging registry keys, U.S. Patent 8 245 035 B2. Aug 14 (2012)"},{"key":"1468_CR13","unstructured":"Russinovich, M.: Inside the registry. http:\/\/technet.microsoft.com\/en-us\/library\/cc750583.aspx (2017)"},{"issue":"2","key":"1468_CR14","first-page":"1045","volume":"5","author":"A Ramani","year":"2014","unstructured":"Ramani, A., Dewangan, S.K.: Auditing Windows 7 Registry Keys to track the traces left out in copying files from system to external USB Device. Int. J. Comput. Sci. Inf. Technol. 5(2), 1045\u20131052 (2014)","journal-title":"Int. J. Comput. Sci. Inf. Technol."},{"key":"1468_CR15","doi-asserted-by":"publisher","first-page":"94","DOI":"10.17781\/P002064","volume":"2","author":"DN Patil","year":"2016","unstructured":"Patil, D.N., Meshram, B.B.: RegForensicTool: evidence collection and analysis of windows registry. Int. J. Cyber Secur. Digit. Forensics 2, 94\u2013105 (2016)","journal-title":"Int. J. Cyber Secur. Digit. Forensics"},{"key":"1468_CR16","unstructured":"Microsoft: How to recover from a corrupted registry that prevents Windows XP from starting. https:\/\/support.microsoft.com\/en-us\/help\/307545\/how-to-recover-from-a-corrupted-registry-that-prevents-windows-xp-from . May 13 (2017)"},{"key":"1468_CR17","unstructured":"Mauzy Properties, LLC. Registry Tool. http:\/\/www.registrytool.com (2013)"},{"key":"1468_CR18","unstructured":"Rose City Software, Registry First Aid. http:\/\/www.snapfiles.com\/get\/regfirstaid.html (2013)"},{"key":"1468_CR19","unstructured":"Hover Inc. RegSeeker. http:\/\/www.snapfiles.com\/get\/regseeker.html . Sept 05 (2017)"},{"key":"1468_CR20","unstructured":"Nir Sofer, RegScanner. http:\/\/www.nirsoft.net\/utils\/regscanner.html . Aug 08 (2017)"},{"key":"1468_CR21","unstructured":"Net Security, Registry Decoder: Digital registry forensics. https:\/\/www.helpnetsecurity.com\/2011\/11\/03\/registry-decoder-digital-registry-forensics\/ . Nov 3 (2011)"},{"key":"1468_CR22","unstructured":"Pranshu Bajpai: Windows Registry Analysis with RegRipper\u2014A \u2018Hands-on\u2019 Case Study. http:\/\/resources.infosecinstitute.com\/windows-registry-analysis-regripper-hands-case-study-2\/ . Aug 25 (2014)"},{"key":"1468_CR23","unstructured":"James Macfarlane: Parse::Win32Registry\u2014Parse Windows Registry Files. http:\/\/search.cpan.org\/~jmacfarla\/Parse-Win32Registry-1.0\/lib\/Parse\/Win32Registry.pm (2012)"},{"key":"1468_CR24","unstructured":"ASSET InterTech, ECM-XDP3 Intel JTAG Debugger. https:\/\/www.asset-intertech.com\/products\/sourcepoint-intel-trace (2017)"},{"key":"1468_CR25","unstructured":"BreakPoint Software Inc. Hex Workshop. http:\/\/www.hexworkshop.com\/overview.html (2014)"},{"issue":"4","key":"1468_CR26","first-page":"5","volume":"5","author":"KA Alghafli","year":"2010","unstructured":"Alghafli, K.A., Jones, A., Martin, T.A.: Forensic analysis of the Windows 7 Registry. J. Digit. Forensics Secur. Law 5(4), 5\u201330 (2010)","journal-title":"J. Digit. Forensics Secur. Law"},{"key":"1468_CR27","doi-asserted-by":"crossref","unstructured":"Bose, R.P.J.C., Srinivasan, S.H.: mRegistry: a registry representation for fault diagnosis. In: Proceedings of International Conference on Intelligent Systems Design and Applications 2005. Isda \u201905. Proceedings of the IEEE, pp. 37\u201342 (2005)","DOI":"10.1109\/ISDA.2005.68"},{"issue":"Suppl. 1","key":"1468_CR28","doi-asserted-by":"publisher","first-page":"S33","DOI":"10.1016\/j.diin.2008.05.002","volume":"5","author":"TD Morgan","year":"2008","unstructured":"Morgan, T.D.: Recovering deleted data from the Windows registry. Digit. Investig. 5(Suppl. 1), S33\u2013S41 (2008)","journal-title":"Digit. Investig."},{"issue":"8","key":"1468_CR29","first-page":"282","volume":"5","author":"SM Tabarno","year":"2013","unstructured":"Tabarno, S.M., Sharma, A.K., Verma, N.: A futuristic digital forensic software framework for analyzing the registry of windows based systems. Softw. Eng. Technol. 5(8), 282\u2013286 (2013)","journal-title":"Softw. Eng. Technol."},{"key":"1468_CR30","unstructured":"ASSET InterTech: SourcePoint for Intel and AMD Processors. https:\/\/www.asset-intertech.com\/eresources\/software-debug (2017)"},{"key":"1468_CR31","first-page":"13","volume-title":"Advances on Broad-Band Wireless Computing, Communication and Applications","author":"Baojiang Cui","year":"2016","unstructured":"Cui, B., Wang, C., Dong, G., Ma, J.: A program behavior recognition algorithm based on assembly instruction sequence similarity. In: Proceedings of International Conference on Broadband and Wireless Computing, Communication and Applications, pp. 13\u201320 (2017)"},{"issue":"5","key":"1468_CR32","first-page":"327","volume":"30","author":"Q Zhou","year":"2015","unstructured":"Zhou, Q., Luo, J.: Artificial neural network based grid computing of E-government scheduling for emergency management. Comput. Syst. Sci. Eng. 30(5), 327\u2013335 (2015)","journal-title":"Comput. Syst. Sci. Eng."},{"issue":"3","key":"1468_CR33","doi-asserted-by":"publisher","first-page":"1275","DOI":"10.1007\/s10586-016-0580-y","volume":"19","author":"Qingyuan Zhou","year":"2016","unstructured":"Zhou, Q.: Research on heterogeneous data integration model of group enterprise based on cluster computing. Clust. Comput. 19, 1275 (2016). https:\/\/doi.org\/10.1007\/s10586-016-0580-y","journal-title":"Cluster Computing"},{"issue":"3","key":"1468_CR34","first-page":"4427","volume":"3","author":"T Roy","year":"2012","unstructured":"Roy, T., Jain, A.: Windows registry forensics: an imperative step in tracking data theft via USB devices. Int. J. Comput. Sci. Inf. Technol. 3(3), 4427\u20134433 (2012)","journal-title":"Int. J. Comput. Sci. Inf. Technol."}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-017-1468-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10586-017-1468-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-017-1468-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,28]],"date-time":"2025-06-28T09:08:10Z","timestamp":1751101690000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10586-017-1468-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,7]]},"references-count":34,"journal-issue":{"issue":"S3","published-print":{"date-parts":[[2019,5]]}},"alternative-id":["1468"],"URL":"https:\/\/doi.org\/10.1007\/s10586-017-1468-1","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"type":"print","value":"1386-7857"},{"type":"electronic","value":"1573-7543"}],"subject":[],"published":{"date-parts":[[2017,12,7]]},"assertion":[{"value":"22 October 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 November 2017","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 November 2017","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 December 2017","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}