{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T16:49:41Z","timestamp":1768409381050,"version":"3.49.0"},"reference-count":27,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2015,4,2]],"date-time":"2015-04-02T00:00:00Z","timestamp":1427932800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Telecommun Syst"],"published-print":{"date-parts":[[2015,10]]},"DOI":"10.1007\/s11235-015-0028-3","type":"journal-article","created":{"date-parts":[[2015,4,1]],"date-time":"2015-04-01T19:20:28Z","timestamp":1427916028000},"page":"261-273","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Network Forensic Evidence Generation and Verification Scheme (NFEGVS)"],"prefix":"10.1007","volume":"60","author":[{"given":"Hyungseok","family":"Kim","sequence":"first","affiliation":[]},{"given":"Eunjin","family":"Kim","sequence":"additional","affiliation":[]},{"given":"Seungmo","family":"Kang","sequence":"additional","affiliation":[]},{"given":"Huy Kang","family":"Kim","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,4,2]]},"reference":[{"issue":"1","key":"28_CR1","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1016\/j.diin.2003.12.002","volume":"1","author":"E Casey","year":"2004","unstructured":"Casey, E. (2004). Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Digital Investigation, 1(1), 28\u201343.","journal-title":"Digital Investigation"},{"issue":"1","key":"28_CR2","first-page":"14","volume":"1","author":"N Meghanathan","year":"2009","unstructured":"Meghanathan, N., Allam, S. R., & Moore, L. A. (2009). Tools and techniques for Network Forensics. International Journal of Network Security and its Applications, 1(1), 14\u201325.","journal-title":"International Journal of Network Security and its Applications"},{"key":"28_CR3","doi-asserted-by":"crossref","unstructured":"Kim, H. S., & Kim, H. K. (2011). Network forensic evidence acquisition (NFEA) with packet marking. In 2011 Ninth IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops (ISPAW) (pp. 388\u2013393).","DOI":"10.1109\/ISPAW.2011.27"},{"key":"28_CR4","unstructured":"MANDIANT Web Historian. http:\/\/www.mandiant.com\/products\/free_software\/web_historian ."},{"key":"28_CR5","unstructured":"Greeks, M. Index.dat Analyzer. http:\/\/majorgeeks.com\/Index.dat_Analyzer_d5259.html ."},{"key":"28_CR6","unstructured":"Visualware eMailTrackerPro. http:\/\/www.emailtrackerpro.com\/ ."},{"key":"28_CR7","unstructured":"TCPDUMP. http:\/\/www.tcpdump.org ."},{"key":"28_CR8","unstructured":"Wireshark. http:\/\/www.wireshark.org ."},{"issue":"4","key":"28_CR9","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1109\/LCOMM.2003.811200","volume":"7","author":"A Belenky","year":"2003","unstructured":"Belenky, A., & Ansari, N. (2003). IP traceback with deterministic packet marking. IEEE Communications Letters, 7(4), 162\u2013164.","journal-title":"IEEE Communications Letters"},{"issue":"5","key":"28_CR10","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1109\/MCOM.2005.1453433","volume":"43","author":"Z Gao","year":"2005","unstructured":"Gao, Z., & Ansari, N. (2005). Tracing cyber attacks from the practical perspective. IEEE Communications Magazine, 43(5), 123\u2013131.","journal-title":"IEEE Communications Magazine"},{"key":"28_CR11","unstructured":"Stone, R. (2000). CenterTrack: An IP overlay network for tracking DoS floods. In Proceedings of the Ninth USENIX Security Symposium."},{"key":"28_CR12","unstructured":"Bellovin, S. M., Leech, M., & Taylor, T. (2000). ICMP traceback messages. Internet draft: draft-bellovin-itrace-00.txt, Network Working Group."},{"key":"28_CR13","doi-asserted-by":"crossref","unstructured":"Snoeren, A. C. et al. (2001). Hash-based IP traceback. In Proceedings of the 2001 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications.","DOI":"10.1145\/383059.383060"},{"issue":"3","key":"28_CR14","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1109\/90.929847","volume":"9","author":"S Savage","year":"2001","unstructured":"Savage, S., et al. (2001). Network support for IP traceback. ACM\/IEEE Transactions on Networking, 9(3), 226\u2013237.","journal-title":"ACM\/IEEE Transactions on Networking"},{"key":"28_CR15","unstructured":"Song, D. X., & Perrig, A. (2001). Advanced and authenticated marking schemes for IP traceback. In Proceedings of IEEE INFOCOM."},{"issue":"4","key":"28_CR16","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1109\/TPDS.2008.132","volume":"20","author":"Y Xiang","year":"2009","unstructured":"Xiang, Y., Zhou, W., & Guo, M. (2009). Flexible deterministic packet marking: An ip traceback system to find the real source of attacks. IEEE Transactions on Parallel and Distributed Systems, 20(4), 567\u2013580.","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"key":"28_CR17","doi-asserted-by":"crossref","unstructured":"Tsirtsis, G. & Srisuresh. P. (2000). RFC 2766: Network address translation-protocol translation (NAT-PT).","DOI":"10.17487\/rfc2766"},{"issue":"1","key":"28_CR18","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1007\/s11235-006-9006-0","volume":"33","author":"W Chen","year":"2006","unstructured":"Chen, W., & Yeung, D. Y. (2006). Throttling spoofed SYN flooding traffic at the source. Telecommunication Systems, 33(1), 47\u201365.","journal-title":"Telecommunication Systems"},{"key":"28_CR19","doi-asserted-by":"crossref","unstructured":"Krawczyk, H., Bellare, M., & Canetti, R. (1997). RFC 2104: HMAC: Keyed-hashing for message authentication.","DOI":"10.17487\/rfc2104"},{"key":"28_CR20","volume-title":"TCP\/IP protocol suite","author":"BA Forouzan","year":"2002","unstructured":"Forouzan, B. A. (2002). TCP\/IP protocol suite. Boston: McGraw-Hill Inc."},{"key":"28_CR21","doi-asserted-by":"crossref","unstructured":"John, W., & Tafvelin, S. (2007). Analysis of internet backbone traffic and header anomalies observed. In Proceedings of Internet Measurement Conference, ACM.","DOI":"10.1145\/1298306.1298321"},{"key":"28_CR22","doi-asserted-by":"crossref","unstructured":"Postel, J. (1981). RFC 791: Internet protocol.","DOI":"10.17487\/rfc0791"},{"issue":"3","key":"28_CR23","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1007\/s11235-009-9213-6","volume":"43","author":"S Uhlig","year":"2010","unstructured":"Uhlig, S. (2010). On the complexity of Internet traffic dynamics on its topology. Telecommunication Systems, 43(3), 167\u2013180.","journal-title":"Telecommunication Systems"},{"issue":"1","key":"28_CR24","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1007\/s11235-008-9073-5","volume":"37","author":"C Zhang","year":"2008","unstructured":"Zhang, C., et al. (2008). Integrating heterogeneous network monitoring data. Telecommunication Systems, 37(1), 71\u201384.","journal-title":"Telecommunication Systems"},{"key":"28_CR25","unstructured":"netfilter libipq. http:\/\/www.netfilter.org\/projects\/index.html ."},{"key":"28_CR26","unstructured":"OpenSSL OpenSSL. http:\/\/www.openssl.org ."},{"key":"28_CR27","unstructured":"TCPDUMP libpcap. http:\/\/www.tcpdump.org ."}],"container-title":["Telecommunication Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11235-015-0028-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11235-015-0028-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11235-015-0028-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,22]],"date-time":"2019-08-22T19:20:18Z","timestamp":1566501618000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11235-015-0028-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,4,2]]},"references-count":27,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2015,10]]}},"alternative-id":["28"],"URL":"https:\/\/doi.org\/10.1007\/s11235-015-0028-3","relation":{},"ISSN":["1018-4864","1572-9451"],"issn-type":[{"value":"1018-4864","type":"print"},{"value":"1572-9451","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,4,2]]}}}