{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T20:26:41Z","timestamp":1757622401880,"version":"3.44.0"},"publisher-location":"Cham","reference-count":16,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032006370"},{"type":"electronic","value":"9783032006356"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-00635-6_1","type":"book-chapter","created":{"date-parts":[[2025,8,8]],"date-time":"2025-08-08T13:36:10Z","timestamp":1754660170000},"page":"5-22","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Forensic Insights into Windows 11\u2019s Capability Access Manager Artifacts"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6207-6292","authenticated-orcid":false,"given":"Patricio","family":"Domingues","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4405-7696","authenticated-orcid":false,"given":"Miguel","family":"Frade","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6540-3164","authenticated-orcid":false,"given":"Miguel","family":"Negr\u00e3o","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,9]]},"reference":[{"key":"1_CR1","unstructured":"Baraniuk, C.: No end to Covid-19 webcam shortage, July 2020, https:\/\/www.bbc.com\/news\/technology-53506401, Accessed 02 Apr 2025"},{"key":"1_CR2","unstructured":"Brignoni, A.: GitHub - abrignoni\/WLEAPP: WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis (2023), https:\/\/github.com\/abrignoni\/WLEAPP, Accessed 26 Apr 2025"},{"key":"1_CR3","unstructured":"Brignoni, A.: Abrignoni (brigs) - github, Apr 2024, https:\/\/github.com\/abrignoni, Accessed 26 Apr 2025"},{"key":"1_CR4","unstructured":"CyberSundae-DFIR: CapabilityAccessManager.db - Deep Dive, Part 1 (Medium Post), November 2024, https:\/\/medium.com\/@cyber.sundae.dfir\/capabilityaccessmanager-db-deep-dive-part-1-ff49f69c58af, Accessed 11 Apr 2025"},{"issue":"1","key":"1_CR5","doi-asserted-by":"publisher","first-page":"88","DOI":"10.3390\/forensicsci2010007","volume":"2","author":"P Domingues","year":"2022","unstructured":"Domingues, P., Andrade, L., Frade, M.: A digital forensic view of Windows 10 notifications. Forensic Sci. 2(1), 88\u2013106 (2022)","journal-title":"Forensic Sci."},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"El-Metwaly, A.E.S., et al.: Remote access trojan (RAT) attack: a stealthy cyber threat posing severe security risks. In: 2024 International Telecommunications Conference (ITC-Egypt), pp.\u00a01\u20135 (2024)","DOI":"10.1109\/ITC-Egypt61547.2024.10620482"},{"key":"1_CR7","unstructured":"Eric, Z.: GitHub - EricZimmerman\/AmcacheParser: Parses amcache.hve files, but with a twist!, January 2025, https:\/\/github.com\/EricZimmerman\/AmcacheParser, Accessed 02 May 2025"},{"issue":"2","key":"1_CR8","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1111\/1556-4029.13875","volume":"64","author":"G Horsman","year":"2019","unstructured":"Horsman, G., Caithness, A., Katsavounidis, C.: A forensic exploration of the microsoft Windows 10 timeline. J. Forensic Sci. 64(2), 577\u2013586 (2019)","journal-title":"J. Forensic Sci."},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Jovanovi\u0107, L., Adamovi\u0107, S.: digital forensics artifacts of the microsoft photos application in Windows 10. In: Sinteza 2022 - International Scientific Conference on Information Technology and Data Related Research, pp. 427\u2013434 (2022)","DOI":"10.15308\/Sinteza-2022-427-434"},{"key":"1_CR10","doi-asserted-by":"publisher","unstructured":"Karwayun, R., Sharma, P., Sainger, M., Joshi, N., Manna, S.: Role of spyware in the intelligent digital age: a comparative analysis. In: 2024 4th International Conference on Advancement in Electronics & Communication Engineering (AECE), pp. 1058\u20131066 (2024). https:\/\/doi.org\/10.1109\/AECE62803.2024.10911775","DOI":"10.1109\/AECE62803.2024.10911775"},{"key":"1_CR11","unstructured":"Labs, A.C.: Windows search index: the forensic artifact you\u2019ve been searching for | Aon, https:\/\/www.aon.com\/cyber-solutions\/aon_cyber_labs\/windows-search-index-the-forensic-artifact-youve-been-searching-for\/, Accessed 04 May 2025"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Singh, B., Singh, U.: Leveraging the Windows amcache.hve file in forensic investigations. J. Digit. Forensics Secur. Law 11(4), 7 (2016)","DOI":"10.15394\/jdfsl.2016.1429"},{"key":"1_CR13","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1016\/j.cose.2018.01.006","volume":"74","author":"B Singh","year":"2018","unstructured":"Singh, B., Singh, U.: Program execution analysis in Windows: a study of data sources, their format and comparison of forensic capability. Comput. Secur. 74, 94\u2013114 (2018)","journal-title":"Comput. Secur."},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Spichiger, H., Adelstein, F.: Preserving meaning of evidence from evolving systems. Forensic Sci. Int. Digit. Invest. 52, 301867 (2025), DFRWS EU 2025 - Selected Papers from the 12th DFRWS Europe","DOI":"10.1016\/j.fsidi.2025.301867"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Tokarev, A., Tokareva, V.: Comparative analysis of Amcache trace formation mechanisms in Windows 10 and Windows 11. In: 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), pp. 289\u2013292 (2023)","DOI":"10.1109\/USBEREIT58508.2023.10158896"},{"key":"1_CR16","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1109\/ACCESS.2022.3232505","volume":"11","author":"MH Tsai","year":"2022","unstructured":"Tsai, M.H., Lin, C.C., He, Z.G., Yang, W.C., Lei, C.L.: PowerDP: de-obfuscating and profiling malicious PowerShell commands with multi-label classifiers. IEEE Access 11, 256\u2013270 (2022)","journal-title":"IEEE Access"}],"container-title":["Lecture Notes in Computer Science","Availability, Reliability and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-00635-6_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,8]],"date-time":"2025-09-08T19:39:11Z","timestamp":1757360351000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-00635-6_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032006370","9783032006356"],"references-count":16,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-00635-6_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"9 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that\u00a0are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ARES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Availability, Reliability and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Ghent","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Belgium","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ares-12025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2025.ares-conference.eu","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}