{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T11:12:35Z","timestamp":1763809955396,"version":"3.37.3"},"reference-count":19,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2019,9,1]],"date-time":"2019-09-01T00:00:00Z","timestamp":1567296000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"funder":[{"DOI":"10.13039\/501100001871","name":"FCT","doi-asserted-by":"publisher","award":["PTDC\/EEI-SCR\/1741\/2014"],"award-info":[{"award-number":["PTDC\/EEI-SCR\/1741\/2014"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1016\/j.cose.2018.08.013","type":"journal-article","created":{"date-parts":[[2018,10,16]],"date-time":"2018-10-16T00:03:03Z","timestamp":1539648183000},"page":"484-497","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":8,"special_numbering":"C","title":["Forensic analysis of communication records of messaging applications from physical memory"],"prefix":"10.1016","volume":"86","author":[{"given":"Diogo","family":"Barradas","sequence":"first","affiliation":[]},{"given":"Tiago","family":"Brito","sequence":"additional","affiliation":[]},{"given":"David","family":"Duarte","sequence":"additional","affiliation":[]},{"given":"Nuno","family":"Santos","sequence":"additional","affiliation":[]},{"given":"Lu\u00eds","family":"Rodrigues","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2018.08.013_bib0001","series-title":"Proceedings of the international conference for internet technology and secured transactions","article-title":"Forensic artifacts of Facebook\u2019s instant messaging service","author":"Al Mutawa","year":"2011"},{"issue":"3","key":"10.1016\/j.cose.2018.08.013_bib0002","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1016\/j.diin.2014.04.003","article-title":"Forensic analysis of whatsapp messenger on android smartphones","volume":"11","author":"Anglano","year":"2014","journal-title":"Digital Investig"},{"key":"10.1016\/j.cose.2018.08.013_bib0003","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.diin.2017.09.002","article-title":"Forensic analysis of telegram messenger on android smartphones","volume":"23","author":"Anglano","year":"2017","journal-title":"Digital Investig"},{"key":"10.1016\/j.cose.2018.08.013_bib0004","unstructured":"Beebe N., Dietrich G. A new process model for text string searching; New York, NY: Springer New York. p. 179\u2013191. doi:10.1007\/978-0-387-73742-_12."},{"issue":"4","key":"10.1016\/j.cose.2018.08.013_bib0005","doi-asserted-by":"crossref","first-page":"732","DOI":"10.1016\/j.dss.2011.01.009","article-title":"Post-retrieval search hit clustering to improve information retrieval effectiveness: two digital forensics case studies","volume":"51","author":"Beebe","year":"2011","journal-title":"Decis Support Syst"},{"key":"10.1016\/j.cose.2018.08.013_bib0006","unstructured":"Charlie R. Multi-process architecture. https:\/\/blog.chromium.org\/2008\/09\/multi-process-architecture.html; 2008. Accessed: 2018-04-29."},{"issue":"5","key":"10.1016\/j.cose.2018.08.013_bib0007","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1145\/1506409.1506429","article-title":"Lest we remember: cold-boot attacks on encryption keys","volume":"52","author":"Halderman","year":"2009","journal-title":"Commun ACM"},{"key":"10.1016\/j.cose.2018.08.013_bib0008","unstructured":"Magnet F. The rise of mobile chat apps: recovering evidence from Kik messenger, WhatsApp & BBM. https:\/\/www.magnetforensics.com\/mobile-forensics\/the-rise-of-mobile-chat-apps-recovering-evidence-from-kik-messenger-whatsapp-bbm\/; 2014. Accessed: 2018-04-29."},{"key":"10.1016\/j.cose.2018.08.013_bib0009","unstructured":"Mozilla. Electrolysis - Mozilla Wiki. https:\/\/wiki.mozilla.org\/Electrolysis; 2015. Accessed: 2018-04-29."},{"key":"10.1016\/j.cose.2018.08.013_bib0010","series-title":"Proceedings of the international conference on applied cryptography and network security","first-page":"373","article-title":"Frost: Forensic recovery of scrambled telephones","author":"M\u00fcller","year":"2013"},{"key":"10.1016\/j.cose.2018.08.013_bib0011","series-title":"Proceedings of the IEEE symposium on computers and communications","first-page":"457","article-title":"You can run but you cannot hide from memory: extracting IM evidence of Android apps","author":"Nisioti","year":"2017"},{"issue":"1","key":"10.1016\/j.cose.2018.08.013_bib0012","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1186\/1687-417X-2013-6","article-title":"Do private and portable web browsers leave incriminating evidence?: A forensic analysis of residual artifacts from private and portable web browsing sessions","volume":"2013","author":"Ohana","year":"2013","journal-title":"EURASIP J Inf Secur"},{"issue":"1","key":"10.1016\/j.cose.2018.08.013_bib0013","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1007\/s40012-012-0008-7","article-title":"Digital forensic research: current state of the art","volume":"1","author":"Raghavan","year":"2013","journal-title":"CSI Trans ICT"},{"key":"10.1016\/j.cose.2018.08.013_bib0014","series-title":"Proceedings of the international conference on availability, reliability and security","first-page":"995","article-title":"Enhancement of forensic computing investigations through memory forensic techniques","author":"Simon","year":"2009"},{"key":"10.1016\/j.cose.2018.08.013_bib0015","series-title":"Proceedings of the international conference on availability, reliability, and security","first-page":"283","article-title":"Recovery of Skype application activity data from physical memory","author":"Simon","year":"2010"},{"issue":"1","key":"10.1016\/j.cose.2018.08.013_bib0016","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.diin.2011.06.002","article-title":"A survey of main memory acquisition and analysis techniques for the windows operating system","volume":"8","author":"V\u00f6mel","year":"2011","journal-title":"Digital Investig"},{"issue":"2","key":"10.1016\/j.cose.2018.08.013_bib0017","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1016\/j.diin.2012.04.005","article-title":"Correctness, atomicity, and integrity: defining criteria for forensically-sound memory acquisition","volume":"9","author":"V\u00f6mel","year":"2012","journal-title":"Digital Investig"},{"key":"10.1016\/j.cose.2018.08.013_bib0018","unstructured":"Wong K, Lai ACT, Yeung JCK, Lee WL, Chan PH. Facebook forensics. https:\/\/www.fbiic.gov\/public\/2011\/jul\/facebook_forensics-finalized.pdf; 2011. Valkyrie-X Security Research Group, Accessed: 2018-04-29."},{"issue":"3","key":"10.1016\/j.cose.2018.08.013_bib0019","doi-asserted-by":"crossref","first-page":"e0150300","DOI":"10.1371\/journal.pone.0150300","article-title":"Windows instant Messaging App forensics: Facebook and Skype as case studies","volume":"11","author":"Yang","year":"2016","journal-title":"PloS ONE"}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404818311313?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404818311313?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,12,10]],"date-time":"2019-12-10T04:26:06Z","timestamp":1575951966000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404818311313"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9]]},"references-count":19,"alternative-id":["S0167404818311313"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2018.08.013","relation":{},"ISSN":["0167-4048"],"issn-type":[{"type":"print","value":"0167-4048"}],"subject":[],"published":{"date-parts":[[2019,9]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Forensic analysis of communication records of messaging applications from physical memory","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2018.08.013","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2018 Elsevier Ltd. All rights reserved.","name":"copyright","label":"Copyright"}]}}