{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T01:30:19Z","timestamp":1748914219272,"version":"3.28.0"},"reference-count":17,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2024,10,1]],"date-time":"2024-10-01T00:00:00Z","timestamp":1727740800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2024,10,1]],"date-time":"2024-10-01T00:00:00Z","timestamp":1727740800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2024,8,7]],"date-time":"2024-08-07T00:00:00Z","timestamp":1722988800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Forensic Science International: Digital Investigation"],"published-print":{"date-parts":[[2024,10]]},"DOI":"10.1016\/j.fsidi.2024.301807","type":"journal-article","created":{"date-parts":[[2024,10,18]],"date-time":"2024-10-18T19:06:58Z","timestamp":1729278418000},"page":"301807","update-policy":"http:\/\/dx.doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":2,"special_numbering":"S","title":["Mount SMB.pcap: Reconstructing file systems and file operations from network traffic"],"prefix":"10.1016","volume":"50","author":[{"given":"Jan-Niclas","family":"Hilgert","sequence":"first","affiliation":[]},{"given":"Axel","family":"Mahr","sequence":"additional","affiliation":[]},{"given":"Martin","family":"Lambertz","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.fsidi.2024.301807_bib1","series-title":"Proceedings of the USENIX Winter 1992 Technical Conference","first-page":"333","article-title":"Nfs tracing by passive network monitoring","author":"Blaze","year":"1992"},{"year":"2005","series-title":"File System Forensic Analysis","author":"Carrier","key":"10.1016\/j.fsidi.2024.301807_bib2"},{"key":"10.1016\/j.fsidi.2024.301807_bib3","article-title":"Using relational graphs for exploratory analysis of network traffic data","volume":"45","author":"Cermak","year":"2023","journal-title":"Forensic Sci. Int.: Digit. Invest."},{"key":"10.1016\/j.fsidi.2024.301807_bib4","series-title":"2015 World Congress on Internet Security (WorldCIS)","first-page":"164","article-title":"Transmitted file extraction and reconstruction from network packets","author":"Choi","year":"2015"},{"key":"10.1016\/j.fsidi.2024.301807_bib5","first-page":"177","article-title":"Interactive 3d visualization of network traffic in time for forensic analysis","author":"Clark","year":"2020","journal-title":"VISIGRAPP"},{"key":"10.1016\/j.fsidi.2024.301807_bib6","doi-asserted-by":"crossref","first-page":"2042","DOI":"10.1016\/j.asoc.2010.07.002","article-title":"Neural visualization of network traffic data for intrusion detection","volume":"11","author":"Corchado","year":"2011","journal-title":"Appl. Soft Comput."},{"year":"2024","series-title":"[ms-smb2]: Server Message Block (Smb) Protocol Versions 2 and 3","author":"Corporation","key":"10.1016\/j.fsidi.2024.301807_bib7"},{"key":"10.1016\/j.fsidi.2024.301807_bib8","series-title":"2013 Proceedings Ieee Infocom, IEEE","first-page":"809","article-title":"Networkprofiler: towards automatic fingerprinting of android apps","author":"Dai","year":"2013"},{"key":"10.1016\/j.fsidi.2024.301807_bib9","series-title":"Proceedings of the 17th Large Installation Systems Administration Conference","article-title":"New nfs tracing tools and techniques for system analysis","author":"Ellard","year":"2003"},{"key":"10.1016\/j.fsidi.2024.301807_bib10","doi-asserted-by":"crossref","first-page":"S1","DOI":"10.1016\/j.diin.2015.01.005","article-title":"Hviz: Http (s) traffic aggregation and visualization for network forensics","volume":"12","author":"Gugelmann","year":"2015","journal-title":"Digit. Invest."},{"key":"10.1016\/j.fsidi.2024.301807_bib11","series-title":"2018 IEEE International Conference on Big Data (Big Data)","first-page":"3059","article-title":"File toolkit for selective analysis & reconstruction (filetsar) for large-scale networks","author":"Hansen","year":"2018"},{"key":"10.1016\/j.fsidi.2024.301807_bib12","doi-asserted-by":"crossref","first-page":"S21","DOI":"10.1016\/j.diin.2018.04.020","article-title":"Forensic analysis of multiple device btrfs configurations using the sleuth kit","volume":"26","author":"Hilgert","year":"2018","journal-title":"Digit. Invest."},{"year":"2024","series-title":"pcapFS \u2013 Mounting Network Data","author":"Hilgert","key":"10.1016\/j.fsidi.2024.301807_bib13"},{"year":"2024","series-title":"SCF - SMB Command Fingerprinting","author":"Hilgert","key":"10.1016\/j.fsidi.2024.301807_bib14"},{"key":"10.1016\/j.fsidi.2024.301807_bib15","first-page":"435","article-title":"Forensic analysis of android phone using ext4 file system journal log","volume":"vol. 1","author":"Kim","year":"2012"},{"year":"1995","series-title":"Operating System and File System Monitoring: A Comparison of Passive Network Monitoring with Full Kernel Instrumentation Techniques. Ph.D. Thesis","author":"Moore","key":"10.1016\/j.fsidi.2024.301807_bib16"},{"key":"10.1016\/j.fsidi.2024.301807_bib17","series-title":"2016 IEEE European Symposium on Security and Privacy (EuroS&P)","first-page":"439","article-title":"Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic","author":"Taylor","year":"2016"}],"container-title":["Forensic Science International: Digital Investigation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2666281724001318?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2666281724001318?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2024,10,21]],"date-time":"2024-10-21T15:27:00Z","timestamp":1729524420000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2666281724001318"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10]]},"references-count":17,"alternative-id":["S2666281724001318"],"URL":"https:\/\/doi.org\/10.1016\/j.fsidi.2024.301807","relation":{},"ISSN":["2666-2817"],"issn-type":[{"type":"print","value":"2666-2817"}],"subject":[],"published":{"date-parts":[[2024,10]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Mount SMB.pcap: Reconstructing file systems and file operations from network traffic","name":"articletitle","label":"Article Title"},{"value":"Forensic Science International: Digital Investigation","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.fsidi.2024.301807","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2024 The Author(s). Published by Elsevier Ltd on behalf of DFRWS.","name":"copyright","label":"Copyright"}],"article-number":"301807"}}