{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T07:02:28Z","timestamp":1725519748037},"reference-count":13,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,4]]},"DOI":"10.1109\/infcomw.2015.7179370","type":"proceedings-article","created":{"date-parts":[[2015,8,12]],"date-time":"2015-08-12T18:45:57Z","timestamp":1439405157000},"page":"115-120","source":"Crossref","is-referenced-by-count":0,"title":["Correlating processes for automatic memory evidence analysis"],"prefix":"10.1109","author":[{"given":"Xiao","family":"Fu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaojiang","family":"Du","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bin","family":"Luo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jin","family":"Shi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhitao","family":"Guan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuhua","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"journal-title":"Microsoft Windows Internals","year":"2009","author":"ionescu","key":"ref10"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2007.06.008"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2008.05.014"},{"journal-title":"Detective Automatically Identify and Analyze Malware Processes in Forensic Scenarios via Dynamic-Link Libraries","year":"2015","author":"duan","key":"ref13"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.010"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.109"},{"key":"ref6","first-page":"34","article-title":"Low down and dirty: anti-forensic rootkits","author":"bilby","year":"2006","journal-title":"Proceedings of Ruxcon"},{"key":"ref5","first-page":"104","article-title":"Pool Allocations as an Information Source in Windows Memory Forensics","author":"schuster","year":"2006","journal-title":"Proceedings of IT-incident management & IT-forensics(IMF&#x2018;2006)"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2008.05.003"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/IAS.2009.103"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.05.008"},{"journal-title":"Volatility maintained by Volatility Foundation","year":"2014","key":"ref1"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.05.007"}],"event":{"name":"IEEE INFOCOM 2015 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","start":{"date-parts":[[2015,4,26]]},"location":"Hong Kong, Hong Kong","end":{"date-parts":[[2015,5,1]]}},"container-title":["2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7170114\/7179273\/07179370.pdf?arnumber=7179370","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,25]],"date-time":"2017-03-25T01:55:37Z","timestamp":1490406937000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7179370\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,4]]},"references-count":13,"URL":"https:\/\/doi.org\/10.1109\/infcomw.2015.7179370","relation":{},"subject":[],"published":{"date-parts":[[2015,4]]}}}