{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T07:19:07Z","timestamp":1730272747482,"version":"3.28.0"},"reference-count":27,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,7]]},"DOI":"10.1109\/iscc.2015.7405522","type":"proceedings-article","created":{"date-parts":[[2016,2,16]],"date-time":"2016-02-16T00:54:13Z","timestamp":1455584053000},"page":"237-244","source":"Crossref","is-referenced-by-count":7,"title":["Forensic analysis of windows user space applications through heap allocations"],"prefix":"10.1109","author":[{"given":"Michael","family":"Cohen","sequence":"first","affiliation":[]}],"member":"263","reference":[{"key":"ref10","article-title":"Windows 8 heap internals","author":"valasek","year":"2012","journal-title":"Black Hat USA"},{"key":"ref11","article-title":"Practical windows xp\/2003 heap exploitation","author":"mcdonald","year":"2009","journal-title":"Black Hat USA"},{"article-title":"Understanding the low fragmentation heap","year":"2010","author":"valasek","key":"ref12"},{"journal-title":"Identifying the unknown in user space memory","year":"2013","author":"white","key":"ref13"},{"journal-title":"Windows Internals","year":"2012","author":"russinovich","key":"ref14"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.12.002"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.10.001"},{"article-title":"Windows Virtual Address Translation and the Pagefile","year":"0","author":"cohen","key":"ref17"},{"volume":"3a","journal-title":"Intel 64 and IA-32 Architectures Developer's Manual Vol 3A","year":"2015","key":"ref18"},{"journal-title":"KnTToolswithKnTList","article-title":"KnTTools with KnTList","year":"0","key":"ref19"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.05.008"},{"year":"0","key":"ref27","article-title":"Issue 124:add plugin to dump dns resolver cache"},{"journal-title":"The Art of Memory Forensics Detecting Malware and Threats in Windows Linux and Mac Memory","year":"2014","author":"ligh","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2007.06.008"},{"journal-title":"Modern Operating Systems","year":"2009","author":"tanenbaum","key":"ref5"},{"article-title":"ptmalloc2 homepage","year":"0","author":"douglas","key":"ref8"},{"article-title":"A Memory Allocator","year":"0","author":"lea","key":"ref7"},{"year":"0","key":"ref2","article-title":"Volatility"},{"article-title":"TCMalloc: Thread-Caching Malloc","year":"0","author":"ghemawat","key":"ref9"},{"year":"0","key":"ref1","article-title":"Rekall memory forensic framework"},{"article-title":"The Sleuth Kit","year":"0","author":"carrier","key":"ref20"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.04.005"},{"key":"ref21","volume":"3","author":"carrier","year":"2005","journal-title":"File System Forensic Analysis"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2007.06.009"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2013.06.004"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.05.011"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02633-1_16"}],"event":{"name":"2015 20th IEEE Symposium on Computers and Communication (ISCC)","start":{"date-parts":[[2015,7,6]]},"location":"Larnaca","end":{"date-parts":[[2015,7,9]]}},"container-title":["2015 IEEE Symposium on Computers and Communication (ISCC)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7397314\/7405441\/07405522.pdf?arnumber=7405522","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,24]],"date-time":"2017-03-24T07:15:39Z","timestamp":1490339739000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7405522\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,7]]},"references-count":27,"URL":"https:\/\/doi.org\/10.1109\/iscc.2015.7405522","relation":{},"subject":[],"published":{"date-parts":[[2015,7]]}}}