{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,13]],"date-time":"2026-02-13T18:27:52Z","timestamp":1771007272344,"version":"3.50.1"},"reference-count":66,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2016,12,1]],"date-time":"2016-12-01T00:00:00Z","timestamp":1480550400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/OAPA.html"}],"funder":[{"name":"FLAMINGO","award":["318488"],"award-info":[{"award-number":["318488"]}]},{"DOI":"10.13039\/501100000780","name":"European Commission","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000780","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Systems Journal"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1109\/jsyst.2015.2389518","type":"journal-article","created":{"date-parts":[[2015,2,16]],"date-time":"2015-02-16T19:28:27Z","timestamp":1424114907000},"page":"1338-1349","source":"Crossref","is-referenced-by-count":13,"title":["Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis"],"prefix":"10.1109","volume":"10","author":[{"given":"Robert","family":"Koch","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mario","family":"Golling","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lars","family":"Stiemert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gabi Dreo","family":"Rodosek","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-79232-1_2"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2009.12.004"},{"key":"ref33","year":"0","journal-title":"MaxMind Geolocation Service"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2009.5062243"},{"key":"ref31","author":"thorvaldsen","year":"2006","journal-title":"Geographical location of internet hosts using a multi-agent system"},{"key":"ref30","author":"stiemert","year":"2013","journal-title":"Localisation and advanced evaluation of IP-addresses with focus on IPv6"},{"key":"ref37","first-page":"1","article-title":"Geocompare: A comparison of public and commercial geolocation databases","author":"huffaker","year":"0","journal-title":"Proc NMMC"},{"key":"ref36","author":"poese","year":"2011","journal-title":"IP Geolocation Databases Unreliable?"},{"key":"ref35","author":"shavitt","year":"2010","journal-title":"A Study of Geolocation Databases"},{"key":"ref34","year":"0","journal-title":"Quova's Geolocation Services"},{"key":"ref60","year":"0","journal-title":"Syrian Electronic Army We hijacked Facebook"},{"key":"ref62","year":"0","journal-title":"RIPE Network Coordination Centre (RIPE NCC)"},{"key":"ref61","year":"0","journal-title":"The Cooperative Association for Internet Data Analysis"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71617-4_26"},{"key":"ref28","first-page":"1","article-title":"HawkEyes: An advanced IP Geolocation approach: IP Geolocation using semantic and measurement based techniques","author":"dahnert","year":"0","journal-title":"Proc 2nd WCSEC"},{"key":"ref64","first-page":"1","article-title":"Towards multi-layered intrusion detection in high-speed backbone networks","author":"golling","year":"0","journal-title":"Proc 6th Int Conf CyCon"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2010.39"},{"key":"ref65","article-title":"Evaluation of state of the art IDS message exchange protocols","author":"koch","year":"0","journal-title":"Proc Int Conf CNSM"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2014.7014179"},{"key":"ref29","author":"eriksson","year":"2011","journal-title":"Posit An adaptive framework for lightweight IP geolocation"},{"key":"ref2","article-title":"Applying case-based reasoning to intrusion detection","author":"koch","year":"2014","journal-title":"Proc 9th Int Conf Cyber Warfare Secur"},{"key":"ref1","first-page":"1","article-title":"Attack trends in present computer networks","author":"koch","year":"0","journal-title":"Proc 4th Int Conf CYCON"},{"key":"ref20","first-page":"1","article-title":"Architecture for Evaluating and Correlating NIDS in Real-World networks","author":"koch","year":"0","journal-title":"Proc of the 5th Int Cyc Conf"},{"key":"ref22","year":"2014","journal-title":"Vulnerability Summary for CVE-2013-2251"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2010.032210.00054"},{"key":"ref24","first-page":"1","article-title":"Advanced geolocation of IP addresses","author":"koch","year":"0","journal-title":"Proc ICC"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2014.6852093"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5935165"},{"key":"ref25","first-page":"18","article-title":"Geolocation and verification of IP-addresses with specific focus on IPv6","volume":"10","author":"koch","year":"2014","journal-title":"J Commun Comput"},{"key":"ref50","year":"2013","journal-title":"IP2Geo Frequently Asked Questions How accurate is IP-Country-Region-City-ISP database?"},{"key":"ref51","first-page":"1","article-title":"Geolocalization on the Internet through constraint satisfaction","author":"wong","year":"0","journal-title":"Proc 3rd Conf USENIX Workshop Real Large Distrib Syst"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-03584-0_12"},{"key":"ref58","year":"0","journal-title":"Route Views Project"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/1330107.1330124"},{"key":"ref56","author":"srinivasan","year":"2003","journal-title":"Geography of the web—Design and analysis of algorithm"},{"key":"ref55","year":"0","journal-title":"IpInfoDB"},{"key":"ref54","year":"0","journal-title":"IP2Location"},{"key":"ref53","year":"0","journal-title":"My IP Address Lookup and GeoTargeting Community Geotarget IP Project"},{"key":"ref52","author":"zander","year":"2012","journal-title":"How accurate is IP geolocation based on IP allocation data?"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.02.003"},{"key":"ref11","article-title":"Towards smart network defense","author":"koch","year":"2014","journal-title":"Proc 9th Int Conf Cyber Warfare Secur"},{"key":"ref40","author":"moore","year":"2000","journal-title":"Where in the World Is netgeo caida org?"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/964723.383073"},{"key":"ref13","year":"2013","journal-title":"APT1—Exposing one of china's cyber espionage units"},{"key":"ref14","year":"0","journal-title":"Ether Type"},{"key":"ref15","first-page":"1","article-title":"Buying numbers: An empirical analysis of the IPv4 number market","author":"mueller","year":"0","journal-title":"Proc IConference"},{"key":"ref16","author":"lozano","year":"0","journal-title":"Resource Transfers and Gradual IPv4 Exhaustion"},{"key":"ref17","author":"muthili","year":"0","journal-title":"Transfer of IPv4 Addresses to Any Entity"},{"key":"ref18","year":"0","journal-title":"IPv4 Transfer Statistics"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2070562.2070574"},{"key":"ref4","author":"prosise","year":"2003","journal-title":"Incident Response and Computer Forensics"},{"key":"ref3","author":"ranum","year":"1998","journal-title":"Intrusion Detection Challenges and Myths"},{"key":"ref6","first-page":"1","article-title":"An examination of digital forensic models","volume":"1","author":"reith","year":"2002","journal-title":"Int l J Digital Evidence"},{"key":"ref5","first-page":"163","article-title":"Mapping process of digital forensic investigation framework","volume":"8","author":"selamat","year":"2008","journal-title":"Int J Comput Sci Netw Security"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.5120\/251-408"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2002.1067738"},{"key":"ref49","year":"0","journal-title":"Cooperative Association for Internet Data Analysis"},{"key":"ref9","first-page":"229","article-title":"Snort-lightweigh intrusion detection for networks","author":"roesch","year":"0","journal-title":"Proc 13th USENIX Conf Syst Admin"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1007\/11753810_27"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2004.08.013"},{"key":"ref48","first-page":"23","article-title":"Octant: A comprehensive framework for the geolocalization of Internet hosts","volume":"7","author":"wong","year":"0","journal-title":"Proc NSDI"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028828"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1876"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1034"},{"key":"ref44","first-page":"1","article-title":"SCAMPI—A scaleable monitoring platform for the Internet","author":"coppens","year":"0","journal-title":"Proc 2nd Int Workshop IPSN"},{"key":"ref43","first-page":"1","article-title":"Towards street-level client-independent IP geolocation","author":"wang","year":"0","journal-title":"Proc USENIX"}],"container-title":["IEEE Systems Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/4267003\/7752999\/07042787.pdf?arnumber=7042787","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,11]],"date-time":"2021-10-11T02:36:02Z","timestamp":1633919762000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7042787\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12]]},"references-count":66,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/jsyst.2015.2389518","relation":{},"ISSN":["1932-8184","1937-9234","2373-7816"],"issn-type":[{"value":"1932-8184","type":"print"},{"value":"1937-9234","type":"electronic"},{"value":"2373-7816","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,12]]}}}