{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T13:25:27Z","timestamp":1730294727162,"version":"3.28.0"},"reference-count":26,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,11]]},"DOI":"10.1109\/sadfe.2013.6911539","type":"proceedings-article","created":{"date-parts":[[2014,9,30]],"date-time":"2014-09-30T20:39:23Z","timestamp":1412109563000},"page":"1-8","source":"Crossref","is-referenced-by-count":2,"title":["CAT Record (computer activity timeline record): A unified agent based approach for real time computer forensic evidence collection"],"prefix":"10.1109","author":[{"given":"Shadi","family":"Al Awawdeh","sequence":"first","affiliation":[]},{"given":"Ibrahim","family":"Baggili","sequence":"additional","affiliation":[]},{"given":"Andrew","family":"Marrington","sequence":"additional","affiliation":[]},{"given":"Farkhund","family":"Iqbal","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"19","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.003"},{"key":"17","article-title":"A computer forensic method for detecting timestamp forgery in ntfs","author":"cho","year":"2012","journal-title":"Computers & Security"},{"key":"18","article-title":"Formalising event time bounding in digital investigations","volume":"4","author":"gladyshev","year":"2005","journal-title":"International Journal of Digital Evidence"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.009"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2008.149"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.01.002"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.07.003"},{"journal-title":"Forensic corpora A challenge for forensic research","year":"2007","author":"garfinkel","key":"11"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.002"},{"journal-title":"FileSystemWatcher-Pure Chaos","year":"2010","author":"simmons","key":"21"},{"journal-title":"A Realtime Event Log Monitoring Tool","year":"2003","author":"merritt","key":"20"},{"journal-title":"Get Current Focussed Window","year":"2008","author":"morton","key":"22"},{"journal-title":"Detecting Usb Drive Removal in A C# Program","year":"2007","author":"dolinay","key":"23"},{"journal-title":"Access Explorer and Internet Explorer in C# to Find Web Pages and Directories","year":"2007","author":"wegerson","key":"24"},{"journal-title":"How to Capture System Events Using C#","year":"2009","author":"azzopardi","key":"25"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2002.1183880"},{"key":"3","first-page":"71","article-title":"Eventbased computer profiling for the forensic reconstruction of computer activity","author":"marrington","year":"2007","journal-title":"Proc of AusCERT Asia Pacific Information Technology Security Conference 2007 Refereed R&D Stream"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141346"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2009.06.008"},{"key":"1","article-title":"Defining digital forensic examination and analysis tools using abstraction layers","volume":"1","author":"carrier","year":"2003","journal-title":"International Journal of Digital Evidence"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.011"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.03.001"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.05.006"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.007"},{"key":"9","article-title":"Design and implementation of zeitline: A forensic timeline editor","author":"buchholz","year":"2005","journal-title":"Proc Digital Forensic Research Workshop"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.10.002"}],"event":{"name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","start":{"date-parts":[[2013,11,21]]},"location":"Hong Kong, Hong Kong","end":{"date-parts":[[2013,11,22]]}},"container-title":["2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6902669\/6911532\/06911539.pdf?arnumber=6911539","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,23]],"date-time":"2017-03-23T22:29:15Z","timestamp":1490308155000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6911539\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,11]]},"references-count":26,"URL":"https:\/\/doi.org\/10.1109\/sadfe.2013.6911539","relation":{},"subject":[],"published":{"date-parts":[[2013,11]]}}}