{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:43:02Z","timestamp":1759092182450},"reference-count":37,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"6","license":[{"start":{"date-parts":[[2012,12,1]],"date-time":"2012-12-01T00:00:00Z","timestamp":1354320000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2012,12]]},"DOI":"10.1109\/tifs.2012.2210217","type":"journal-article","created":{"date-parts":[[2012,7,24]],"date-time":"2012-07-24T18:11:26Z","timestamp":1343153486000},"page":"1876-1889","source":"Crossref","is-referenced-by-count":10,"title":["Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches"],"prefix":"10.1109","volume":"7","author":[{"given":"Srinivas","family":"Krishnan","sequence":"first","affiliation":[]},{"given":"Kevin Z.","family":"Snow","sequence":"additional","affiliation":[]},{"given":"Fabian","family":"Monrose","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref33","year":"2008","journal-title":"MBR Rootkit A New Breed of Malware"},{"key":"ref32","year":"2009","journal-title":"National Software Reference Library"},{"key":"ref31","author":"tirumala","year":"2004","journal-title":"Iperf The TCP\/UDP Bandwidth Measurement Tool"},{"key":"ref30","first-page":"213","article-title":"Measurement and analysis of large-scale network file system workloads","author":"leung","year":"2008","journal-title":"Proc Usenix Annual Technical Conf"},{"key":"ref37","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1007\/978-3-540-70542-0_8","article-title":"On the limits of information flow techniques for malware analysis and containment","author":"cavallaro","year":"2008","journal-title":"Proc Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref36","first-page":"191","article-title":"A virtual machine introspection based architecture for intrusion detection","author":"garfinkel","year":"2003","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref35","first-page":"177","article-title":"Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware","author":"chen","year":"2008","journal-title":"Proc Dependable Systems and Networks"},{"key":"ref34","first-page":"1","article-title":"Compatibility is not transparency: VMM detection myths and realities","author":"garfinkel","year":"2007","journal-title":"Proc 11th Workshop Hot Topics in Operating Systems Usenix"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352603"},{"key":"ref11","first-page":"43","article-title":"Provenance-aware storage systems","author":"muniswamy-reddy","year":"2006","journal-title":"Proc Usenix Annual Technical Conf"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1713254.1713258"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/945461.945464"},{"key":"ref14","article-title":"Antfarm: Tracking processes in a virtual machine environment","author":"jones","year":"2006","journal-title":"Proc Ann Conf USENIX '06 Ann Technical Conf (ATEC '06)"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1168857.1168861"},{"key":"ref16","first-page":"128","article-title":"Stealthy malware detection through VMM-based “out-of-the-box” semantic view reconstruction","author":"jiang","year":"2007","journal-title":"Proc 14th ACM Conf Computer and Communications Security"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/945465.945467"},{"key":"ref18","article-title":"Enriching intrusion alerts through multi-host causality","author":"king","year":"2005","journal-title":"Proc Network and Distributed System Security Symp (NDSS '01)"},{"key":"ref19","first-page":"243","article-title":"Hypervisor support for identifying covertly executing binaries","author":"litty","year":"2008","journal-title":"Proc Usenix Security Symp"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519073"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/CMPCON.1979.729112"},{"key":"ref27","first-page":"378","article-title":"Defeating memory corruption attacks via pointer taintedness detection","author":"chen","year":"0","journal-title":"Proc IEEE Int Conf Dependable Systems and Networks (DSN 2005)"},{"key":"ref3","author":"farmer","year":"2006","journal-title":"Forensic Discovery"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368521"},{"key":"ref29","first-page":"89","article-title":"Venti: A new approach to archival data storage","author":"quinlan","year":"2002","journal-title":"Proc USENIX Conf File and Storage Technologies"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/HOTOS.2001.990073"},{"key":"ref8","first-page":"79","article-title":"ATP—Anti tampering program","author":"vincenzetti","year":"1993","journal-title":"Proc Usenix Security"},{"key":"ref7","first-page":"18","article-title":"The design and implementation of tripwire: A file system integrity checker","author":"kim","year":"1994","journal-title":"Proc 2nd ACM Conf Computer and Communications Security"},{"key":"ref2","first-page":"375","article-title":"An inquiry into the nature and causes of the wealth of internet miscreants","author":"franklin","year":"2007","journal-title":"Proc 14th ACM Conf Computer and Communications Security"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"ref1","article-title":"The ghost in the browser: Analysis of web-based malware","author":"provos","year":"2006","journal-title":"HotBots 07 -Proceedings-of-the-first-conference-on- First- Workshop- on- Hot- Topics- in- Understanding-Botnets"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.10.002"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866314"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1535\/itj.1003.01","article-title":"Intel virtualization technology: Hardware support for efficient processor virtualization","volume":"10","author":"neiger","year":"2006","journal-title":"Intel Technol J"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/945461.945462"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/10206\/6342844\/06248214.pdf?arnumber=6248214","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,10]],"date-time":"2021-10-10T23:51:44Z","timestamp":1633909904000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6248214\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,12]]},"references-count":37,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2012.2210217","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,12]]}}}