{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T23:32:26Z","timestamp":1777764746175,"version":"3.51.4"},"reference-count":352,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100011929","name":"Programa Operacional Tem?tico Factores de Competitividade","doi-asserted-by":"publisher","award":["POCI-01-0247-FEDER-047226"],"award-info":[{"award-number":["POCI-01-0247-FEDER-047226"]}],"id":[{"id":"10.13039\/501100011929","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001871","name":"Funda??o para a Ci?ncia e a Tecnologia","doi-asserted-by":"publisher","award":["CISUC UID\/CEC\/00326\/2020"],"award-info":[{"award-number":["CISUC UID\/CEC\/00326\/2020"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001871","name":"Funda??o para a Ci?ncia e a Tecnologia","doi-asserted-by":"publisher","award":["UIDB\/05583\/2020"],"award-info":[{"award-number":["UIDB\/05583\/2020"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2023.3348552","type":"journal-article","created":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T19:51:03Z","timestamp":1704138663000},"page":"2409-2444","source":"Crossref","is-referenced-by-count":30,"title":["A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7380-9511","authenticated-orcid":false,"given":"Jo\u00e3o","family":"Henriques","sequence":"first","affiliation":[{"name":"Department of Informatics Engineering, Centre for Informatics and Systems of the University of Coimbra, University of Coimbra, Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7558-2330","authenticated-orcid":false,"given":"Filipe","family":"Caldeira","sequence":"additional","affiliation":[{"name":"CISeD&#x2014;Research Centre in Digital Services, Polytechnic Institute of Viseu, Viseu, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9278-6503","authenticated-orcid":false,"given":"Tiago","family":"Cruz","sequence":"additional","affiliation":[{"name":"Department of Informatics Engineering, Centre for Informatics and Systems of the University of Coimbra, University of Coimbra, Coimbra, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5079-8327","authenticated-orcid":false,"given":"Paulo","family":"Sim\u00f5es","sequence":"additional","affiliation":[{"name":"Department of Informatics Engineering, Centre for Informatics and Systems of the University of Coimbra, University of Coimbra, Coimbra, Portugal"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2021.100361"},{"issue":"4","key":"ref2","first-page":"27","article-title":"Improving cyber-security awareness on industrial control systems: The CockpitCI approach","volume":"13","author":"Cruz","year":"2015","journal-title":"J. Inf. Warfare"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.01.033"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2018.2824252"},{"key":"ref5","volume-title":"IBM Managed Security Services\u2014United States","year":"2017"},{"key":"ref6","volume-title":"Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet","author":"Casey","year":"2011"},{"key":"ref7","volume-title":"5th Annual Edition of Cyber Defense Magazine\u20142017 Predictions","author":"Martin","year":"2017"},{"key":"ref8","volume-title":"Biden Signs an Executive Order Aimed at Protecting Critical American Infrastructure From Cyberattacks","year":"2021"},{"key":"ref9","volume-title":"SIBM Security Intelligence With Big Data","year":"2016"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2015.7363952"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1002\/widm.1134"},{"key":"ref12","volume-title":"The Threat Hunter\u2019s Handbook: Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment White Paper","year":"2020"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2012.325"},{"key":"ref14","volume-title":"Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security","author":"Stouffer","year":"2006"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2906926"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.2172\/944209"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2015.5"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.10.016"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2015.11.016"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.06.007"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2004.1265566"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2013.42011"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-53r5"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-171r2"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.6028\/nist.cswp.6"},{"key":"ref26","volume-title":"Hitrust CSF Framework","year":"2021"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-53r5"},{"key":"ref28","volume-title":"Information Technology\u2014Security Techniques\u2014Information Security Management Systems\u2014Overview and Vocabulary","year":"2018"},{"key":"ref29","volume-title":"Information Technology\u2014Security Techniques\u2014Information Security Management\u2014Monitoring, Measurement, Analysis and Evaluation","year":"2016"},{"key":"ref30","volume-title":"Information Technology\u2014Security Techniques\u2014Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence","year":"2012"},{"key":"ref31","volume-title":"Information Technology\u2014Security Techniques\u2014Specification for Digital Redaction","year":"2014"},{"key":"ref32","volume-title":"Information Technology\u2014Security Techniques\u2014Guidelines for the Analysis and Interpretation of Digital Evidence","year":"2015"},{"key":"ref33","volume-title":"Information Technology\u2014Electronic Discovery\u2014Part 1: Overview and Concepts","year":"2019"},{"key":"ref34","volume-title":"Information Technology\u2014Security Techniques\u2014Guidance on Assuring Suitability and Adequacy of Incident Investigative Method","year":"2015"},{"key":"ref35","volume-title":"Information Technology\u2014Security Techniques\u2014Incident Investigation Principles and Processes","year":"2015"},{"key":"ref36","volume-title":"Information Technology\u2014Security Techniques\u2014Requirements for Bodies Providing Audit and Certification of Information Security Management Systems","year":"2015"},{"key":"ref37","volume-title":"Information Technology\u2014Security Techniques\u2014Guidelines for the Assessment of Information Security Controls","year":"2019"},{"key":"ref38","volume-title":"Forensic Sciences\u2014Part 1: Terms and Definitions","year":"2018"},{"key":"ref39","volume-title":"Forensic Sciences\u2014Part 2: Recognition, Recording, Collecting, Transport and Storage of Items","year":"2018"},{"key":"ref40","volume-title":"Information Technology\u2014Governance of Digital Forensic Risk Framework","year":"2015"},{"key":"ref41","volume-title":"ASTM Standards and Publications","year":"2016"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1002\/9781119197119"},{"key":"ref43","volume-title":"Guide to Intrusion Detection and Prevention Systems (IDPS) SP 800\u201394","year":"2017"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/MSPEC.2013.6471059"},{"key":"ref45","volume-title":"Cyber-Attack Against Ukrainian Critical Infrastructure","year":"2016"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14236\/ewic\/ICS2016.7"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.12785\/ijcds\/110186"},{"key":"ref48","first-page":"1","article-title":"An introduction to intrusion-detection systems","volume-title":"Proc. CONNECT","author":"Debar"},{"key":"ref49","volume-title":"Internet Security Dictionary","author":"Phoha","year":"2007"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-94"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ICIMP.2008.13"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2016.2599841"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2015.7140399"},{"key":"ref54","volume-title":"Principles of Information Security","author":"Whitman","year":"2011"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.3390\/s21144759"},{"key":"ref56","volume-title":"Magic Quadrant for Security Information and Event Management","year":"2021"},{"key":"ref57","volume-title":"Security Information and Event Management (SIEM)","author":"Gillis","year":"2017"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/218521"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593243"},{"key":"ref60","volume-title":"Magic Quadrant for Endpoint Protection Platforms","year":"2021"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00096"},{"key":"ref62","volume-title":"Securonix Security Analytics Platform","year":"2016"},{"key":"ref63","volume-title":"RSA Security Analytics","year":"2016"},{"key":"ref64","volume-title":"Logrhythm Security Analytics","year":"2016"},{"key":"ref65","volume-title":"Pravail Security Analytics","year":"2016"},{"key":"ref66","volume-title":"AlienVault: A Integrated Solution With Real-Time Threat Intelligence","year":"2016"},{"key":"ref67","volume-title":"OpenSOC: Big Data Security Analytics Framework","year":"2016"},{"key":"ref68","volume-title":"Apache Metron: Real-Time Big Data Security","year":"2016"},{"key":"ref69","volume-title":"Hadoop Action","author":"Lam","year":"2010"},{"key":"ref70","volume-title":"Kibana: Explore and Visualize Your Data","year":"2016"},{"key":"ref71","volume-title":"Elasticsearch: Search and Analyze Data in Real Time","year":"2016"},{"key":"ref72","volume-title":"Security Thought Leadership White Paper","year":"2016"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.3390\/jcp1020020"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2015.99"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1109\/PERVASIVE.2015.7087206"},{"key":"ref76","volume-title":"Guide to Integrating Forensics Techniques Into Incident Response","year":"2017"},{"key":"ref77","first-page":"2015","article-title":"Defending against the dragonfly cyber security attacks","volume":"11","author":"Langill","year":"2014","journal-title":"Retrieved"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48800-3_24"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2005.849714"},{"key":"ref80","first-page":"305","article-title":"Collaborative security assessments in embedded systems development","volume-title":"Proc. Int. Conf. Secur. Cryptogr.","author":"K\u00f6ster"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1253573"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.5815\/ijcnis.2012.04.05"},{"key":"ref83","first-page":"1723","article-title":"Dependence-preserving data compaction for scalable forensic analysis","volume-title":"Proc. 27th USENIX Secur. Symp.","author":"Hossain"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3048246"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052640"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1109\/SSDM.2004.1311219"},{"key":"ref87","first-page":"43","article-title":"Provenance-aware storage systems","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Muniswamy-Reddy"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35170-9_6"},{"key":"ref89","article-title":"Story book: An efficient extensible provenance framework","volume-title":"Proc. Workshop Theory Pract. Provenance","author":"Spillane"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.06.003"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24270"},{"key":"ref92","first-page":"1111","article-title":"MPI: Multiple perspective attack investigation with semantic aware execution partitioning","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Ma"},{"key":"ref93","first-page":"319","article-title":"Trustworthy whole-system provenance for the Linux kernel","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Bates"},{"key":"ref94","first-page":"487","article-title":"SLEUTH: Real-time attack scenario reconstruction from COTS audit data","volume-title":"Proc. 26th USENIX Secur. Symp.","author":"Hossain"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243776"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516731"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23141"},{"key":"ref98","first-page":"241","article-title":"Kernel-supported cost-effective audit logging for causality tracking","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Ma"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243763"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23254"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978378"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23349"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24046"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24167"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2019.2913693"},{"issue":"1","key":"ref106","first-page":"1","article-title":"Improving chain of custody in forensic investigation of electronic digital systems","volume":"11","author":"Giova","year":"2011","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"key":"ref107","volume-title":"Computer Forensics: Computer Crime Scene Investigation","author":"Vacca","year":"2005"},{"key":"ref108","volume-title":"Fundamentals of Forensic Science","author":"Houck","year":"2009"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.5120\/19971-1856"},{"key":"ref110","first-page":"435","article-title":"A framework to (im)prove \u2018chain of custody\u2019 in digital investigation process","volume-title":"Proc. Central Eur. Conf. Inf. Intell. Syst.","author":"Cosic"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1002\/9781118851678"},{"key":"ref112","volume-title":"What is Forensic Computing?","author":"McKemmish","year":"1999"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2176117"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1145\/1081870.1081916"},{"key":"ref115","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2012.9"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1321"},{"key":"ref117","volume-title":"An analysis of disc carving techniques,","author":"Mikus","year":"2005"},{"key":"ref118","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.931081"},{"key":"ref119","doi-asserted-by":"publisher","DOI":"10.14722\/sent.2014.23002"},{"key":"ref120","doi-asserted-by":"publisher","DOI":"10.13052\/jcsm2245-1439.522"},{"key":"ref121","volume-title":"Worldwide Infrastructure Security Report","author":"McPherson","year":"2010"},{"key":"ref122","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3154059"},{"key":"ref123","article-title":"Digital evidence","volume-title":"Digital Investigations and E-Disclosure: A Guide to Forensic Readiness for Organizations, Security Advisers and Lawyers, The Information Assurance Advisory Council (IAAC)","author":"Sommer","year":"2012"},{"key":"ref124","first-page":"1556","volume-title":"ACPO good practice guide for digital evidence","author":"Williams","year":"2012"},{"key":"ref125","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.03.007"},{"key":"ref126","doi-asserted-by":"publisher","DOI":"10.15394\/jdfsl.2019.1606"},{"key":"ref127","doi-asserted-by":"publisher","DOI":"10.1109\/ICGS3.2019.8688297"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2017.4251102"},{"key":"ref129","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-36891-4_22"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1504\/IJSN.2008.017222"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-75462-8_9"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.1109\/TSUSC.2017.2782737"},{"key":"ref133","volume-title":"SCADA Forensics With Snort IDS","author":"Valli","year":"2009"},{"key":"ref134","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataCongress.2015.125"},{"key":"ref135","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.09.002"},{"key":"ref136","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2016.04.008"},{"key":"ref137","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2018.01.006"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1145\/3539605"},{"key":"ref139","first-page":"3005","article-title":"ATLAS: A sequence-based learning approach for attack investigation","volume-title":"Proc. USENIX Secur. Symp.","author":"Alsaheel"},{"key":"ref140","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23306"},{"key":"ref141","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23350"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2009.06.013"},{"key":"ref143","article-title":"Breaking the performance wall: The case for distributed digital forensics","volume-title":"Proc. Digit. Forensics Res. Workshop","volume":"94","author":"Roussev"},{"key":"ref144","doi-asserted-by":"publisher","DOI":"10.1109\/BigData50022.2020.9378035"},{"key":"ref145","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.005"},{"key":"ref146","doi-asserted-by":"publisher","DOI":"10.1016\/j.adhoc.2019.102061"},{"key":"ref147","doi-asserted-by":"publisher","DOI":"10.15394\/jdfsl.2014.1190"},{"key":"ref148","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom.2011.79"},{"key":"ref149","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2014.69"},{"key":"ref150","volume-title":"NIST Cloud Computing Forensic Science Challenges","year":"2014"},{"key":"ref151","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.87"},{"issue":"1","key":"ref152","first-page":"19","article-title":"Feasibility of digital forensic examination and analysis of a cloud based storage snapshot","volume":"15","author":"Almulla","year":"2017","journal-title":"J. Digit. Inf. Manage."},{"key":"ref153","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24212-0_3"},{"key":"ref154","doi-asserted-by":"publisher","DOI":"10.1108\/09685221111115836"},{"key":"ref155","doi-asserted-by":"publisher","DOI":"10.1109\/CSNT.2015.180"},{"key":"ref156","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2020.301021"},{"key":"ref157","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484342"},{"key":"ref158","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2482484"},{"key":"ref159","doi-asserted-by":"publisher","DOI":"10.1145\/3361216"},{"key":"ref160","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39891-9_1"},{"key":"ref161","doi-asserted-by":"publisher","DOI":"10.1109\/IMF.2011.19"},{"key":"ref162","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2016.2525984"},{"issue":"1","key":"ref163","first-page":"80","article-title":"Logging system for cloud computing forensic environments","volume":"16","author":"Patrascu","year":"2014","journal-title":"J. Control Eng. Appl. Informat."},{"key":"ref164","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2015.7225260"},{"key":"ref165","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-56223-6_10"},{"key":"ref166","first-page":"464","article-title":"Cloud forensics: Evidence collection and preliminary analysis","volume-title":"Proc. IEEE Int. Advance Comput. Conf. (IACC)","author":"S"},{"key":"ref167","doi-asserted-by":"publisher","DOI":"10.1109\/TELFOR.2013.6716386"},{"key":"ref168","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2016.07.019"},{"key":"ref169","doi-asserted-by":"publisher","DOI":"10.1109\/CIS.2014.72"},{"key":"ref170","doi-asserted-by":"publisher","DOI":"10.1109\/ICMA.2014.6885969"},{"key":"ref171","article-title":"Scalable microservice forensics and stability assessment using variational autoencoders","author":"Sharma","year":"2021","journal-title":"arXiv preprint arXiv:2104.13193"},{"key":"ref172","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2017.06.008"},{"key":"ref173","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCI.2014.6968451"},{"key":"ref174","volume-title":"Cloud forensic framework for IaaS with support for volatile memory,","author":"Banas","year":"2015"},{"key":"ref175","volume-title":"NIST Cloud Computing Forensic Science Challenges","year":"2016"},{"key":"ref176","doi-asserted-by":"publisher","DOI":"10.1109\/CCGRID.2017.8"},{"key":"ref177","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.03.001"},{"key":"ref178","doi-asserted-by":"publisher","DOI":"10.1007\/s11831-021-09575-w"},{"key":"ref179","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31884-9"},{"key":"ref180","volume-title":"General Data Protection Regulation\u2014Regulation (EU) 2016\/679 of the European Parliament and of the Council","year":"2016"},{"issue":"4","key":"ref181","first-page":"311","article-title":"A survey on privacy issues in digital forensics","volume":"1","author":"Aminnezhad","year":"2012","journal-title":"Int. J. Cyber-Secur. Digital Forensics"},{"key":"ref182","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2014.6890932"},{"key":"ref183","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41148-9_2"},{"key":"ref184","doi-asserted-by":"publisher","DOI":"10.1109\/SADFE.2011.15"},{"key":"ref185","doi-asserted-by":"publisher","DOI":"10.1109\/MINES.2011.90"},{"key":"ref186","doi-asserted-by":"publisher","DOI":"10.1109\/IIHMSP.2011.28"},{"key":"ref187","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.011"},{"key":"ref188","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.01.002"},{"key":"ref189","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2016.5"},{"key":"ref190","first-page":"588","article-title":"State of the art in digital forensics for the Internet of Things","volume-title":"Proc. Int. Conf. Cyber Warfare Secur.","author":"Kruger"},{"key":"ref191","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-73697-6_9"},{"key":"ref192","volume-title":"CESG Good Practice Guide","year":"2009"},{"key":"ref193","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301315"},{"key":"ref194","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2017.68"},{"key":"ref195","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.05.081"},{"key":"ref196","doi-asserted-by":"publisher","DOI":"10.1145\/3465481.3470052"},{"key":"ref197","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.04.003"},{"key":"ref198","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-14289-0_16"},{"key":"ref199","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2013.6699003"},{"key":"ref200","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.2.3.1-11"},{"key":"ref201","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15506-2_8"},{"key":"ref202","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102237"},{"key":"ref203","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2014.11645708"},{"key":"ref204","first-page":"117","article-title":"Digital forensic readiness in critical infrastructures: A case of substation automation in the power sector","volume-title":"Proc. Int. Conf. Digital Forensics Cyber Crime","author":"Iqbal"},{"key":"ref205","doi-asserted-by":"publisher","DOI":"10.1186\/s13677-019-0133-z"},{"key":"ref206","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2005.07.001"},{"key":"ref207","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.003"},{"key":"ref208","article-title":"Data sharing and the digital evidence markup language","volume-title":"Proc. 1st Annu. GJXDM Users Conf.","author":"Eaglin"},{"key":"ref209","doi-asserted-by":"publisher","DOI":"10.1109\/ISA.2008.109"},{"key":"ref210","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2009.06.011"},{"key":"ref211","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.11.002"},{"key":"ref212","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.01.014"},{"key":"ref213","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.016"},{"key":"ref214","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2012.10.001"},{"key":"ref215","volume-title":"Digital evidence: Representation and assurance,","author":"Schatz","year":"2007"},{"key":"ref216","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2009.06.010"},{"key":"ref217","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2013.03.003"},{"key":"ref218","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2009.120"},{"key":"ref219","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2010.74"},{"key":"ref220","doi-asserted-by":"publisher","DOI":"10.1111\/1556-4029.13431"},{"key":"ref221","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1538"},{"key":"ref222","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2016.7739577"},{"key":"ref223","doi-asserted-by":"publisher","DOI":"10.1016\/j.simpa.2021.100068"},{"key":"ref224","volume-title":"Grafana 3.1.0 Released","year":"2016"},{"key":"ref225","volume-title":"SOF-ELK Virtual Machine Distribution","year":"2019"},{"key":"ref226","volume-title":"Plaso","year":"2019"},{"key":"ref227","article-title":"Advancing automation in digital forensic investigations","author":"Homem","year":"2018"},{"key":"ref228","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijcip.2014.12.002"},{"key":"ref229","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2007.48"},{"key":"ref230","doi-asserted-by":"publisher","DOI":"10.1145\/1113034.1113070"},{"issue":"21","key":"ref231","first-page":"253","article-title":"SCADA live forensics: Real time data acquisition process to detect, prevent or evaluate critical situations","volume":"9","author":"Taveras","year":"2013","journal-title":"Eur. Sci. J."},{"key":"ref232","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2009.5347134"},{"key":"ref233","article-title":"NIST SP800-82 R3 (draft) guide to operational technology (OT) security","author":"Stouffer","year":"2022"},{"key":"ref234","article-title":"Towards a definition of the Internet of Things (IoT)","volume-title":"Proc. IEEE Internet Initiative","author":"Minerva"},{"key":"ref235","doi-asserted-by":"publisher","DOI":"10.1145\/2335484.2335498"},{"key":"ref236","doi-asserted-by":"publisher","DOI":"10.1109\/SSIC.2015.7245330"},{"key":"ref237","doi-asserted-by":"publisher","DOI":"10.1016\/j.cirp.2016.06.005"},{"key":"ref238","doi-asserted-by":"publisher","DOI":"10.1145\/2979677"},{"key":"ref239","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2019.2962586"},{"key":"ref240","volume-title":"Common Position On Cybersecurity","year":"2016"},{"key":"ref241","doi-asserted-by":"publisher","DOI":"10.3390\/su13063196"},{"key":"ref242","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.09.058"},{"key":"ref243","doi-asserted-by":"publisher","DOI":"10.1016\/j.micpro.2020.103201"},{"key":"ref244","doi-asserted-by":"publisher","DOI":"10.1080\/00401706.1969.10490657"},{"key":"ref245","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxr026"},{"key":"ref246","doi-asserted-by":"publisher","DOI":"10.1145\/1541880.1541882"},{"key":"ref247","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2009.60"},{"key":"ref248","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2010.2048028"},{"key":"ref249","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9071164"},{"key":"ref250","volume-title":"ISO27k Toolkit, ISMS Auditing Guideline, Version 2","year":"2017"},{"key":"ref251","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-86"},{"key":"ref252","volume-title":"NERC Cyber Security Standards","year":"2016"},{"key":"ref253","doi-asserted-by":"publisher","DOI":"10.1016\/j.clsr.2008.07.001"},{"key":"ref254","doi-asserted-by":"publisher","DOI":"10.1037\/0735-7028.37.3.273"},{"key":"ref255","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-009-9248-8"},{"key":"ref256","volume-title":"International Professional Practices Framework\u2014Implementation Guide 2420\/Quality of Communications","year":"2013"},{"key":"ref257","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4302-6083-7"},{"key":"ref258","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062502"},{"key":"ref259","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2010.20"},{"key":"ref260","doi-asserted-by":"publisher","DOI":"10.1145\/2595222"},{"key":"ref261","doi-asserted-by":"publisher","DOI":"10.1109\/INCISCOS.2017.20"},{"key":"ref262","doi-asserted-by":"publisher","DOI":"10.1016\/B978-012088469-8.50047-4"},{"key":"ref263","doi-asserted-by":"publisher","DOI":"10.3389\/fbloc.2020.00017"},{"key":"ref264","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2011.5990658"},{"key":"ref265","volume-title":"Critical function monitoring and compliance auditing system","author":"Lee","year":"2007"},{"key":"ref266","doi-asserted-by":"publisher","DOI":"10.1016\/j.accinf.2021.100548"},{"key":"ref267","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2013.195"},{"key":"ref268","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2017.32"},{"key":"ref269","volume-title":"Security audit compliance for cloud computing,","author":"Doelitzscher","year":"2014"},{"key":"ref270","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48051-9"},{"key":"ref271","volume-title":"Industrial Communication Networks\u2014Network and System Security Part 2\u20131: Establishing an Industrial Automation and Control System Security Program","year":"2009"},{"key":"ref272","volume-title":"Guide to Industrial Control Systems (ICS) Security","year":"2013"},{"key":"ref273","volume-title":"IEC Technical Specification\u2014Industrial Communication Networks\u2014Network and System Security\u2014Part 1\u20131: Terminology, Concepts and Models","year":"2017"},{"key":"ref274","volume-title":"Establishment of ISASecure Japanese Scheme and Publication of ISASecure Embedded Device Security Assurance Certification Program Specifications in Japan","year":"2013"},{"key":"ref275","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom.2015.80"},{"key":"ref276","volume-title":"Security at Scale: Logging in AWS","year":"2022"},{"key":"ref277","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03552-4_22"},{"key":"ref278","doi-asserted-by":"publisher","DOI":"10.1109\/CTS.2013.6567203"},{"key":"ref279","volume-title":"Big Data: The Next Frontier for Innovation, Competition, and Productivity","author":"Manyika","year":"2011"},{"key":"ref280","doi-asserted-by":"publisher","DOI":"10.1109\/SAI.2016.7555971"},{"key":"ref281","volume-title":"Introduction to Machine Learning","author":"Alpaydin","year":"2010"},{"key":"ref282","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"Witten","year":"2011"},{"key":"ref283","doi-asserted-by":"publisher","DOI":"10.1109\/MCC.2014.22"},{"key":"ref284","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945450"},{"key":"ref285","doi-asserted-by":"publisher","DOI":"10.1145\/1629175.1629198"},{"key":"ref286","doi-asserted-by":"publisher","DOI":"10.1016\/s0197-4572(04)00065-5"},{"key":"ref287","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2017.2740932"},{"key":"ref288","first-page":"736","article-title":"Survey of time series data processing in industrial internet","volume-title":"Proc. IEEE Int. Conf. Ubiquitous Comput. Commun. (IUCC) Data Sci. Comput. Intell. (DSCI) Smart Comput., Netw. Services (SmartCNS)","author":"Wei"},{"key":"ref289","doi-asserted-by":"publisher","DOI":"10.18372\/2307-9061.22.6540"},{"key":"ref290","volume-title":"Big Data: 17 Predictions Everyone Should Read","year":"2016"},{"key":"ref291","first-page":"13","article-title":"Legal issues in AI forensics: Understanding the importance of humanware","volume-title":"Proc. Int. Workshop Appl. AI Forensics","author":"Brighi"},{"key":"ref292","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCI.2018.8441286"},{"key":"ref293","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258167"},{"key":"ref294","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.01.004"},{"key":"ref295","doi-asserted-by":"publisher","DOI":"10.1109\/ICoDSA50139.2020.9212932"},{"key":"ref296","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37051-9_10"},{"key":"ref297","doi-asserted-by":"publisher","DOI":"10.1145\/1809049.1809074"},{"key":"ref298","doi-asserted-by":"publisher","DOI":"10.1109\/CCGrid.2016.64"},{"key":"ref299","doi-asserted-by":"publisher","DOI":"10.1145\/2797022.2797040"},{"key":"ref300","doi-asserted-by":"publisher","DOI":"10.1145\/3469440"},{"key":"ref301","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2003.1160055"},{"key":"ref302","doi-asserted-by":"publisher","DOI":"10.1109\/SEAMS51251.2021.00036"},{"key":"ref303","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsir.2019.100007"},{"key":"ref304","doi-asserted-by":"publisher","DOI":"10.1109\/ICTAS47918.2020.233977"},{"key":"ref305","doi-asserted-by":"publisher","DOI":"10.2308\/jeta-10589"},{"issue":"2","key":"ref306","first-page":"13","article-title":"DF 2.0: Designing an automated, privacy preserving, and efficient digital forensic framework","volume":"14","author":"Verma","year":"2018","journal-title":"J. Digital Forensics, Secur. Law"},{"key":"ref307","doi-asserted-by":"publisher","DOI":"10.1109\/CSCS.2015.34"},{"key":"ref308","first-page":"280","article-title":"The 13th Cascon workshop on cloud computing: Engineering AIOps","volume-title":"Proc. 31st Annu. Int. Conf. Comput. Sci. Softw. Eng.","author":"Litoiu"},{"key":"ref309","volume-title":"IBM Pak for AIOps","year":"2022"},{"key":"ref310","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-76352-7_15"},{"key":"ref311","doi-asserted-by":"publisher","DOI":"10.1016\/j.proeng.2011.08.036"},{"key":"ref312","doi-asserted-by":"publisher","DOI":"10.3923\/itj.2011.798.806"},{"key":"ref313","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30507-8_13"},{"key":"ref314","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN.2000.861504"},{"key":"ref315","doi-asserted-by":"publisher","DOI":"10.3906\/elk-1302-19"},{"key":"ref316","first-page":"13","article-title":"Traffic anomaly detection using K-means clustering","volume-title":"Proc. GI\/ITG Workshop MMBnet","author":"M\u00fcnz"},{"key":"ref317","doi-asserted-by":"publisher","DOI":"10.1109\/IFCSTA.2009.25"},{"key":"ref318","doi-asserted-by":"publisher","DOI":"10.1109\/ISTEL.2014.7000814"},{"key":"ref319","doi-asserted-by":"publisher","DOI":"10.5121\/ijdkp.2014.4203"},{"key":"ref320","doi-asserted-by":"publisher","DOI":"10.1016\/s0167-4048(02)00514-x"},{"key":"ref321","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3233271"},{"key":"ref322","first-page":"962","article-title":"Investigating event log analysis with minimum apriori information","volume-title":"Proc. IFIP\/IEEE Int. Symp. Integr. Netw. Manage. (IM)","author":"Makanju"},{"key":"ref323","doi-asserted-by":"publisher","DOI":"10.1109\/ICSCN.2015.7219835"},{"key":"ref324","doi-asserted-by":"publisher","DOI":"10.33736\/jita.45.2014"},{"key":"ref325","doi-asserted-by":"publisher","DOI":"10.1016\/j.asej.2013.01.003"},{"key":"ref326","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134015"},{"key":"ref327","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2012.26"},{"key":"ref328","first-page":"263","article-title":"On the use of Honeypots for detecting cyber attacks on industrial control networks","volume-title":"Proc. 12th Eur. Conf. Inform. Warfare Secur.","author":"Sim oes"},{"key":"ref329","volume-title":"Amateyrs Attack Technology. Professional Hackers Target People","year":"2015"},{"key":"ref330","doi-asserted-by":"publisher","DOI":"10.1109\/TPWRD.2016.2603339"},{"key":"ref331","doi-asserted-by":"publisher","DOI":"10.23919\/INM.2017.7987369"},{"key":"ref332","doi-asserted-by":"publisher","DOI":"10.1111\/risa.13166"},{"key":"ref333","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijdrr.2021.102647"},{"key":"ref334","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijdrr.2022.103109"},{"key":"ref335","volume-title":"National Security Presidential Directive INSPD-54","year":"2008"},{"key":"ref336","volume-title":"Council Directive 2008\/114\/EC","year":"2008"},{"key":"ref337","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2703172"},{"key":"ref338","volume-title":"Communication Network Dependencies for ICS\/SCADA Systems","year":"2016"},{"key":"ref339","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2015.74"},{"key":"ref340","first-page":"220","article-title":"How to use software\u2013defined networking to improve security\u2014A survey","volume-title":"Proc. 14th Eur. Conf. Cyber Warfare Secur. (ECCWS)","author":"Proen\u00e7a"},{"key":"ref341","doi-asserted-by":"publisher","DOI":"10.1111\/1556-4029.12809"},{"key":"ref342","doi-asserted-by":"publisher","DOI":"10.1109\/W-FiCloud.2016.30"},{"key":"ref343","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23602-0_21"},{"key":"ref344","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8621914"},{"key":"ref345","volume-title":"For Better or Worse: 90% of World\u2019s Data Generated Over Last Two Years","author":"Data","year":"2013"},{"key":"ref346","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2016.02.005"},{"key":"ref347","volume-title":"Information Visualization: Perception for Design","author":"Ware","year":"2019"},{"key":"ref348","volume-title":"Data Visualization Catalogue","year":"2022"},{"key":"ref349","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2013.03.004"},{"key":"ref350","volume-title":"Advanced Analytics With Spark, Patterns for Learning from Data at Scale","author":"Ryza","year":"2015"},{"key":"ref351","doi-asserted-by":"publisher","DOI":"10.6028\/nist.sp.800-207"},{"key":"ref352","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102165"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10380310\/10378648.pdf?arnumber=10378648","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,12]],"date-time":"2024-01-12T22:20:28Z","timestamp":1705098028000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10378648\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":352,"URL":"https:\/\/doi.org\/10.1109\/access.2023.3348552","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]}}}