{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:38:35Z","timestamp":1759091915130,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2009,4,14]],"date-time":"2009-04-14T00:00:00Z","timestamp":1239667200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-06-1-1108"],"award-info":[{"award-number":["N00014-06-1-1108"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2009,4,14]]},"DOI":"10.1145\/1527017.1527023","type":"proceedings-article","created":{"date-parts":[[2009,4,15]],"date-time":"2009-04-15T13:37:11Z","timestamp":1239802631000},"page":"38-51","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Palantir"],"prefix":"10.1145","author":[{"given":"Himanshu","family":"Khurana","sequence":"first","affiliation":[{"name":"University of Illinois, Urbana IL"}]},{"given":"Jim","family":"Basney","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana IL"}]},{"given":"Mehedi","family":"Bakht","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana IL"}]},{"given":"Mike","family":"Freemon","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana IL"}]},{"given":"Von","family":"Welch","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana IL"}]},{"given":"Randy","family":"Butler","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana IL"}]}],"member":"320","published-online":{"date-parts":[[2009,4,14]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"2006","article-title":"National Cyber Security Division","author":"Exercise Report Cyber Storm","year":"2006","unstructured":"Cyber Storm Exercise Report . National Cyber Security Division , U.S. Department of Homeland Security , September , 2006 , 2006 . Cyber Storm Exercise Report. National Cyber Security Division, U.S. Department of Homeland Security, September, 2006, 2006.","journal-title":"U.S. Department of Homeland Security"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1237500.1237503"},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the Geoinformatics Conference","author":"Bajcsy P.","year":"2006","unstructured":"P. Bajcsy , R. Kooper , L. Marini , B. Minsker , and J. Myers . CyberIntegrator: A Meta-Workflow System Designed for Solving Complex Scientific Problems using Heterogeneous Tools . In Proceedings of the Geoinformatics Conference , May 2006 . P. Bajcsy, R. Kooper, L. Marini, B. Minsker, and J. Myers. CyberIntegrator: A Meta-Workflow System Designed for Solving Complex Scientific Problems using Heterogeneous Tools. In Proceedings of the Geoinformatics Conference, May 2006."},{"key":"e_1_3_2_1_5_1","volume-title":"Process Model Asian Journal of Information Technology","author":"Baryamureeba V.","year":"2006","unstructured":"V. Baryamureeba and F. Tushabe . The Enhanced Digital Investigation Process Model . Process Model Asian Journal of Information Technology , 2006 . V. Baryamureeba and F. Tushabe. The Enhanced Digital Investigation Process Model. Process Model Asian Journal of Information Technology, 2006."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2005.04.002"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1527017.1527032"},{"key":"e_1_3_2_1_8_1","first-page":"002","article-title":"Handbook for Computer Security Incident Response Teams (CSIRTs)","author":"Brown M. J. W.","year":"2003","unstructured":"M. J. W. Brown , D. Stikvoort , K. P. Kossakowski , K. P. Kossakowski , G. Killcrece , R. Ruefle , and M. Zajicek . Handbook for Computer Security Incident Response Teams (CSIRTs) . CMU\/SEI- 2003 -HB- 002 , April, 2003, 2003. M. J. W. Brown, D. Stikvoort, K. P. Kossakowski, K. P. Kossakowski, G. Killcrece, R. Ruefle, and M. Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs). CMU\/SEI-2003-HB-002, April, 2003, 2003.","journal-title":"CMU\/SEI-"},{"key":"e_1_3_2_1_9_1","volume-title":"Expectations for Computer Security Incident Response. IETF RFC","author":"Brownlee N.","year":"1998","unstructured":"N. Brownlee and E. Guttman . Expectations for Computer Security Incident Response. IETF RFC 2350, June 1998 . N. Brownlee and E. Guttman. Expectations for Computer Security Incident Response. IETF RFC 2350, June 1998."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007695"},{"issue":"2","key":"e_1_3_2_1_11_1","volume":"2","author":"Carrier B.","year":"2003","unstructured":"B. Carrier and E. H. Spafford . Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence , 2 ( 2 ), Fall 2003 . B. Carrier and E. H. Spafford. Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence, 2(2), Fall 2003.","journal-title":"Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence"},{"key":"e_1_3_2_1_12_1","volume-title":"An Event-Based Digital Forensic Investigation Framework. In DFWRS'04: Proceedings of the 4th Digital Forensics Research Workshop","author":"Carrier B.","year":"2004","unstructured":"B. Carrier and E. H. Spafford . An Event-Based Digital Forensic Investigation Framework. In DFWRS'04: Proceedings of the 4th Digital Forensics Research Workshop , 2004 . B. Carrier and E. H. Spafford. An Event-Based Digital Forensic Investigation Framework. In DFWRS'04: Proceedings of the 4th Digital Forensics Research Workshop, 2004."},{"issue":"1","key":"e_1_3_2_1_13_1","article-title":"An Extended Model of Cybercrime Investigations","volume":"3","author":"Ciardhu\u00e1in S.","year":"2004","unstructured":"S. \u00d3. Ciardhu\u00e1in . An Extended Model of Cybercrime Investigations . International Journal of Digital Evidence , 3 ( 1 ), Summer 2004 . S. \u00d3. Ciardhu\u00e1in. An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3(1), Summer 2004.","journal-title":"International Journal of Digital Evidence"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/336512.336559"},{"key":"e_1_3_2_1_15_1","volume-title":"Site Security Handbook. IETF RFC","author":"Fraser B.","year":"1997","unstructured":"B. Fraser . Site Security Handbook. IETF RFC 2196, Sept. 1997 . B. Fraser. Site Security Handbook. IETF RFC 2196, Sept. 1997."},{"issue":"2","key":"e_1_3_2_1_16_1","volume":"1","author":"Giordano J.","year":"2002","unstructured":"J. Giordano and C. Maciag . Cyber Forensics: A Military Operations Perspective. International Journal of Digital Evidence , 1 ( 2 ), Summer 2002 . J. Giordano and C. Maciag. Cyber Forensics: A Military Operations Perspective. International Journal of Digital Evidence, 1(2), Summer 2002.","journal-title":"Cyber Forensics: A Military Operations Perspective. International Journal of Digital Evidence"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-61","volume-title":"Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. NIST Special Publication","author":"Grance T.","year":"2004","unstructured":"T. Grance , K. Kent , and B. Kim . Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-61, January 2004 . T. Grance, K. Kent, and B. Kim. Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-61, January 2004."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.004"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_19"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066677.1066752"},{"key":"e_1_3_2_1_22_1","volume-title":"FIRST'06: Forum for Incident Response Teams Conference","author":"Leune K.","year":"2006","unstructured":"K. Leune and S. Tesink . Designing and developing an Application for Incident Response Teams . In FIRST'06: Forum for Incident Response Teams Conference , Baltimore, MD, USA , June 2006 . K. Leune and S. Tesink. Designing and developing an Application for Incident Response Teams. In FIRST'06: Forum for Incident Response Teams Conference, Baltimore, MD, USA, June 2006."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2005.09.006"},{"key":"e_1_3_2_1_25_1","first-page":"487","volume-title":"Proceedings of the National Information Systems Security Conference","volume":"2","author":"Pollitt M.","year":"1995","unstructured":"M. Pollitt . Computer Forensics : an Approach to Evidence in Cyberspace . In Proceedings of the National Information Systems Security Conference , volume 2 , pages 487 -- 491 , 1995 . M. Pollitt. Computer Forensics: an Approach to Evidence in Cyberspace. In Proceedings of the National Information Systems Security Conference, volume 2, pages 487--491, 1995."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SADFE.2007.3"},{"key":"e_1_3_2_1_27_1","volume-title":"Incident Response and Computer Forensics","author":"Prosise C.","year":"2003","unstructured":"C. Prosise , K. Mandia , and M. Pepe . Incident Response and Computer Forensics , Second Edition. McGraw-Hill Osborne Media , 2003 . C. Prosise, K. Mandia, and M. Pepe. Incident Response and Computer Forensics, Second Edition. McGraw-Hill Osborne Media, 2003."},{"issue":"3","key":"e_1_3_2_1_28_1","volume":"1","author":"Reith M.","year":"2002","unstructured":"M. Reith , C. Carr , and G. Gunsch . An Examination of Digital Forensic Models. International Journal of Digital Evidence , 1 ( 3 ), Fall 2002 . M. Reith, C. Carr, and G. Gunsch. An Examination of Digital Forensic Models. International Journal of Digital Evidence, 1(3), Fall 2002.","journal-title":"An Examination of Digital Forensic Models. International Journal of Digital Evidence"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/947469.947496"},{"issue":"3","key":"e_1_3_2_1_30_1","article-title":"A Ten Step Process for Forensic Readiness","volume":"2","author":"Rowlingson R.","year":"2004","unstructured":"R. Rowlingson . A Ten Step Process for Forensic Readiness . International Journal of Digital Evidence , 2 ( 3 ), Winter 2004 . R. Rowlingson. A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence, 2(3), Winter 2004.","journal-title":"International Journal of Digital Evidence"},{"issue":"1","key":"e_1_3_2_1_31_1","article-title":"Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework","volume":"4","author":"Ruibin G.","year":"2005","unstructured":"G. Ruibin , C. Kai , Y. Tony , and M. Gaertner . Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework . International Journal of Digital Evidence , 4 ( 1 ), Spring 2005 . G. Ruibin, C. Kai, Y. Tony, and M. Gaertner. Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework. International Journal of Digital Evidence, 4(1), Spring 2005.","journal-title":"International Journal of Digital Evidence"},{"key":"e_1_3_2_1_32_1","volume-title":"Inoculating SSH Against Address Harvesting. In NDSS'06: The 13th Annual Network and Distributed System Security Symposium","author":"Schechter S.","year":"2006","unstructured":"S. Schechter , J. Jung , W. Stockwell , and C. McLain . Inoculating SSH Against Address Harvesting. In NDSS'06: The 13th Annual Network and Distributed System Security Symposium , San Diego, CA , February 2006 . S. Schechter, J. Jung, W. Stockwell, and C. McLain. Inoculating SSH Against Address Harvesting. In NDSS'06: The 13th Annual Network and Distributed System Security Symposium, San Diego, CA, February 2006."},{"key":"e_1_3_2_1_33_1","volume-title":"FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs. In LISA'06: 20th USENIX Large Installation System Administration Conference, Washington, D.C.","author":"Slagell A.","year":"2006","unstructured":"A. Slagell , K. Lakkaraju , and K. Luo . FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs. In LISA'06: 20th USENIX Large Installation System Administration Conference, Washington, D.C. , Dec. 2006 . A. Slagell, K. Lakkaraju, and K. Luo. FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs. In LISA'06: 20th USENIX Large Installation System Administration Conference, Washington, D.C., Dec. 2006."},{"issue":"2","key":"e_1_3_2_1_34_1","article-title":"Modeling of Post-Incident Root Cause Analysis","volume":"2","author":"Stephenson P.","year":"2003","unstructured":"P. Stephenson . Modeling of Post-Incident Root Cause Analysis . International Journal of Digital Evidence , 2 ( 2 ), Fall 2003 . P. Stephenson. Modeling of Post-Incident Root Cause Analysis. International Journal of Digital Evidence, 2(2), Fall 2003.","journal-title":"International Journal of Digital Evidence"},{"key":"e_1_3_2_1_35_1","volume-title":"RT Essentials","author":"Vincent J.","year":"2005","unstructured":"J. Vincent , R. Spier , D. Rolsky , D. Chamberlain , and R. Foley . RT Essentials . O'Reilly Media , Aug. 2005 . J. Vincent, R. Spier, D. Rolsky, D. Chamberlain, and R. Foley. RT Essentials. O'Reilly Media, Aug. 2005."},{"key":"e_1_3_2_1_36_1","volume-title":"VisFlowCluster-IP: Connectivity-Based Visual Clustering of Network Hosts. In 21st IFIP TC-11 International Information Security Conference (SEC '06)","author":"Yin X.","year":"2006","unstructured":"X. Yin , W. Yurcik , and A. Slagell . VisFlowCluster-IP: Connectivity-Based Visual Clustering of Network Hosts. In 21st IFIP TC-11 International Information Security Conference (SEC '06) , May 2006 . X. Yin, W. Yurcik, and A. Slagell. VisFlowCluster-IP: Connectivity-Based Visual Clustering of Network Hosts. In 21st IFIP TC-11 International Information Security Conference (SEC '06), May 2006."}],"event":{"name":"IDtrust '09: 8th Symposium on Identity and Trust on the Internet","sponsor":["Internet2","The National Institute of Standards and Technology","OASIS IDtrust Member Section","FPKIPA Federal Public Key Infrastructure Policy Authority"],"location":"Gaithersburg Maryland USA","acronym":"IDtrust '09"},"container-title":["Proceedings of the 8th Symposium on Identity and Trust on the Internet"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1527017.1527023","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1527017.1527023","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:29:52Z","timestamp":1750253392000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1527017.1527023"}},"subtitle":["a framework for collaborative incident response and investigation"],"short-title":[],"issued":{"date-parts":[[2009,4,14]]},"references-count":33,"alternative-id":["10.1145\/1527017.1527023","10.1145\/1527017"],"URL":"https:\/\/doi.org\/10.1145\/1527017.1527023","relation":{},"subject":[],"published":{"date-parts":[[2009,4,14]]},"assertion":[{"value":"2009-04-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}