{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:20:08Z","timestamp":1775053208968,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,10,4]],"date-time":"2010-10-04T00:00:00Z","timestamp":1286150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,10,4]]},"DOI":"10.1145\/1866307.1866314","type":"proceedings-article","created":{"date-parts":[[2010,10,5]],"date-time":"2010-10-05T14:38:23Z","timestamp":1286289503000},"page":"50-60","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["Trail of bytes"],"prefix":"10.1145","author":[{"given":"Srinivas","family":"Krishnan","sequence":"first","affiliation":[{"name":"University of North Carolina at Chapel Hill, Chapel Hill, NC, USA"}]},{"given":"Kevin Z.","family":"Snow","sequence":"additional","affiliation":[{"name":"University of North Carolina at Chapel Hill, Chapel Hill, NC, USA"}]},{"given":"Fabian","family":"Monrose","sequence":"additional","affiliation":[{"name":"University of North Carolina at Chapel Hill, Chapel Hill, NC, USA"}]}],"member":"320","published-online":{"date-parts":[[2010,10,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2004.10.002"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/874075.876409"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2005.36"},{"key":"e_1_3_2_1_5_1","first-page":"177","volume-title":"Dependable Systems and Networks (June","author":"Chen X.","year":"2008"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_8_1","unstructured":"}}F-Secure. MBR Rootkit A New Breed of Malware. See http:\/\/www.f-secure.com\/weblog\/archives\/ 00001393.html (2008).  }}F-Secure. MBR Rootkit A New Breed of Malware. See http:\/\/www.f-secure.com\/weblog\/archives\/ 00001393.html (2008)."},{"key":"e_1_3_2_1_9_1","volume-title":"Addison-Wesley","author":"Farmer D.","year":"2006"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315292"},{"key":"e_1_3_2_1_11_1","first-page":"1","volume-title":"Proceedings of the 11th USENIX workshop on Hot topics in operating systems","author":"Garfinkel T.","year":"2007"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_3_2_1_13_1","first-page":"191","volume-title":"A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Network and Distributed Systems Security Symposium","author":"Garfinkel T.","year":"2003"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095826"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.1974.6323581"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1352592.1352603"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1275511.1275514"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315262"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Jones S. T.","year":"2006"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168917.1168861"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/191177.191183"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945467"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of Network and Distributed System Security Symposium","author":"King S. T.","year":"2005"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655148.1655152"},{"key":"e_1_3_2_1_25_1","first-page":"213","volume-title":"Measurement and Analysis of Large-scale Network File System Workloads. In USENIX Annual Technical Conference","author":"Leung A. W.","year":"2008"},{"key":"e_1_3_2_1_26_1","first-page":"10","author":"Leung F.","year":"2006","journal-title":"Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel Technology Journal"},{"key":"e_1_3_2_1_27_1","first-page":"243","volume-title":"Hypervisor Support for Identifying Covertly Executing Binaries. In Proceedings of USENIX Security Symposium (Aug.","author":"Litty L.","year":"2008"},{"key":"e_1_3_2_1_28_1","first-page":"43","volume-title":"Provenance-aware Storage Systems. In Proceedings of the 2006 USENIX Annual Technical Conference","author":"Muniswamy-Reddy K.","year":"2006"},{"key":"e_1_3_2_1_29_1","volume-title":"Provenance for the Cloud. In USENIX Conference on File and Storage Technologies (FAST)","author":"Muniswamy-Reddy K.-K.","year":"2010"},{"key":"e_1_3_2_1_30_1","unstructured":"}}NIST. National Software Reference Library 2009.  }}NIST. National Software Reference Library 2009."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.10"},{"key":"e_1_3_2_1_32_1","volume-title":"The Ghost in the Browser: Analysis of Web-based Malware. In First Workshop on Hot Topics in Understanding Botnets","author":"Provos N.","year":"2006"},{"key":"e_1_3_2_1_33_1","first-page":"89","volume-title":"Proceedings of the USENIX Conference on File and Storage Technologies","author":"Quinlan S.","year":"2002"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368521"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2514.2517"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519073"},{"key":"e_1_3_2_1_37_1","first-page":"79","volume-title":"ATP - Anti Tampering Program. In Proceedings of USENIX Security","author":"Vincenzetti D.","year":"1993"}],"event":{"name":"CCS '10: 17th ACM Conference on Computer and Communications Security 2010","location":"Chicago Illinois USA","acronym":"CCS '10","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 17th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866314","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1866307.1866314","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:09:06Z","timestamp":1750248546000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866314"}},"subtitle":["efficient support for forensic analysis"],"short-title":[],"issued":{"date-parts":[[2010,10,4]]},"references-count":37,"alternative-id":["10.1145\/1866307.1866314","10.1145\/1866307"],"URL":"https:\/\/doi.org\/10.1145\/1866307.1866314","relation":{},"subject":[],"published":{"date-parts":[[2010,10,4]]},"assertion":[{"value":"2010-10-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}