FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2016650184> ?p ?o ?g. }

• W2016650184 endingPage "131" @default.
• W2016650184 startingPage "117" @default.
• W2016650184 abstract "ABSTRACT In digital forensics, the first step to conducting an investigation is to acquire evidence that is most related to the case. Containing most recently accessed data and information about the status of a system, physical memory is a valuable source of digital evidence. When a process runs or accesses a file, all or some parts of the process's executable or accessed data file are mapped into the physical memory. In this article, we propose various methods to find files and extract them from memory in order to rebuild executable and data files that existed in physical memory at the time of incident. We developed a memory analysis plug-in that uses this automated memory file extraction. Using this tool, we have been able to extract a wide range of data file types, including text, PDF, Java Archives (JAR), various logs, EVT (system event-log files, used by the system event viewer), HTML and many more. Investigators can use the result of this research in order to (1) compare the files found on disk with those extracted from memory to find possible tampering or (2) reconstruct those files that no longer exist on the disk. In addition, they can find the last file modifications that have not been mapped out to the corresponding files on the disk. Memory extracted files can be used for the purpose of correlation analysis along with other sources of evidence such as application or network log files, E-mail files, and data files found on disks." @default.
• W2016650184 created "2016-06-24" @default.
• W2016650184 creator A5008476425 @default.
• W2016650184 creator A5028605138 @default.
• W2016650184 creator A5091698581 @default.
• W2016650184 date "2008-12-09" @default.
• W2016650184 modified "2023-10-17" @default.
• W2016650184 title "Automated Windows Memory File Extraction for Cyber Forensics Investigation" @default.
• W2016650184 cites W2004982394 @default.
• W2016650184 cites W2010376606 @default.
• W2016650184 cites W2040527645 @default.
• W2016650184 cites W2055002124 @default.
• W2016650184 cites W2091452626 @default.
• W2016650184 cites W2112190615 @default.
• W2016650184 cites W2113854927 @default.
• W2016650184 cites W2168154523 @default.
• W2016650184 doi "https://doi.org/10.1080/15567280802552829" @default.
• W2016650184 hasPublicationYear "2008" @default.
• W2016650184 type Work @default.
• W2016650184 sameAs 2016650184 @default.
• W2016650184 citedByCount "2" @default.
• W2016650184 countsByYear W20166501842023 @default.
• W2016650184 crossrefType "journal-article" @default.
• W2016650184 hasAuthorship W2016650184A5008476425 @default.
• W2016650184 hasAuthorship W2016650184A5028605138 @default.
• W2016650184 hasAuthorship W2016650184A5091698581 @default.
• W2016650184 hasConcept C111919701 @default.
• W2016650184 hasConcept C13674803 @default.
• W2016650184 hasConcept C160145156 @default.
• W2016650184 hasConcept C171730128 @default.
• W2016650184 hasConcept C180500224 @default.
• W2016650184 hasConcept C21729314 @default.
• W2016650184 hasConcept C26656859 @default.
• W2016650184 hasConcept C2780940931 @default.
• W2016650184 hasConcept C2781357168 @default.
• W2016650184 hasConcept C41008148 @default.
• W2016650184 hasConcept C77088390 @default.
• W2016650184 hasConcept C84418412 @default.
• W2016650184 hasConcept C95637964 @default.
• W2016650184 hasConceptScore W2016650184C111919701 @default.
• W2016650184 hasConceptScore W2016650184C13674803 @default.
• W2016650184 hasConceptScore W2016650184C160145156 @default.
• W2016650184 hasConceptScore W2016650184C171730128 @default.
• W2016650184 hasConceptScore W2016650184C180500224 @default.
• W2016650184 hasConceptScore W2016650184C21729314 @default.
• W2016650184 hasConceptScore W2016650184C26656859 @default.
• W2016650184 hasConceptScore W2016650184C2780940931 @default.
• W2016650184 hasConceptScore W2016650184C2781357168 @default.
• W2016650184 hasConceptScore W2016650184C41008148 @default.
• W2016650184 hasConceptScore W2016650184C77088390 @default.
• W2016650184 hasConceptScore W2016650184C84418412 @default.
• W2016650184 hasConceptScore W2016650184C95637964 @default.
• W2016650184 hasIssue "3" @default.
• W2016650184 hasLocation W20166501841 @default.
• W2016650184 hasOpenAccess W2016650184 @default.
• W2016650184 hasPrimaryLocation W20166501841 @default.
• W2016650184 hasRelatedWork W1969294963 @default.
• W2016650184 hasRelatedWork W2016650184 @default.
• W2016650184 hasRelatedWork W2153916981 @default.
• W2016650184 hasRelatedWork W2367740768 @default.
• W2016650184 hasRelatedWork W2376979270 @default.
• W2016650184 hasRelatedWork W2382233744 @default.
• W2016650184 hasRelatedWork W2600173906 @default.
• W2016650184 hasRelatedWork W2888789739 @default.
• W2016650184 hasRelatedWork W2964056896 @default.
• W2016650184 hasRelatedWork W2137838940 @default.
• W2016650184 hasVolume "2" @default.
• W2016650184 isParatext "false" @default.
• W2016650184 isRetracted "false" @default.
• W2016650184 magId "2016650184" @default.
• W2016650184 workType "article" @default.