FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2783217414> ?p ?o ?g. }

• W2783217414 endingPage "114" @default.
• W2783217414 startingPage "94" @default.
• W2783217414 abstract "Nowadays, perpetrators of the crimes are more forensic-aware than ever and take preventive measures to limit or delete the program execution artifacts. Also, analysts are mostly confronted with the computer systems infected with evil programs (for example, malware and ransomware) that are designed to remain hidden whilst running and erase the traces of their executions. Program execution analysis is very meaningful effort to unravel the Indicators of Compromise (IOCs) on an infected system and detect anti-forensic tools used to complicate the investigations. The sources of program executions being created and stored are rising in newer Windows systems, however, to analyze one source in isolation would uncover only a piece of information. Thus, there is a need to take different sources of program executions into account as a whole for comprehensive examination of the digital incident, and a study of forensic capabilities of these artifacts in a comparative manner is needed. To fill the gap, this study considers eleven sources of program executions: Prefetch, Jump Lists, Shortcut (LNK), UserAssist, Amcache.hve, IconCache.db, AppCompatFlags, AppCompatCache, RunMRU, MuiCache and SRUDB.dat, and investigates the effects of running various types of applications (for example, host-based executables, package applications, portable application, and Windows Store Apps) on these artifacts in a Windows 10 Pro client system. The effects of running five popular anti-forensic tools (for example, privacy cleaners) are also observed and a comparison of scrubbing capabilities of these tools is presented. In addition, the study also discusses the forensic significance of examining the considered program execution artifacts. The study will have direct implications on the forensic or malware investigations involving program execution analysis as a subject of interest." @default.
• W2783217414 created "2018-01-26" @default.
• W2783217414 creator A5026643616 @default.
• W2783217414 creator A5071123956 @default.
• W2783217414 date "2018-05-01" @default.
• W2783217414 modified "2023-09-26" @default.
• W2783217414 title "Program execution analysis in Windows: A study of data sources, their format and comparison of forensic capability" @default.
• W2783217414 cites W1965895081 @default.
• W2783217414 cites W1991140435 @default.
• W2783217414 cites W2002594911 @default.
• W2783217414 cites W2027465629 @default.
• W2783217414 cites W2031210561 @default.
• W2783217414 cites W2070320970 @default.
• W2783217414 cites W2076784928 @default.
• W2783217414 cites W2294635558 @default.
• W2783217414 cites W2508545160 @default.
• W2783217414 cites W2582008668 @default.
• W2783217414 cites W2583394428 @default.
• W2783217414 doi "https://doi.org/10.1016/j.cose.2018.01.006" @default.
• W2783217414 hasPublicationYear "2018" @default.
• W2783217414 type Work @default.
• W2783217414 sameAs 2783217414 @default.
• W2783217414 citedByCount "14" @default.
• W2783217414 countsByYear W27832174142018 @default.
• W2783217414 countsByYear W27832174142019 @default.
• W2783217414 countsByYear W27832174142020 @default.
• W2783217414 countsByYear W27832174142021 @default.
• W2783217414 countsByYear W27832174142022 @default.
• W2783217414 countsByYear W27832174142023 @default.
• W2783217414 crossrefType "journal-article" @default.
• W2783217414 hasAuthorship W2783217414A5026643616 @default.
• W2783217414 hasAuthorship W2783217414A5071123956 @default.
• W2783217414 hasConcept C111919701 @default.
• W2783217414 hasConcept C115537543 @default.
• W2783217414 hasConcept C133588205 @default.
• W2783217414 hasConcept C160145156 @default.
• W2783217414 hasConcept C2777904410 @default.
• W2783217414 hasConcept C2778579508 @default.
• W2783217414 hasConcept C2779395397 @default.
• W2783217414 hasConcept C38652104 @default.
• W2783217414 hasConcept C41008148 @default.
• W2783217414 hasConcept C508378895 @default.
• W2783217414 hasConcept C541664917 @default.
• W2783217414 hasConcept C556601545 @default.
• W2783217414 hasConcept C84418412 @default.
• W2783217414 hasConceptScore W2783217414C111919701 @default.
• W2783217414 hasConceptScore W2783217414C115537543 @default.
• W2783217414 hasConceptScore W2783217414C133588205 @default.
• W2783217414 hasConceptScore W2783217414C160145156 @default.
• W2783217414 hasConceptScore W2783217414C2777904410 @default.
• W2783217414 hasConceptScore W2783217414C2778579508 @default.
• W2783217414 hasConceptScore W2783217414C2779395397 @default.
• W2783217414 hasConceptScore W2783217414C38652104 @default.
• W2783217414 hasConceptScore W2783217414C41008148 @default.
• W2783217414 hasConceptScore W2783217414C508378895 @default.
• W2783217414 hasConceptScore W2783217414C541664917 @default.
• W2783217414 hasConceptScore W2783217414C556601545 @default.
• W2783217414 hasConceptScore W2783217414C84418412 @default.
• W2783217414 hasLocation W27832174141 @default.
• W2783217414 hasOpenAccess W2783217414 @default.
• W2783217414 hasPrimaryLocation W27832174141 @default.
• W2783217414 hasRelatedWork W1981326734 @default.
• W2783217414 hasRelatedWork W2150795982 @default.
• W2783217414 hasRelatedWork W2550345250 @default.
• W2783217414 hasRelatedWork W2613079202 @default.
• W2783217414 hasRelatedWork W2765446491 @default.
• W2783217414 hasRelatedWork W3008439545 @default.
• W2783217414 hasRelatedWork W3025424853 @default.
• W2783217414 hasRelatedWork W3037005326 @default.
• W2783217414 hasRelatedWork W3128219034 @default.
• W2783217414 hasRelatedWork W4211194511 @default.
• W2783217414 hasVolume "74" @default.
• W2783217414 isParatext "false" @default.
• W2783217414 isRetracted "false" @default.
• W2783217414 magId "2783217414" @default.
• W2783217414 workType "article" @default.