{"id":"https://openalex.org/W4403530685","doi":"https://doi.org/10.1016/j.fsidi.2024.301807","title":"Mount SMB.pcap: Reconstructing file systems and file operations from network traffic","display_name":"Mount SMB.pcap: Reconstructing file systems and file operations from network traffic","publication_year":2024,"publication_date":"2024-10-01","ids":{"openalex":"https://openalex.org/W4403530685","doi":"https://doi.org/10.1016/j.fsidi.2024.301807"},"language":"en","primary_location":{"id":"doi:10.1016/j.fsidi.2024.301807","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.fsidi.2024.301807","pdf_url":null,"source":{"id":"https://openalex.org/S4210178067","display_name":"Forensic Science International Digital Investigation","issn_l":"2666-2817","issn":["2666-2817","2666-2825"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Forensic Science International: Digital Investigation","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.fsidi.2024.301807","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052832324","display_name":"Jan-Niclas Hilgert","orcid":"https://orcid.org/0009-0000-5308-5712"},"institutions":[{"id":"https://openalex.org/I4210166245","display_name":"Fraunhofer Institute for Communication, Information Processing and Ergonomics","ror":"https://ror.org/05nn0gw40","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210166245","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Jan-Niclas Hilgert","raw_affiliation_strings":["Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Fraunhofer FKIE, Zanderstr. 5, 53177, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Fraunhofer FKIE, Zanderstr. 5, 53177, Bonn, Germany","institution_ids":["https://openalex.org/I4210166245"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046434174","display_name":"Alfred Mahr","orcid":"https://orcid.org/0000-0002-1564-9115"},"institutions":[{"id":"https://openalex.org/I4210166245","display_name":"Fraunhofer Institute for Communication, Information Processing and Ergonomics","ror":"https://ror.org/05nn0gw40","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210166245","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Axel Mahr","raw_affiliation_strings":["Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Fraunhofer FKIE, Zanderstr. 5, 53177, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Fraunhofer FKIE, Zanderstr. 5, 53177, Bonn, Germany","institution_ids":["https://openalex.org/I4210166245"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066741507","display_name":"Martin Lambertz","orcid":"https://orcid.org/0009-0007-1156-5807"},"institutions":[{"id":"https://openalex.org/I4210166245","display_name":"Fraunhofer Institute for Communication, Information Processing and Ergonomics","ror":"https://ror.org/05nn0gw40","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210166245","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Martin Lambertz","raw_affiliation_strings":["Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Fraunhofer FKIE, Zanderstr. 5, 53177, Bonn, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Fraunhofer FKIE, Zanderstr. 5, 53177, Bonn, Germany","institution_ids":["https://openalex.org/I4210166245"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5052832324"],"corresponding_institution_ids":["https://openalex.org/I4210166245"],"apc_list":{"value":2950,"currency":"USD","value_usd":2950},"apc_paid":{"value":2950,"currency":"USD","value_usd":2950},"fwci":1.0958,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.79654243,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"50","issue":null,"first_page":"301807","last_page":"301807"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mount","display_name":"Mount","score":0.7202898263931274},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6640872955322266},{"id":"https://openalex.org/keywords/file-system","display_name":"File system","score":0.4841078519821167},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.48235148191452026},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.38401031494140625}],"concepts":[{"id":"https://openalex.org/C2778091609","wikidata":"https://www.wikidata.org/wiki/Q14713","display_name":"Mount","level":2,"score":0.7202898263931274},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6640872955322266},{"id":"https://openalex.org/C2780940931","wikidata":"https://www.wikidata.org/wiki/Q174989","display_name":"File system","level":2,"score":0.4841078519821167},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.48235148191452026},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.38401031494140625}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1016/j.fsidi.2024.301807","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.fsidi.2024.301807","pdf_url":null,"source":{"id":"https://openalex.org/S4210178067","display_name":"Forensic Science International Digital Investigation","issn_l":"2666-2817","issn":["2666-2817","2666-2825"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Forensic Science International: Digital Investigation","raw_type":"journal-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/487822","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/487822","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":{"id":"doi:10.1016/j.fsidi.2024.301807","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.fsidi.2024.301807","pdf_url":null,"source":{"id":"https://openalex.org/S4210178067","display_name":"Forensic Science International Digital Investigation","issn_l":"2666-2817","issn":["2666-2817","2666-2825"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Forensic Science International: Digital Investigation","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W98704370","https://openalex.org/W134076915","https://openalex.org/W2093931563","https://openalex.org/W2171200911","https://openalex.org/W2884354569","https://openalex.org/W3012330912","https://openalex.org/W4239296949","https://openalex.org/W4301495367","https://openalex.org/W4383498414","https://openalex.org/W6603931231","https://openalex.org/W6680707167","https://openalex.org/W6684868810","https://openalex.org/W6687186520","https://openalex.org/W6696485493","https://openalex.org/W6775407665","https://openalex.org/W6854671386"],"related_works":["https://openalex.org/W753420207","https://openalex.org/W2353896575","https://openalex.org/W2379000728","https://openalex.org/W2368354671","https://openalex.org/W2389631998","https://openalex.org/W2362483455","https://openalex.org/W2355113374","https://openalex.org/W2391476234","https://openalex.org/W37549629","https://openalex.org/W2113429681"],"abstract_inverted_index":{"File":[0],"system":[1,76,93,105,134,205],"and":[2,53,140,163,187],"network":[3,32,97,150,182,214],"forensics":[4],"are":[5,11],"fundamental":[6,72],"in":[7],"forensic":[8],"investigations,":[9],"but":[10],"often":[12],"treated":[13],"as":[14,50,106,108],"distinct":[15],"disciplines.":[16],"This":[17],"work":[18,56],"seeks":[19],"to":[20,36,89,100,170],"unify":[21],"these":[22,166],"fields":[23],"by":[24],"introducing":[25],"a":[26,86,198],"novel":[27],"framework":[28],"capable":[29],"of":[30,63,144,201],"mounting":[31],"captures,":[33],"enabling":[34],"investigators":[35,196],"seamlessly":[37],"browse":[38],"data":[39,94],"using":[40],"conventional":[41],"tools.":[42],"Although":[43,184],"our":[44],"implementation":[45],"supports":[46],"various":[47],"protocols":[48],"such":[49],"HTTP,":[51],"TLS,":[52],"FTP,":[54],"this":[55],"will":[57],"particularly":[58],"focus":[59],"on":[60,175,181],"the":[61,64,102,109,131,148,202,208],"complexities":[62],"Server":[65],"Message":[66],"Block":[67],"(SMB)":[68],"protocol,":[69],"which":[70,119],"is":[71],"for":[73],"shared":[74],"file":[75,92,104,133,158,204],"access,":[77],"especially":[78],"within":[79,147],"local":[80],"networks.":[81],"For":[82],"this,":[83],"we":[84,129,154],"present":[85],"detailed":[87],"methodology":[88],"extract":[90,122],"essential":[91],"from":[95,125,213],"SMB":[96,126,161,177],"traffic,":[98],"aiming":[99],"reconstruct":[101,130],"share's":[103],"accurately":[107,171],"original.":[110],"Our":[111],"approach":[112],"goes":[113],"beyond":[114],"traditional":[115],"tools":[116],"like":[117],"Wireshark,":[118],"typically":[120],"only":[121],"individual":[123],"files":[124,145],"transmissions.":[127],"Instead,":[128],"entire":[132],"hierarchy,":[135],"retrieve":[136],"all":[137],"associated":[138],"metadata,":[139],"handle":[141],"multiple":[142],"versions":[143],"captured":[146],"same":[149],"traffic.":[151,183,215],"In":[152],"addition,":[153],"also":[155],"investigate":[156],"how":[157,165],"operations":[159],"impact":[160],"commands":[162],"show":[164],"can":[167,189],"be":[168,190],"used":[169],"recreate":[172],"user":[173,210],"activities":[174,211],"an":[176],"share":[178],"based":[179],"solely":[180],"both":[185],"methodologies":[186],"implementations":[188],"applied":[191],"independently,":[192],"their":[193],"combination":[194],"provides":[195],"with":[197,207],"comprehensive":[199],"view":[200],"reconstructed":[203],"along":[206],"corresponding":[209],"extracted":[212]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-01-19T04:01:09.351973","created_date":"2025-10-10T00:00:00"}