{"id":"https://openalex.org/W2057931879","doi":"https://doi.org/10.1109/sadfe.2013.6911539","title":"CAT Record (computer activity timeline record): A unified agent based approach for real time computer forensic evidence collection","display_name":"CAT Record (computer activity timeline record): A unified agent based approach for real time computer forensic evidence collection","publication_year":2013,"publication_date":"2013-11-01","ids":{"openalex":"https://openalex.org/W2057931879","doi":"https://doi.org/10.1109/sadfe.2013.6911539","mag":"2057931879"},"language":"en","primary_location":{"id":"doi:10.1109/sadfe.2013.6911539","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sadfe.2013.6911539","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5006312603","display_name":"Shadi Al Awawdeh","orcid":null},"institutions":[{"id":"https://openalex.org/I91044093","display_name":"Zayed University","ror":"https://ror.org/03snqfa66","country_code":"AE","type":"education","lineage":["https://openalex.org/I91044093"]}],"countries":["AE"],"is_corresponding":true,"raw_author_name":"Shadi Al Awawdeh","raw_affiliation_strings":["College of Technological Innovation, Zayed University, United Arab Emirates","College of Technological, Innovation Zayed University,United Arab Emirates"],"affiliations":[{"raw_affiliation_string":"College of Technological Innovation, Zayed University, United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]},{"raw_affiliation_string":"College of Technological, Innovation Zayed University,United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043176147","display_name":"Ibrahim Baggili","orcid":"https://orcid.org/0000-0002-9574-9537"},"institutions":[{"id":"https://openalex.org/I40253897","display_name":"University of New Haven","ror":"https://ror.org/00zm4rq24","country_code":"US","type":"education","lineage":["https://openalex.org/I40253897"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ibrahim Baggili","raw_affiliation_strings":["Tagliatela College of Engineering, University of New Haven, West Haven, CT","Tagliatela College of Engineering, Department of Computer & Electrical Engineering and Computer Science, University of New Haven, West Haven, CT, USA"],"affiliations":[{"raw_affiliation_string":"Tagliatela College of Engineering, University of New Haven, West Haven, CT","institution_ids":["https://openalex.org/I40253897"]},{"raw_affiliation_string":"Tagliatela College of Engineering, Department of Computer & Electrical Engineering and Computer Science, University of New Haven, West Haven, CT, USA","institution_ids":["https://openalex.org/I40253897"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062611532","display_name":"Andrew Marrington","orcid":"https://orcid.org/0000-0002-3839-6675"},"institutions":[{"id":"https://openalex.org/I91044093","display_name":"Zayed University","ror":"https://ror.org/03snqfa66","country_code":"AE","type":"education","lineage":["https://openalex.org/I91044093"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Andrew Marrington","raw_affiliation_strings":["College of Technological Innovation, Zayed University, United Arab Emirates","College of Technological, Innovation Zayed University,United Arab Emirates"],"affiliations":[{"raw_affiliation_string":"College of Technological Innovation, Zayed University, United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]},{"raw_affiliation_string":"College of Technological, Innovation Zayed University,United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068447696","display_name":"Farkhund Iqbal","orcid":"https://orcid.org/0000-0001-9081-3598"},"institutions":[{"id":"https://openalex.org/I91044093","display_name":"Zayed University","ror":"https://ror.org/03snqfa66","country_code":"AE","type":"education","lineage":["https://openalex.org/I91044093"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Farkhund Iqbal","raw_affiliation_strings":["College of Technological Innovation, Zayed University, United Arab Emirates","College of Technological, Innovation Zayed University,United Arab Emirates"],"affiliations":[{"raw_affiliation_string":"College of Technological Innovation, Zayed University, United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]},{"raw_affiliation_string":"College of Technological, Innovation Zayed University,United Arab Emirates","institution_ids":["https://openalex.org/I91044093"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5006312603"],"corresponding_institution_ids":["https://openalex.org/I91044093"],"apc_list":null,"apc_paid":null,"fwci":1.6889,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.8870661,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":"4","issue":null,"first_page":"1","last_page":"8"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/timeline","display_name":"Timeline","score":0.7945573329925537},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7287720441818237},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5993028879165649},{"id":"https://openalex.org/keywords/computer-forensics","display_name":"Computer forensics","score":0.4928710460662842},{"id":"https://openalex.org/keywords/desktop-window-manager","display_name":"Desktop Window Manager","score":0.43666592240333557},{"id":"https://openalex.org/keywords/power-consumption","display_name":"Power consumption","score":0.42118164896965027},{"id":"https://openalex.org/keywords/microsoft-windows","display_name":"Microsoft Windows","score":0.4041404128074646},{"id":"https://openalex.org/keywords/windows-ce","display_name":"Windows CE","score":0.2977678179740906},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2599547505378723},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.2568545937538147},{"id":"https://openalex.org/keywords/power","display_name":"Power (physics)","score":0.2329390048980713}],"concepts":[{"id":"https://openalex.org/C4438859","wikidata":"https://www.wikidata.org/wiki/Q186117","display_name":"Timeline","level":2,"score":0.7945573329925537},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7287720441818237},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5993028879165649},{"id":"https://openalex.org/C556601545","wikidata":"https://www.wikidata.org/wiki/Q878553","display_name":"Computer forensics","level":3,"score":0.4928710460662842},{"id":"https://openalex.org/C765897","wikidata":"https://www.wikidata.org/wiki/Q1200785","display_name":"Desktop Window Manager","level":5,"score":0.43666592240333557},{"id":"https://openalex.org/C2984118289","wikidata":"https://www.wikidata.org/wiki/Q29954","display_name":"Power consumption","level":3,"score":0.42118164896965027},{"id":"https://openalex.org/C508378895","wikidata":"https://www.wikidata.org/wiki/Q1406","display_name":"Microsoft Windows","level":3,"score":0.4041404128074646},{"id":"https://openalex.org/C512140200","wikidata":"https://www.wikidata.org/wiki/Q488244","display_name":"Windows CE","level":4,"score":0.2977678179740906},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2599547505378723},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.2568545937538147},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.2329390048980713},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/sadfe.2013.6911539","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sadfe.2013.6911539","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering (SADFE)","raw_type":"proceedings-article"},{"id":"pmh:oai:digitalcommons.newhaven.edu:electricalcomputerengineering-facpubs-1044","is_oa":false,"landing_page_url":"http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6911539","pdf_url":null,"source":{"id":"https://openalex.org/S4377196522","display_name":"Digital Commons - New Heaven (University of New Haven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I40253897","host_organization_name":"University of New Haven","host_organization_lineage":["https://openalex.org/I40253897"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Electrical & Computer Engineering and Computer Science Faculty Publications","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W46688212","https://openalex.org/W1597710132","https://openalex.org/W1976107019","https://openalex.org/W1978495386","https://openalex.org/W1992607645","https://openalex.org/W2009229022","https://openalex.org/W2015210295","https://openalex.org/W2026456060","https://openalex.org/W2031929387","https://openalex.org/W2037841959","https://openalex.org/W2053983842","https://openalex.org/W2072777295","https://openalex.org/W2103295044","https://openalex.org/W2107997840","https://openalex.org/W2114381584","https://openalex.org/W2116666322","https://openalex.org/W2125767749","https://openalex.org/W2131465005","https://openalex.org/W2152943117","https://openalex.org/W6601872660","https://openalex.org/W6635547364","https://openalex.org/W6648659152","https://openalex.org/W6682670049"],"related_works":["https://openalex.org/W2500685539","https://openalex.org/W4256444941","https://openalex.org/W26165096","https://openalex.org/W563467322","https://openalex.org/W2339609355","https://openalex.org/W2744572443","https://openalex.org/W2600092258","https://openalex.org/W2583333928","https://openalex.org/W2462491885","https://openalex.org/W583547462"],"abstract_inverted_index":{"In":[0],"this":[1],"paper":[2],"we":[3],"present":[4],"CAT":[5,159,210],"Record":[6,160,211],"-":[7,68,80,92,108,128,148],"a":[8,23,33,46,141],"real":[9],"time":[10],"computer":[11,16,25],"forensics":[12],"agent":[13,60,180],"that":[14,134,171,195,209],"records":[15,70,82,94,110,130,150],"activity":[17,112,152],"for":[18],"subsequent":[19],"forensic":[20],"investigation":[21],"on":[22,32,86,102,155,185,212],"Windows":[24,65,72,119,186,189,203,206],"system":[26,104,142],"as":[27,54],"actions":[28],"are":[29,51,56,135],"taking":[30,153],"place":[31,154],"system.":[34,158],"This":[35],"approach":[36,43],"is":[37],"different":[38],"from":[39,117,140],"the":[40,71,83,87,103,111,118,151,156,176,179,192,196],"traditional":[41],"post-mortem":[42],"of":[44,178,198,221],"examining":[45],"hard":[47],"disk":[48],"since":[49],"activities":[50],"being":[52],"recorded":[53,199],"they":[55],"happening.":[57],"The":[58],"prototype":[59],"included":[61],"six":[62],"modules":[63],"1)":[64],"Event":[66],"Watcher":[67,147],"which":[69,81,93,109,129,149],"Operating":[73],"System":[74,146],"events":[75],"2)":[76],"Active":[77],"Window":[78],"Detector":[79,91,127],"active":[84],"windows":[85],"screen":[88],"3)":[89],"Font-Time-Power-Resolution":[90],"changes":[95],"in":[96,137,164],"font,":[97],"time,":[98],"power":[99],"or":[100,121,138],"resolution":[101],"4)":[105],"Explorers":[106],"Monitor":[107],"when":[113],"opening":[114],"an":[115,168],"item":[116],"Explorer":[120,123],"Internet":[122],"5)":[124],"Removable":[125],"Devices":[126],"any":[131],"external":[132],"devices":[133],"plugged":[136],"removed":[139],"and":[143,181,188,205,208],"6)":[144],"File":[145],"file":[157],"was":[161,172],"stress":[162],"tested":[163],"three":[165],"scenarios":[166],"using":[167],"automated":[169],"program":[170],"written":[173],"to":[174],"test":[175],"accuracy":[177],"its":[182,226],"memory":[183,222],"consumption":[184],"XP":[187,204],"7.":[190],"Overall,":[191],"results":[193],"indicated":[194],"amount":[197],"data":[200],"varied":[201],"between":[202],"7":[207],"average":[213],"did":[214],"not":[215],"consume":[216],"more":[217],"than":[218],"42,876":[219],"KB":[220],"per":[223],"second":[224],"during":[225],"operation":[227],"under":[228],"extremely":[229],"stressful":[230],"tests.":[231]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":2}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}