{"id":"https://openalex.org/W2050082837","doi":"https://doi.org/10.1109/tifs.2012.2210217","title":"Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches","display_name":"Trail of Bytes: New Techniques for Supporting Data Provenance and Limiting Privacy Breaches","publication_year":2012,"publication_date":"2012-07-24","ids":{"openalex":"https://openalex.org/W2050082837","doi":"https://doi.org/10.1109/tifs.2012.2210217","mag":"2050082837"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2012.2210217","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2012.2210217","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063703305","display_name":"Srinivas Krishnan","orcid":null},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Srinivas Krishnan","raw_affiliation_strings":["Department of Computer Science, University of North Carolina, Chapel Hill, Chapel Hill, NC, USA","Department of Computer Science, University of North Carolina at Chapel Hill Chapel Hill, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of North Carolina, Chapel Hill, Chapel Hill, NC, USA","institution_ids":["https://openalex.org/I114027177"]},{"raw_affiliation_string":"Department of Computer Science, University of North Carolina at Chapel Hill Chapel Hill, NC, USA","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019527145","display_name":"Kevin Z. Snow","orcid":"https://orcid.org/0009-0007-3666-9880"},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kevin Z. Snow","raw_affiliation_strings":["Department of Computer Science, University of North Carolina, Chapel Hill, Chapel Hill, NC, USA","Department of Computer Science, University of North Carolina at Chapel Hill Chapel Hill, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of North Carolina, Chapel Hill, Chapel Hill, NC, USA","institution_ids":["https://openalex.org/I114027177"]},{"raw_affiliation_string":"Department of Computer Science, University of North Carolina at Chapel Hill Chapel Hill, NC, USA","institution_ids":["https://openalex.org/I114027177"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5069862528","display_name":"Fabian Monrose","orcid":"https://orcid.org/0000-0002-9805-2217"},"institutions":[{"id":"https://openalex.org/I114027177","display_name":"University of North Carolina at Chapel Hill","ror":"https://ror.org/0130frc33","country_code":"US","type":"education","lineage":["https://openalex.org/I114027177"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fabian Monrose","raw_affiliation_strings":["Department of Computer Science, University of North Carolina, Chapel Hill, Chapel Hill, NC, USA","Department of Computer Science, University of North Carolina at Chapel Hill Chapel Hill, NC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of North Carolina, Chapel Hill, Chapel Hill, NC, USA","institution_ids":["https://openalex.org/I114027177"]},{"raw_affiliation_string":"Department of Computer Science, University of North Carolina at Chapel Hill Chapel Hill, NC, USA","institution_ids":["https://openalex.org/I114027177"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5063703305"],"corresponding_institution_ids":["https://openalex.org/I114027177"],"apc_list":null,"apc_paid":null,"fwci":0.4421,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.72763983,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"7","issue":"6","first_page":"1876","last_page":"1889"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9048190116882324},{"id":"https://openalex.org/keywords/hypervisor","display_name":"Hypervisor","score":0.6277111768722534},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.5870769023895264},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5135007500648499},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.5073966383934021},{"id":"https://openalex.org/keywords/audit-trail","display_name":"Audit trail","score":0.5025715827941895},{"id":"https://openalex.org/keywords/computer-forensics","display_name":"Computer forensics","score":0.4275237023830414},{"id":"https://openalex.org/keywords/digital-evidence","display_name":"Digital evidence","score":0.42500990629196167},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.41036486625671387},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.2872190475463867},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.28044721484184265},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1644439697265625},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.15834584832191467}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9048190116882324},{"id":"https://openalex.org/C112904061","wikidata":"https://www.wikidata.org/wiki/Q1077480","display_name":"Hypervisor","level":4,"score":0.6277111768722534},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.5870769023895264},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5135007500648499},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.5073966383934021},{"id":"https://openalex.org/C80958533","wikidata":"https://www.wikidata.org/wiki/Q1047174","display_name":"Audit trail","level":3,"score":0.5025715827941895},{"id":"https://openalex.org/C556601545","wikidata":"https://www.wikidata.org/wiki/Q878553","display_name":"Computer forensics","level":3,"score":0.4275237023830414},{"id":"https://openalex.org/C2781357168","wikidata":"https://www.wikidata.org/wiki/Q5276084","display_name":"Digital evidence","level":3,"score":0.42500990629196167},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.41036486625671387},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.2872190475463867},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.28044721484184265},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1644439697265625},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.15834584832191467},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tifs.2012.2210217","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2012.2210217","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.816.3768","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.816.3768","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://cs.unc.edu/%7Efabian/papers/tifs12.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7799999713897705,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W23711711","https://openalex.org/W47175211","https://openalex.org/W73598622","https://openalex.org/W1491237615","https://openalex.org/W1515790419","https://openalex.org/W1546317334","https://openalex.org/W1559528097","https://openalex.org/W1641762327","https://openalex.org/W1813040609","https://openalex.org/W1883937078","https://openalex.org/W1993295335","https://openalex.org/W1993694077","https://openalex.org/W2037017056","https://openalex.org/W2093406244","https://openalex.org/W2112127916","https://openalex.org/W2112731379","https://openalex.org/W2114891701","https://openalex.org/W2115175195","https://openalex.org/W2115466528","https://openalex.org/W2125767749","https://openalex.org/W2125788329","https://openalex.org/W2125895608","https://openalex.org/W2129278597","https://openalex.org/W2131629422","https://openalex.org/W2131726714","https://openalex.org/W2132280055","https://openalex.org/W2140807364","https://openalex.org/W2154081981","https://openalex.org/W2159265516","https://openalex.org/W2164845301","https://openalex.org/W2166004296","https://openalex.org/W2168264487","https://openalex.org/W2295705535","https://openalex.org/W2337826830","https://openalex.org/W2398150230","https://openalex.org/W3044736293","https://openalex.org/W3150003982","https://openalex.org/W4205777466","https://openalex.org/W4239223658","https://openalex.org/W4241912528","https://openalex.org/W4243947286","https://openalex.org/W4255411440","https://openalex.org/W6601006388","https://openalex.org/W6601859066","https://openalex.org/W6603043977","https://openalex.org/W6629287744","https://openalex.org/W6632599652","https://openalex.org/W6637110787","https://openalex.org/W6677522032","https://openalex.org/W6678962629","https://openalex.org/W6679886283","https://openalex.org/W6684481483","https://openalex.org/W6793350840","https://openalex.org/W7064809758"],"related_works":["https://openalex.org/W4238452393","https://openalex.org/W2489557937","https://openalex.org/W2480188389","https://openalex.org/W4240498326","https://openalex.org/W4283205458","https://openalex.org/W3018602826","https://openalex.org/W2373124162","https://openalex.org/W2532563258","https://openalex.org/W3001565613","https://openalex.org/W2061171250"],"abstract_inverted_index":{"Forensic":[0],"analysis":[1],"of":[2,39,78,119,152,165],"computer":[3],"systems":[4],"requires":[5],"that":[6,56,86,145,213],"one":[7],"first":[8],"identify":[9],"suspicious":[10],"objects":[11,111,127],"or":[12],"events,":[13],"and":[14,29,89,114,149,156,194,222],"then":[15],"examine":[16],"them":[17],"in":[18,138],"enough":[19],"detail":[20],"to":[21,26,35,73,110,186,226],"form":[22],"a":[23,83,95,139,175,197,210],"hypothesis":[24],"as":[25],"their":[27],"cause":[28],"effect.":[30],"Sadly,":[31],"while":[32],"our":[33,166,181,205],"ability":[34],"gather":[36],"vast":[37],"amounts":[38],"data":[40,91,216,228],"has":[41,199],"improved":[42],"significantly":[43],"over":[44,229],"the":[45,54,66,76,79,100,104,116,126,153,157,163,191,230],"past":[46],"two":[47],"decades,":[48],"it":[49,65],"is":[50],"all":[51],"too":[52],"often":[53],"case":[55,177],"we":[57,63,71,168],"lack":[58],"detailed":[59],"information":[60,189],"just":[61],"when":[62],"need":[64],"most.":[67],"In":[68],"this":[69],"paper,":[70],"attempt":[72],"improve":[74],"on":[75,112],"state":[77],"art":[80],"by":[81,103,208],"providing":[82,209],"forensic":[84,133],"platform":[85,182],"transparently":[87],"monitors":[88,108],"records":[90,135],"access":[92],"events":[93,155],"within":[94],"virtualized":[96],"environment":[97],"using":[98],"only":[99],"abstractions":[101],"exposed":[102],"hypervisor.":[105],"Our":[106,132],"approach":[107],"accesses":[109,121],"disk":[113],"follows":[115],"causal":[117],"chain":[118],"these":[120,136],"across":[122,219],"processes,":[123],"even":[124],"after":[125,196],"are":[128],"copied":[129],"into":[130],"memory.":[131],"layer":[134],"transactions":[137],"tamper":[140],"evident":[141],"version-based":[142],"audit":[143],"log":[144],"allows":[146],"for":[147],"faithful,":[148],"efficient,":[150],"reconstruction":[151],"recorded":[154],"changes":[158],"they":[159],"induced.":[160],"To":[161],"demonstrate":[162],"utility":[164],"approach,":[167],"provide":[169],"an":[170],"extensive":[171],"empirical":[172],"evaluation,":[173],"including":[174],"real-world":[176],"study":[178],"demonstrating":[179],"how":[180],"can":[183,214],"be":[184],"used":[185],"reconstruct":[187],"valuable":[188],"about":[190],"what,":[192],"when,":[193],"how,":[195],"compromise":[198],"been":[200],"detected.":[201],"We":[202],"also":[203,223],"extend":[204],"earlier":[206],"work":[207],"tracking":[211],"mechanism":[212],"monitor":[215],"exfiltration":[217],"attempts":[218,225],"multiple":[220],"disks":[221],"block":[224],"copy":[227],"network.":[231]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":3},{"year":2014,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}