{"id":"https://openalex.org/W2967637625","doi":"https://doi.org/10.1145/3339252.3340505","title":"A Study of Network Forensic Investigation in Docker Environments","display_name":"A Study of Network Forensic Investigation in Docker Environments","publication_year":2019,"publication_date":"2019-08-09","ids":{"openalex":"https://openalex.org/W2967637625","doi":"https://doi.org/10.1145/3339252.3340505","mag":"2967637625"},"language":"en","primary_location":{"id":"doi:10.1145/3339252.3340505","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3339252.3340505","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058921299","display_name":"Daniel Spiekermann","orcid":"https://orcid.org/0000-0003-4762-6062"},"institutions":[{"id":"https://openalex.org/I120691247","display_name":"University of Hagen","ror":"https://ror.org/04tkkr536","country_code":"DE","type":"education","lineage":["https://openalex.org/I120691247"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Daniel Spiekermann","raw_affiliation_strings":["FernUniversit\u00e4t in Hagen"],"affiliations":[{"raw_affiliation_string":"FernUniversit\u00e4t in Hagen","institution_ids":["https://openalex.org/I120691247"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078989761","display_name":"Tobias Eggendorfer","orcid":null},"institutions":[{"id":"https://openalex.org/I24227732","display_name":"University of Applied Sciences Ravensburg-Weingarten","ror":"https://ror.org/00s4rmz74","country_code":"DE","type":"education","lineage":["https://openalex.org/I24227732"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Tobias Eggendorfer","raw_affiliation_strings":["HS Ravensburg-Weingarten"],"affiliations":[{"raw_affiliation_string":"HS Ravensburg-Weingarten","institution_ids":["https://openalex.org/I24227732"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018765427","display_name":"J\u00f6rg Keller","orcid":"https://orcid.org/0000-0003-0303-6140"},"institutions":[{"id":"https://openalex.org/I120691247","display_name":"University of Hagen","ror":"https://ror.org/04tkkr536","country_code":"DE","type":"education","lineage":["https://openalex.org/I120691247"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"J\u00f6rg Keller","raw_affiliation_strings":["FernUniversit\u00e4t in Hagen"],"affiliations":[{"raw_affiliation_string":"FernUniversit\u00e4t in Hagen","institution_ids":["https://openalex.org/I120691247"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5058921299"],"corresponding_institution_ids":["https://openalex.org/I120691247"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.12440889,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/container","display_name":"Container (type theory)","score":0.8402663469314575},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7641909718513489},{"id":"https://openalex.org/keywords/virtualization","display_name":"Virtualization","score":0.6678730249404907},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.648757815361023},{"id":"https://openalex.org/keywords/virtual-machine","display_name":"Virtual machine","score":0.5340335369110107},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.5275413990020752},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5123788118362427},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.4636384844779968},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4293903410434723},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.371662974357605},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36642521619796753},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.33382320404052734},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.32044780254364014},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12218073010444641}],"concepts":[{"id":"https://openalex.org/C2781018962","wikidata":"https://www.wikidata.org/wiki/Q5164884","display_name":"Container (type theory)","level":2,"score":0.8402663469314575},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7641909718513489},{"id":"https://openalex.org/C513985346","wikidata":"https://www.wikidata.org/wiki/Q270471","display_name":"Virtualization","level":3,"score":0.6678730249404907},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.648757815361023},{"id":"https://openalex.org/C25344961","wikidata":"https://www.wikidata.org/wiki/Q192726","display_name":"Virtual machine","level":2,"score":0.5340335369110107},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.5275413990020752},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5123788118362427},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.4636384844779968},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4293903410434723},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.371662974357605},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36642521619796753},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.33382320404052734},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.32044780254364014},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12218073010444641},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3339252.3340505","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3339252.3340505","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 14th International Conference on Availability, Reliability and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.6000000238418579}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W1970009017","https://openalex.org/W1970399788","https://openalex.org/W2014113877","https://openalex.org/W2096723158","https://openalex.org/W2171388905","https://openalex.org/W2344568383","https://openalex.org/W2502170095","https://openalex.org/W2511285776","https://openalex.org/W2603921131","https://openalex.org/W2607893715","https://openalex.org/W2770291346","https://openalex.org/W2845881471","https://openalex.org/W2898119182","https://openalex.org/W2935205354","https://openalex.org/W4288079856"],"related_works":["https://openalex.org/W2088620127","https://openalex.org/W2972427363","https://openalex.org/W2121070677","https://openalex.org/W246478187","https://openalex.org/W2743348030","https://openalex.org/W1963799338","https://openalex.org/W2161391695","https://openalex.org/W2160885694","https://openalex.org/W2900408237","https://openalex.org/W4238452393"],"abstract_inverted_index":{"Cyber-criminals":[0],"harness":[1],"more":[2,4],"and":[3,30,45,51,62,121,169,192],"techniques":[5,156,205],"like":[6,35,160],"virtual":[7,21,96,119],"machines":[8],"or":[9,134,167],"container-based":[10,98],"infrastructures":[11],"for":[12,90,144,154],"their":[13,60,114],"malicious":[14,115],"activities.":[15,116],"The":[16,40,151],"inherent":[17],"dynamic":[18,93],"of":[19,27,43,82,125,131,157,172,179,206,212],"these":[20],"environments":[22,99],"simplifies":[23],"the":[24,32,73,88,118,122,126,163,170,177,213],"fast":[25],"creation":[26],"vicious":[28],"services":[29,65],"hide":[31],"involved":[33],"systems":[34],"no":[36],"other":[37],"technology":[38],"before.":[39],"primary":[41],"use":[42,171,178],"virtualisation":[44,152],"especially":[46],"containers":[47],"facilitates":[48],"software":[49],"developers":[50],"administrators":[52],"to":[53,112,186,193],"create":[54],"new":[55],"applications,":[56],"perform":[57,113],"tests,":[58],"debug":[59],"code":[61],"install":[63],"pre-defined":[64],"based":[66,209],"on":[67,210],"provided":[68],"container":[69,76,84,127],"images.":[70],"Docker":[71,149,184],"as":[72],"most":[74],"notable":[75],"technique":[77],"provides":[78],"a":[79,102,188,200],"great":[80],"variety":[81],"existing":[83],"templates,":[85],"which":[86,106],"pave":[87],"way":[89],"implementing":[91],"highly":[92],"environments.":[94,150],"As":[95,199],"machines,":[97],"are":[100],"mostly":[101],"short-living":[103],"on-demand":[104],"infrastructure,":[105],"might":[107],"be":[108],"used":[109],"by":[110],"cyber-criminals":[111],"Especially":[117],"layer":[120],"ephemeral":[123],"nature":[124],"impede":[128],"any":[129],"kind":[130],"digital":[132],"investigation":[133,147],"forensic":[135,146],"analysis.":[136],"In":[137],"this":[138],"paper":[139],"we":[140,202],"analyze":[141],"different":[142],"methods":[143],"network":[145,165,197],"in":[148,183],"demands":[153],"adapted":[155],"packet":[158,190,207],"capture":[159,191],"iptables-manipulation,":[161],"accessing":[162],"internal":[164],"bridges":[166],"vNICs":[168],"software-based":[173],"techniques.":[174],"We":[175],"propose":[176],"further":[180],"monitoring":[181],"processes":[182],"swarms":[185],"implement":[187],"valid":[189],"collect":[194],"all":[195],"relevant":[196],"packets.":[198],"result,":[201],"define":[203],"appropriate":[204],"captures":[208],"parameters":[211],"related":[214],"container.":[215]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}