DFRWS 2006 Program and Proceedings

The DFRWS 2006 Agenda below summarizes the program of discussion and research.

Sunday, August 13, 2006

5:00pm Registration and Welcome Reception
Sponsored by Stroz Friedberg, LLC

Monday, August 14, 2006

8:00am Registration
9:00am Opening Remarks
9:10am Keynote Address
Ted Lindsey, FBI: Current Cyber Investigation Challenges in Digital Forensics (slides)
Abstract: "The challenges facing cyber investigators and forensic examiners have never been greater. Our tools are unable to keep pace with the exponential growth in storage device capacity and distributed network environments. How do we find the needle in the haystack when the haystack is 10 stories tall? In addition, the advent of whole drive encryption may render our traditional image acquisition methods useless. Wireless technology has enabled an entirely new attack vector that can be launched from nearly anywhere and leaves little or no trace. More ominously, our opponents are actively taking steps to thwart our examination techniques. These are just a handful on the problems facing us as we enter the 21st century. I'll cover some of the problems that I've encountered as a cyber investigator and forensic examiner as well as some of the challenges I see from the perspective of a software engineer and independent software development firm."
10:00am Break
10:15am SESSION 1: Physical Devices
Chair: Frank Adelstein
  • James Lyle, NIST, USA: A Strategy for Testing Hardware Write Block Devices (paper and slides)
  • Best Paper Award: Andreas Schuster, Deutsche Telekom AG, Germany: Searching for Processes and Threads in Microsoft Windows Memory Dumps (paper and slides)
  • Nitin Khanna, Aravind Mikkilineni, Anthony Martone, Gazi Ali, George Chiu, Jan Allebach and Ed Delp of Purdue University, USA: A Survey of Forensic Characterization Methods for Physical Devices (paper and slides)
11:45am Lunch and Breakout Discussions
1:15pm SESSION 2: Working Between Disciplines
Issues in Building the Digital Forensics Bridge From Computer Science to Judicial Science (slides)
Panel: Michael Losavio, Deborah Wilson, Adel Elmaghraby, James Graham, S. Srinivasan, David Elder, Marcus Rogers
2:15pm Break
2:30pm SESSION 3: Frameworks
Chair: David Baker
  • Ricci Sze-Chung Ieong, eWalker Consulting Ltd., Hong Kong: FORZA - Digital Forensics Investigation Frameworks That Incorporate Legal Issues (paper and slides)
  • Ashley N. Brinson, Abigail Robinson, Purdue University, USA: A Cyber Forensics Ontology: Creating a New Approach to Studying Cyber Forensics (paper and slides)
  • Ryan Harris, Purdue University, USA: Arriving at an Anti-forensics Consensus: Examining How to Define and Control the Anti-forensics Problem (paper and slides)
4:00pm Break
4:15pm - 5:30pm Tool Demo & Poster Session
Chair: Todd Shipley

Tuesday, August 15, 2006

9:00am Administrative Remarks
9:15am SESSION 4: Evidence Management
Chair: Brian Carrier
  • Wouter Alink, Raoul Bhoedjang of the Netherlands Forensic Institute, Netherlands and Peter Boncz, Arjen de Vries of the Centrum voor Wiskunde en Informatica, Netherlands: XIRAF - Ultimate Forensic Querying (paper and slides)
  • Philip Turner, QinetiQ, UK: Selective and Intelligent Imaging using Digital Evidence Bags paper and slides)
  • Sangwon Lee, David Ayman, Bruce Gooch, Northwestern University, USA: Detecting False Captioning Using Common Sense Reasoning paper and slides)
10:45am Break
11:00am SESSION 5: Summary Reports
Chair: Vassil Roussev
  • DFRWS Common Digital Evidence Storage Format (CDESF) Working Group
  • Mark Maybury and Penny Chase, The MITRE Corporation, USA: Knowledge Exploration, Analysis, and Discovery (KNEAD) Workshop (slides)
11:45am Lunch and Breakout Discussions
1:15pm SESSION 6: Evidence Correlation 1
Chair: Wietse Venema
  • Simson L. Garfinkel, Harvard, USA: Cross-Drive Analysis (paper and slides)
  • Vassil Roussev, Timothy Bourg, Yixin Chen, Golden G Richard of the University of New Orleans, USA: md5bloom - Forensic Filesystem Hashing Revisited (paper and slides)
2:15pm Break
2:30pm SESSION 7: Evidence Correlation 2
Chair: Marcus Rogers
  • Jesse Kornblum, ManTech, USA: Identifying Almost Identical Files Using Context Triggered Piecewise Hashing (paper and slides)
  • Bradley Schatz, George Mohay, Andrew Clark of Queensland University of Technology, Australia: A Correlation Method for Establishing Provenance of Timestamps in Digital Evidence (paper and slides)
3:30pm Break
3:45pm Presentations of the DFRWS 2006 Breakout Session Results
Panel Lead: Frank Adelstein
4:30pm Presentations of the DFRWS 2006 File Carving Challenge Submissions
Lead: Brian Carrier
5:30pm Banquet
Sponsored by WetStone Technologies. Prizes include copies of Gargoyle Enterprise from WetStone, copies of recent digital forensic books, and more.
7:00pm Forensic Rodeo
Wrangler: Chet Hosmer

Wednesday, August 16, 2006

9:00am SESSION 8: Clever Analysis
Chair: David Baker
  • Sundararaman Jeyaraman, Purdue University, USA: An Empirical Study of Automatic Event Reconstruction Systems (paper and slides)
  • Marcus Rogers of Purdue University, USA, Kathryn Seigfried of John Jay University, USA and Kirti Tidke of Purdue University, USA: Self-Reported Computer Criminal Behavior: A Psychological Analysis (paper and slides)
  • Brian D Carrier, Eugene Spafford, Purdue University, USA: Categories of Digital Investigation Analysis Techniques Based On The Computer History Model (paper and slides)
10:30am Break
10:45am Short Presentations & Works in Progress
Chair: Wietse Venema
(5 minutes each)
11:30am Closing Comments
11:45am Lunch & DFRWS 2007 Planning Session

DFRWS Forensic Rodeo

The Forensic Rodeo has been a tradition at DFRWS for many years. After the banquet, attendees break into teams to tackle a digital forensic challenge. The first team to answer the questions wins. Historically, the challenges have been based on analyzing and recovering evidence from disk images. This year, the topic will be live analysis and the collection of evidence from a running system. At this point, that is all that we are saying. You are free to bring what ever tools you want.

Short Presentations & Works in Progress

The Short Presentations & Works in Progress session is a forum open to anyone interested in presenting topics that would not merit a full time slot, perhaps because it is on-going work or it is at an early idea stage. The only limitations are on the time and number of slides, specifically 5 minutes and 2 slides (more time may be allotted depending on how many people sign up). Participants can use this time as a sounding board to judge the interest of other researchers or practitioners. Presentation slots will be allocated on a strictly first come, first serve basis. Talk to Daryl Pfeif anytime during the workshop to sign up for a slot; she will be managing the schedule.

©2001-2016 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.