Sunday, August 10, 2008 |
|---|
| 5:00pm to 6:30pm |
Registration |
Monday, August 11, 2008 |
|---|
| 8:00am |
Registration and Breakfast |
| 9:00am |
Opening Remarks |
| 9:10am |
Keynote Address
Network Traffic Analysis of Point of Sale System Compromises
SA Ryan Moore (United States Secret Service) |
| 10:00am |
Break |
| 10:15am |
SESSION 1: In-Depth Analysis #1
Chair: Dave Baker
- Detecting File Fragmentation Point Using Sequential Hypothesis Testing. Anandabrata Pal, Husrev Sencar, Nasir Memon. (paper | slides)
Best Paper Winner
-
Predicting the Types of File Fragments. William Calhoun, Drue Coles.
(paper | slides)
-
Using JPEG Quantization Tables to Identify Imagery Processed by Software.
Jesse Kornblum.
(paper | slides)
|
| 11:45am |
Lunch on your own |
| 1:30pm |
SESSION 2: In-Depth Analysis #2
Chair: Golden Richard
- Forensic Analysis of the Windows Registry in Memory. Brendan Dolan-Gavitt. (paper | slides)
- Recovering Deleted Data From the Windows Registry. Timothy Morgan. (paper | slides)
- A Novel Approach of Mining Write-Prints for Authorship Attribution in E-mail Forensics. Farkhund Iqbal, Rachid Hadjidj, Benjamin Fung, Mourad Debbabi. (paper | slides)
|
| 3:00pm |
Break |
| 3:15pm |
Presentation of the DFRWS 2008 Forensic Challenge Submissions |
| 4:15pm |
Tool Demo & Poster Session |
| 5:30pm to 7:30pm |
Welcome Reception at The Wharf Rat |
Tuesday, August 12, 2008 |
|---|
| 8:00am |
Breakfast |
| 9:00am |
Session 3: Memory Analysis
Chair: Frank Adelstein
- Forensic Memory Analysis: Files mapped in memory. Ruud van Baar. (paper | slides)
- The impact of Microsoft Windows pool allocation strategies on memory forensics. Andreas Schuster. (paper | slides)
- FACE: Automated Digital Evidence Discovery and Correlation. Andrew Case, Andrew Cristina, Lodovico Marziale, III, Golden Richard, Vassil Roussev. (paper | slides)
|
| 10:30am |
Break |
| 10:45am |
SESSION 4: File / System Searching
Chair: Vassil Roussev
- Using the HFS+ Journal For Deleted File Recovery. Aaron Burghardt, Adam Feldman. (paper | slides)
- MEGA: A Tool for Mac OS X Operating System and Application Forensics. Rob Joyce, Judson Powers, Frank Adelstein. (paper | slides)
|
| 11:45am |
Lunch on your own. |
| 1:30pm |
Administrative remarks |
| 1:40pm |
Keynote Address
Recent Developments in the Law Concerning Computer Forensics
Orin Kerr (George Washington University) |
| 2:30pm |
Break |
| 2:45pm |
SESSION 5: Application Specific
Chair: Wietse Venema
- High Speed Search using Tarari Content Processor in Digital Forensics. Jooyoung Lee. (paper | slides)
- Limewire Examinations. Joseph Lewthwaite, Victoria Smith. (paper | slides)
- Automated Computer Forensics Training in a Virtualized Environment. Stephen Brueckner, Frank Adelstein, David Guaspari, Joseph Weeks. (paper | slides)
|
| 6:00pm |
Banquet
|
| 7:30pm |
Forensic Rodeo |
Wednesday, August 13, 2008 |
|---|
| 8:00am |
Breakfast |
| 9:00am |
SESSION 6: Tools
Chair: Eoghan Casey
- PyFlag - An advanced Network Forensic Framework. Michael Cohen. (paper | slides)
- An overall assessment of Mobile Internal Acquisition Tool. Gianluigi Me, Alessandro Distefano. (paper | slides)
- A Framework for Attack Patterns Discovery in Honeynet Data. Olivier Thonnard, Marc Dacier. (paper | slides)
|
| 10:30am |
Break |
| 10:45am |
Short Presentations & Works in Progress
Chair:
(5 minutes each) |
| 11:30am |
Closing Comments |
| 12:30pm |
Lunch & DFRWS 2009 / 2010 Planning Session
Lucy's Restaurant
(Not Included in
Registration Fee)
|