DFRWS 2010 Agenda

The DFRWS 2010 Agenda below summarizes the program of discussion and research.

Sunday, August 1, 2010

4:00pm to 5:30pm Registration

Monday, August 2, 2010

8:00am Registration and Breakfast
9:00am Opening Remarks
9:10am Keynote Address
Troy Larson, Microsoft
We Do Windows: Surviving in the Vanguard of Windows Forensics
10:00am Break
10:15am SESSION 1: Fragment Analysis
Chair: Lodovico Marziale (Digital Forensics Solutions)
  • Automated Mapping of Large Binary Objects Using Primitive Fragment Type Classification. Gregory Conti, Sergey Bratus, Benjamin Sangster, Roy Ragsdale, Matthew Supan, Andrew Lichtenberg, Robert Perez-Alemany and Anna Shubina. (paper | pres)
  • Using purpose-built functions and block hashes to enable small block and sub-file forensics. Simson Garfinkel, Alex Nelson, Douglas White, and Vassil Roussev. (paper | pres)
  • The Normalized Compression Distance as a File Fragment Classifier. Stefan Axelsson. (paper | pres)
  • Discussion
12:00pm Lunch on your own
1:30pm SESSION 2: Linux Memory Analysis
Chair: Wietse Venema, (IBM)
  • Dynamic Recreation of Kernel Data Structures for Live Forensics. Golden Richard, Andrew Case and Lodovico Marziale. (paper | pres)
  • Treasure and Tragedy in kmem_cache Mining for Live Forensics Investigation. Golden Richard, Andrew Case, Lodovico Marziale and Cris Neckar. (paper | pres)
2:30pm Break
2:45pm SESSION 3: Windows Memory Analysis
Chair: Frank Adelstein (ATC-NY)
  • Windows Operating System Agnostic Memory Analysis. James Okolica and Gilbert Peterson. (paper | pres)
    Best Paper Award
  • Extracting Windows Command Line Details from Physical Memory. Richard Stevens and Eoghan Casey. (paper | pres)
3:45pm Invited Talk:
AAron Walters, Volatile Systems, LLC
4:15pm Panel: The Future of Memory Analysis
Speakers of the memory analysis sessions
5:30pm Welcome Reception, Tool Demo, and Poster Session

Tuesday, August 3, 2010

8:00am Registration and Breakfast
9:00am Administrative Remarks
9:10am Keynote Address
Wenke Lee, Georgia Institute of Technology
Getting Virtual Machine Monitoring Ready for Primetime
10:00am Break
10:15am SESSION 4: Challenges
Chair: Dave Baker (MITRE)
  • Digital Forensics Research: The Next 10 Years. Simson Garfinkel. (paper | pres)
  • Panel: Challenges In Corporate Forensics - Why Isn't Bigger Better?
    Josh Cady, Barbara A. Frederiksen, Michelle Lentzner, Steve Mancini, Sarah Mocas, Ed Sandoval.
12:00pm Lunch on your own
2:00pm SESSION 5: Mobile Devices
Chair: Eoghan Casey (cmdLabs)
  • Live Memory Forensics of Mobile Phones. Vrizlynn Thing, Kian-Yong Ng and Ee-Chien Chang. (paper | pres)
  • Android Anti-Forensics Through a Local Paradigm. Alessandro Distefano, Gianluigi Me and Francesco Pace. (paper | pres)
3:00pm Break
3:15pm SESSION 6: Network Forensics
Chair: Florian Buchholz (James Madison University)
  • Forensic Investigation of Peer-to-Peer File Sharing Network. Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore and Clay Shields. (paper | pres)
  • Leaving Timing Channel Fingerprints in Hidden Service Log Files. Bilal Shebaro, Fernando Perez-Gonzalez and Jedidiah R. Crandall. (paper | pres)
4:15pm SESSION 7: Data Acquisition
Chair: Brian Carrier (Basis Technology)
  • Secure USB Bypassing Tool. Jewan Bang, Byeongyeong Yoo and Sangjin Lee. (paper | pres)
  • Hash based disk imaging using AFF4. Michael Cohen and Bradley Schatz. (paper | pres)
6:00pm Banquet
  • Best Paper Award
7:30pm Forensic Rodeo
Wrangler: Matthew Geiger

Wednesday, August 4, 2010

8:00am Breakfast
9:00am SESSION 8: Tool Testing
Chair: Matthew Geiger (CERT)
  • Different Interpretations of ISO9660 File Systems. Brian Carrier. (paper | pres)
  • If Error Rate is Such a Simple Concept, Why Don't I have One for My Forensic Tool Yet? James Lyle. (paper | pres)
10:00am Panel: Technical Aspects of Large Scale Investigations
Simson Garfinkel, Vassil Roussev, Bradley Schatz, and Nathan Swenson.
11:00am Break
11:15am Presentation of the DFRWS 2010 Forensic Challenge Submissions
Chair: Eoghan Casey (cmdLabs)
12:00pm Short Presentations & Works in Progress
Chair: Florian Buchholz (James Madison University)
(5 minutes each)
12:45am Closing Comments

©2001-2016 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.