DFRWS 2012 Agenda

The DFRWS 2012 Agenda below summarizes the program of discussion and research. This years conference is held in cooperation with the Association for Computing Machinery (ACM) and its Special Interest Group on Security, Audit and Control (SIGSAC). .

Sunday, August 5, 2012

11:30am Registration Opens
 Workshop Track 1Workshop Track 2
12:30pm Automating the Forensics Triage Process Using Python and Linux
Doug Koster (Senior Computer Forensic Analyst, TASC)
Memory Forensics with Volatility
(Note: this session is all afternoon, 12:30-5:00pm)
Dr. Michael Cohen (Senior Software Engineer, Google Inc.)
2:30pm Break
3:00pm Google Analytics(tm) Cookies and the Forensic Implications
James Meyer (Forensics Track Instructor, Defense Cyber Investigations Training Academy)
5:30pm Registration closes

Monday, August 6, 2012

8:00am Registration
9:00am Opening Remarks - Matthew Geiger
9:10am Keynote Address
Ovie Carroll (Director, DOJ Cybercrime Lab)
Current and Future Trends in Digital Investigative Analysis
10:00am Break
10:15am SESSION 1: Memory Analysis
Chair: Wietse Venema
  • "Surveying The User Space Through User Allocations" Andrew White, Bradley Schatz and Ernest Foo (Queensland University of Technology) (paper | pres )
    Best Paper Award
  • "IntroLib: Efficient and Transparent Library Call Introspection for Malware Forensics" Zhui Deng, Dongyan Xu, Xiangyu Zhang (Purdue University) and Xuxian Jiang (North Carolina State University) (paper | pres )
  • "Social Networking Applications on Mobile Devices" Noora Al Mutawa, Ibrahim Baggili and Andrew Marrington (Zayed University) (paper | pres )
11:45am Lunch on your own
1:30pm SESSION 2: Language Processing
Chair: Clay Shields
  • "Finding and Identifying Text in 900+ Languages" Ralf Brown (Carnegie Mellon University) (paper | pres )
  • "Using NLP Techniques for File Fragment Classification" Oles Zhulyn, Simran Fitzgerald, George Mathews and Colin Morris (University of Toronto) (paper | pres )
2:30pm Break
2:45pm Panel Discussion
Title: Triage in Digital Forensics
Moderator: Eoghan Casey
  • Michael Cohen, Google
  • Chet Hosmer, WetStone / Allen Corporation
  • Special Agent Ryan Moore, U.S. Secret Service (pres)
  • Harry Parsonage, ADF Solutions
4:15pm Five-Minute Trailers for Tool Demos Including tool demonstrations and poster session
5:00pm Welcome Reception

Tuesday, August 7, 2012

8:00am Registration
9:00am Administrative Remarks
9:05am Keynote Address
Danny Quist (MIT Lincoln Laboratory)
Visualization in Malware and Forensics ( pres )
10:00am Break
10:15am SESSION 3: Forensic Analysis
Chair: Elizabeth Schweinsberg
  • "A General Strategy for Differential Forensic Analysis" Simson Garfinkel (Naval Postgraduate School), Alex Nelson (University of California, Santa Cruz) and Joel Young (Naval Postgraduate School) (paper | pres )
  • "Content Triage with Similarity Digests: The M57 Case Study" Vassil Roussev and Candice Quates (University of New Orleans) (paper | pres )
  • "An Automated Timeline Reconstruction Approach for Digital Forensic Investigations" Christopher Hargreaves and Jonathan Patterson (Cranfield University) (paper | pres)
11:45am Lunch on your own
1:45pm SESSION 4: Large Scale Forensics
Chair: Matthew Geiger
  • "Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus" Simson Garfinkel (Naval Postgraduate School) (paper | pres )
  • "Acquiring Forensic Evidence from Infrastructure-as-a-Service Cloud Computing" Josiah Dykstra and Alan Sherman (University of Maryland, Baltimore County) (paper | pres )
  • "The Use of Random Sampling in Investigations Involving Child Abuse Material" Michael Wilkinson (Champlain College), Brian Jones (New South Wales Police Force) and Syd Pleno (Australian Federal Police) (paper | pres )
3:15pm Break
3:30pm DFRWS 2012 Forensic Challenge presentations and prizes
6:00pm Banquet
  • Best Paper Award
7:30pm Forensic Rodeo
Wrangler: Joe Sylve
Champions: Aaron Hackworth, Tim Vidas, Matthew Geiger, Robert Beverly, Joel Young, and Eugene Libster
Download Files: Volatility 2.3 (Development) which supports ARM, the device image created with lime, and rodeo questions.

Wednesday, August 8, 2012

9:00am SESSION 5: File system forensics
Chair: Tim Vidas
  • "Bin-Carver: Automatic Recovery of Binary Executable Files" Scott Hand, Zhiqiang Lin, (University of Texas at Dallas) Guofei Gu (Texas A&M University) and Bhavani Thuraisingham (University of Texas at Dallas) (paper | pres )
  • "An Analysis of Ext4 for Digital Forensics" Kevin Fairbanks (Johns Hopkins APL) (paper | pres )
  • "Testing the National Software Reference Library" Neil Rowe (Naval Postgraduate School) (paper | pres )
10:30am Short Presentations & Works in Progress - Daryl Pfeif
(5 minutes each)
11:15am Closing Comments
11:30am Lunch on your own
 Workshop Track 1Workshop Track 2
12:30pm Using bulk_extractor for digital forensics triage and cross-drive analysis
Dr. Simson Garfinkel (Associate Professor Naval Postgraduate School)
Advanced Registry forensics with Registry Decoder
Dr. Lodovico Marziale (Digital Forensics Solutions, LLC)
2:30pm Break
3:00pm Forensic Triage & Scalable Data Correlation with sdhash
Dr. Vassil Roussev, (Associate Professor, University of New Orleans)
Challenges in Forensic Analysis of Smartphone Memory (Flash)
Eoghan Casey (cmdLabs)
6:30pm Dinner & DFRWS 2013 / 2014 Planning Session
(Not Included in Registration Fee)

©2001-2016 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.