DFRWS 2015 Agenda

The DFRWS 2015 Agenda below summarizes the program of discussion and research. This years conference is held in cooperation with the Association for Computing Machinery (ACM) and its Special Interest Group on Security, Audit and Control (SIGSAC). .

Google Calendar DFRWS 2015 Google Calendar

This is a preliminary program that will be updated as workshops, keynotes and the technical program details are finalized

Sunday, August 9, 2015

11:30am Registration Opens
 Workshop Track 1Workshop Track 2
1:00-3:00pm GRR Rapid Response, Part 1
 Creating forensic tools in Go
3:00-5:00pm GRR Rapid Reponse, Part 2 Vehicle Forensics
5:30pm Registration closes
6:00pm Dinner on your own

Monday, August 10, 2015

8:00am Registration / Breakfast
9:00am Opening Remarks
9:15am Keynote Address
Luke Dembosky, Deputy Assistant Attorney General, Department of Justice National Security Division
10:15am Break
10:30am SESSION 1: Malware Analysis
Session Chair: Vassil Roussev
  • "The Impact of GPU-Assisted Malware on Memory Forensics: A Case Study" Davide Balzarotti, Roberto Di Pietro and Antonio Villani (paper | pres)
  • "Advancing Mac OS X Rootkit Detection" Andrew Case and Golden Richard (paper | pres)
  • "Graph-Theoretic Characterization of Cyber-threat Infrastructures" Amine Boukhtouta, Djedjiga Mouheb, Mourad Debbabi, Omar Alfandi, Farkhund Iqbal and May El Barachi (paper | pres)
12:00pm Lunch on your own
1:40pm Forensic Challenge Presentations and Prizes
2:00pm SESSION 2: Acquisition and E-Discovery
Session Chair: Wietse Venema
  • "Rapid Forensic Imaging of Large Disks with Sifting Collectors" Jonathan Grier and Golden Richard (paper | pres) Best Paper Award
  • "Extending the AFF4 container format for scalable acquisition and live analysis" Bradley Schatz (paper | pres)
  • "LINCS: Towards Building a Trustworthy Litigation Hold Enabled Cloud Storage System" Shams Zawoad, Ragib Hasan and John Grimes (paper | pres)
3:30pm Break
4:00pm PRESENTATIONS I
Session Chair: Elizabeth Schweinsberg
  • "Inferring Past Activity from Partial Digital Artifacts" James Jones, Tahir Khan, Kathryn Laskey, Alexander Nelson, Mary Laamanen and Douglas White (pres)
  • "Visualizing the Version-Controlled Filesystem" Jon Stewart and Zack Weger
  • "Finding your naughty BITS" Matthew Geiger (pres)
5:00pm One-Minute Teasers for Tool Demos and Poster Session
5:20pm 2016 DFRWS Challenge Michael McCarrin, Brian Greunke, and Robert Beverly (pres)
5:30pm Welcome Reception (Poster and Demo Session)

Tuesday, August 11, 2015

8:00am Registration / Breakfast
9:00am Administrative Remarks
9:05am Keynote Address
Jason Upchurch, Intel
10:00am Break
10:25am SESSION 3: Android & Network Forensics
Session Chair: Frank Adelstein
  • "New acquisition method based on firmware update protocols for Android smartphones" Seung Jei Yang, Jung Ho Choi, Ki Bom Kim and Tae Joo Chang (paper | pres)
  • "Network and device forensic analysis of Android social-messaging applications" Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Frank Breitinger and Jason Moore (paper | pres)
  • "Detecting very large sets of referenced files at 40/100 GbE, especially MP4 files" Adrien Larbanet, Jonas Lerebours and Jean Pierre David ( paper| pres)
11:55am Lunch on your own
1:25pm Invited talk
Ricky Connell, Director of Incident Response, Yahoo!
2:15pm SESSION 4: Computational Forensics
Session Chair: Josiah Dykstra
  • "Hash-Based Carving: Searching media for complete files and file fragments with sector hashing and hashdb" Simson Garfinkel and Michael McCarrin (paper | pres)
  • "Database Forensic Analysis through Internal Structure Carving" James Wagner, Alexander Rasin and Jonathan Grier (paper | pres)
  • "E-mail Authorship Attribution using Customized Associative Classification" Michael Schmid, Farkhund Iqbal and Benjamin Fung (paper | pres)
3:45pm Break
4:10pm PRESENTATIONS II
Session Chair: Alex Nelson
  • "Federated Testing: Shared Test Materials from the CFTT Program at NIST" Ben Livelsberger and James Lyle (pres)
  • "The Chain of Custody: A big misconception?" Tobias Eggendorfer (pres)
  • "Video Authentication Using File Structure and Metadata" Jake Hall (pres)
5:10pm Break
6:00pm Banquet
7:30pm Forensic Rodeo

Wednesday, August 12, 2015

8:00am Registration / Breakfast
9:00am SESSION 5: Archival and Reverse Engineering
Session Chair: Golden Richard
  • "Privacy Preserving Email-Forensics" Frederik Armknecht, Andreas Dewald and Michael Gruhn (paper | pres)
  • "Archival Science, Digital Forensics, and New Media Art" Dianne Dietrich and Frank Adelstein (paper | pres)
  • "BinComp: A Practical Approach to Compiler Provenance Attribution" Saed Alrabaee, Paria Shirani, Mourad Debbabi, Ashkan Rahimian and Lingyu Wang (paper | pres)
  • "Automatic Classification of Object Code Using Machine Learning" John Clemens (paper | pres)
11:00am Works in Progress
11:15am Closing Comments
11:30am Lunch on your own
 Workshop Track 1Workshop Track 2Workshop Track 3
1:00-5:00pm Reverse Engineering with Rekall
 Bitcurator: Redacting and providing access to data from disk images
 Python scripting in Autopsy
6:00pm DFRWS 2016 Planning Session aboard the Moshulu, "the world's oldest and largest square rigged sailing vessel still afloat" (Open to the first 20 people that sign up onsite)

Thursday, August 13, 2015

9:00am Digital Forensics Curriculum Standards 3rd Workshop (6 hours)

©2001-2016 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.