Paper | Presentation Conference Downloads Author
IntroLib - Efficient and Transparent Library Call Introspection for Malware Forensics DFRWS USA 2012 Zhui Deng, Dongyan Xu, Xiangyu Zhang, Xuxian Jiang
Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus DFRWS USA 2012 Simson Garfinkel, Ph.D.
Social Networking Applications on Mobile Devices DFRWS USA 2012 Noora Al Mutawa, Ibrahim Baggili, Andrew Marrington
Surveying The User Space Through User Allocations DFRWS USA 2012 Andrew White, Bradley Schatz, Ph.D., Ernest Foo
Testing the National Software Reference Library DFRWS USA 2012 Neil Rowe
The Use of Random Sampling in Investigations Involving Child Abuse Material DFRWS USA 2012 Michael Wilkinson, Brian Jones, Syd Pleno
Triage in Digital Forensics DFRWS USA 2012 Ryan Moore
Using NLP Techniques for File Fragment Classification DFRWS USA 2012 Oles Zhulyn, Simran Fitzgerald, George Mathews, Colin Morris
Visualization in Malware and Forensics DFRWS USA 2012 Danny Quist
Advanced Evidence Collection and Analysis of Web Browser Activity DFRWS USA 2011 Junghoon Oh, Seungbong Lee, Sangjin Lee
An Evaluation of Forensic Similarity Hashes DFRWS USA 2011 Vassil Roussev, Ph.D.
Augmenting Password Recovery with Online Profiling DFRWS USA 2011 Khawla Al-Wehaibi, Tim Storer, Brad Glisson
CAT Detect - A Tool for Detecting Inconsistency in Computer Activity Timelines DFRWS USA 2011 Andrew Marrington, Ibrahim Baggili, George Mohay, Andrew Clark
Detecting Data Theft Using Stochastic Forensics DFRWS USA 2011 Jonathan Grier
Digital Forensics in Consumer Online Privacy Class Actions DFRWS USA 2011 Scott Kamber
Distributed Forensics and Incident Response in the Enterprise DFRWS USA 2011 Michael Cohen, Darren Bilby, Germano Caronni
eDiscovery Case Study DFRWS USA 2011 A. J. Krouse
Empirical Analysis of Solid State Disk Data Retention when used with Contemporary Operating Systems DFRWS USA 2011 Christopher King
Extracting the Windows Clipboard from Memory DFRWS USA 2011 James Okolica, Gilbert Peterson
Forensic Carving of Network Packets and Associated Data Structures DFRWS USA 2011 Robert Beverly, Ph.D., Simson Garfinkel, Ph.D., Greg Cardwell
Privacy-Preserving Network Flow Recording DFRWS USA 2011 Bilal Shebaro, Jedidiah Crandall
Reconstructing Corrupt DEFLATEd Files DFRWS USA 2011 Ralf Brown
System for the Proactive, Continuous, and Efficient Collection of Digital Forensic Evidence DFRWS USA 2011 Clay Shields, Ophir Frieder, Mark Maloof
Towards a General Collection Methodology for Android Devices DFRWS USA 2011 Chengye Zhang, Nicolas Christin
Visualization in Testing a Volatile Memory Forensic Tool DFRWS USA 2011 Hajime Inoue, Frank Adelstein, Ph.D., Robert Joyce
Android Anti-Forensics Through a Local Paradigm DFRWS USA 2010 Alessandro Distefano, Gianluigi Me, Francesco Pace
Automated Mapping of Large Binary Objects Using Primitive Fragment Type Classification DFRWS USA 2010 Gregory Conti, Sergey Bratus, Benjamin Sangster, Roy Ragsdale, Matthew Supan, Andrew Lichtenberg, Robert Perez-Alemany, Anna Shubina
Different Interpretations of ISO9660 File Systems DFRWS USA 2010 Brian Carrier, Ph.D.
Digital Forensics Research - The Next 10 Years DFRWS USA 2010 Simson Garfinkel, Ph.D.
Dynamic Recreation of Kernel Data Structures for Live Forensics DFRWS USA 2010 Golden Richard III, Ph.D., Andrew Case, Lodovico Marziale
Extracting Windows Command Line Details from Physical Memory DFRWS USA 2010 Richard Stevens, Eoghan Casey, Ph.D.
Forensic Investigation of Peer-to-Peer File Sharing Network DFRWS USA 2010 Robert Erdely, Thomas Kerle, Brian Levine, Marc Liberatore, Clay Shields
Hash Based Disk Imaging Using AFF4 DFRWS USA 2010 Michael Cohen, Bradley Schatz, Ph.D.
If Error Rate is Such a Simple Concept, Why Don't I have One for My Forensic Tool Yet DFRWS USA 2010 James Lyle
Leaving Timing Channel Fingerprints in Hidden Service Log Files DFRWS USA 2010 Bilal Shebaro, Fernando Perez-Gonzalez, Jedidiah Crandall
Live Memory Forensics of Mobile Phones DFRWS USA 2010 Vrizlynn L. L. Thing, Kian-Yong Ng, Ee-Chien Chang
Secure USB Bypassing Tool DFRWS USA 2010 Jewan Bang, Byeongyeong Yoo, Sangjin Lee
The Normalized Compression Distance as a File Fragment Classifier DFRWS USA 2010 Stefan Axelsson
Treasure and Tragedy in kmem_cache Mining for Live Forensics Investigation DFRWS USA 2010 Golden Richard III, Ph.D., Andrew Case, Lodovico Marziale, Cris Neckar
Using Purpose-Built Functions And Block Hashes To Enable Small Block And Sub-File Forensics DFRWS USA 2010 Simson Garfinkel, Ph.D., Alex Nelson, Ph.D., Douglas White, Vassil Roussev, Ph.D.
Windows Operating System Agnostic Memory Analysis DFRWS USA 2010 James Okolica, Gilbert Peterson
A Novel Time-Memory Trade-Off Method for Password Recovery DFRWS USA 2009 Hwei-Ming Ying
A Second Generation Computer Forensic Analysis System DFRWS USA 2009 Daniel Ayers
Bringing Science to Digital Forensics with Standardized Forensic Corpora DFRWS USA 2009 Simson Garfinkel, Ph.D., Paul Farrell, Vassil Roussev, Ph.D., George Dinolt
Computer Forensic Timeline Visualization Tool DFRWS USA 2009 Jens Olsson, Martin Boldt
DEX - Digital Evidence Provenance Supporting Reproducibility and Comparison DFRWS USA 2009 Brian Levine, Marc Liberatore
DIALOG - A Framework for Modeling, Analysis and Reuse of Digital Forensic Knowledge DFRWS USA 2009 Damir Kahvedzic, Tahar Kechadi
Digital Forensic Implications of ZFS DFRWS USA 2009 Nicole Beebe, Ph.D., Sonia Mandes, Dane Stuckey
Extending the Advanced Forensic Format to accommodate Multiple Data Sources, Logical Evidence, Arbitrary Information and Forensic Workflow DFRWS USA 2009 Michael Cohen, Simson Garfinkel, Ph.D., Bradley Schatz, Ph.D.
Extraction of Forensically Sensitive Information from Windows Physical Memory DFRWS USA 2009 Seyed Mahmood Hejazi, Chamseddine Talhi, Mourad Debbabi
Identification and Recovery of JPEG Files with Missing Fragments DFRWS USA 2009 Husrev Sencar, Nasir Memon
Lessons Learned from the Construction of a Korean Software Reference Data Set for Digital Forensics DFRWS USA 2009 Sangseo Park, Cheolwon Lee, Sungjai Baek
Teleporter - An Analytically and Forensically Sound Duplicate Transfer System DFRWS USA 2009 Kathryn Watkins, Mike McWhorter, Jeff Long, William Hill
The Persistence of Memory - Forensic Identification and Extraction of Cryptographic Keys DFRWS USA 2009 Carsten Maartmann-Moe, André Årnes, Steffen Thorkildsen
Using ShellBag Information to Reconstruct User Activities DFRWS USA 2009 Yuandong Zhu, Pavel Gladyshev, Ph.D., Joshua James
Validation And Verification Of Computer Forensic Software Tools-Searching Function DFRWS USA 2009 Yinghua Guo, Jill Slay, Jason Beckett
A Framework for Attack Patterns Discovery in Honeynet Data DFRWS USA 2008 Olivier Thonnard, Marc Dacier
A Novel Approach of Mining Write-Prints for Authorship Attribution in E-mail Forensics DFRWS USA 2008 Farkhund Iqbal, Rachid Hadjidj, Benjamin Fung, Mourad Debbabi
An Overall Assessment Of Mobile Internal Acquisition Tool DFRWS USA 2008 Gianluigi Me, Alessandro Distefano
Automated Computer Forensics Training in a Virtualized Environment DFRWS USA 2008 Stephen Brueckner, Frank Adelstein, Ph.D., David Guaspari, Joseph Weeks
Detecting File Fragmentation Point Using Sequential Hypothesis Testing DFRWS USA 2008 Anandabrata Pal, Husrev Sencar, Nasir Memon
FACE - Automated Digital Evidence Discovery and Correlation DFRWS USA 2008 Andrew Case, Andrew Cristina, Lodovico Marziale, Golden Richard III, Ph.D., Vassil Roussev, Ph.D.
Forensic Analysis of the Windows Registry in Memory DFRWS USA 2008 Brendan Dolan-Gavitt
Forensic Memory Analysis - Files Mapped In Memory DFRWS USA 2008 Wouter Alink, Alex van Ballegooij
High Speed Search Using Tarari Content Processor in Digital Forensics DFRWS USA 2008 Jooyoung Lee, Sungkyong Un, Dowon Hong
Limewire Examinations DFRWS USA 2008 Joseph Lewthwaite, Victoria Smith
MEGA - A Tool for Mac OS X Operating System and Application Forensics DFRWS USA 2008 Rob Joyce, Judson Powers, Frank Adelstein, Ph.D.
Predicting the Types of File Fragments DFRWS USA 2008 William Calhoun, Drue Coles
PyFlag - An Advanced Network Forensic Framework DFRWS USA 2008 Michael Cohen
Recovering Deleted Data From the Windows Registry DFRWS USA 2008 Timothy Morgan
The Impact Of Microsoft Windows Pool Allocation Strategies On Memory Forensics DFRWS USA 2008 Andreas Schuster
Using JPEG Quantization Tables to Identify Imagery Processed by Software DFRWS USA 2008 Jesse Kornblum
Using the HFS+ Journal For Deleted File Recovery DFRWS USA 2008 Aaron Burghardt, Adam Feldman
10 Good Reasons Why You Should Shift Focus to Small Scale Digital Device Forensics DFRWS USA 2007 Ronald van der Knijff
A Brief Study of Time DFRWS USA 2007 Florian Buchholz, Brett Tjaden
An Efficient Technique for Enhancing Forensic Capabilities of Ext2 File System DFRWS USA 2007 Mridul Sankar Barik, Gaurav Gupta, Shubhro Sinha, Alok Mishra, Chandan Mazumdara
Analyzing Multiple Logs for Forensic Evidence DFRWS USA 2007 Ali Reza Arasteh, Mourad Debbabi, Assaad Sakha, Mohamed Saleh
Automated Windows Event Log Forensics DFRWS USA 2007 Rich Murphey
BodySnatcher - Towards Reliable Volatile Memory Acquisition by Software DFRWS USA 2007 Bradley Schatz, Ph.D.
Capture - A Tool for Behavioral Analysis of Applications and Documents DFRWS USA 2007 Christian Seifert, Ramon Steenson, Ian Welch, Peter Komisarczuk, Barbara Endicott-Popovsky
Carving Contiguous and Fragmented Files with Object Validation DFRWS USA 2007 Simson Garfinkel, Ph.D.
Digital Forensic Text String Searching - Improving Information Retrieval Effectiveness by Thematically Clustering Search Results DFRWS USA 2007 Nicole Beebe, Ph.D., Jan Clark
File Marshal - Automatic Extraction of Peer-to-Peer Data DFRWS USA 2007 Frank Adelstein, Ph.D., Rob Joyce
Forensic Data Recovery and Examination of Magnetic Swipe Card Cloning Devices DFRWS USA 2007 Gerry Masters, Philip Turner
Forensic Memory Analysis - From Stack and Code to Execution History DFRWS USA 2007 Mourad Debbabi
Introducing the Microsoft Vista Log File Format DFRWS USA 2007 Andreas Schuster
Issues with Imaging Drives Containing Faulty Sectors DFRWS USA 2007 James Lyle, Mark Wozar
Massive Threading - Using GPUs to Increase the Performance of Digital Forensics Tools DFRWS USA 2007 Lodovico Marziale, Golden Richard III, Ph.D., Vassil Roussev, Ph.D.
Multi-Resolution Similarity Hashing DFRWS USA 2007 Vassil Roussev, Ph.D., Golden Richard III, Ph.D., Lodovico Marziale
Specifying Digital Forensics - A Forensics Policy Approach DFRWS USA 2007 Carol Taylor, Barbara Endicott-Popovsky, Deborah Frincke
The VAD Tree - A Process-Eye View of Physical Memory DFRWS USA 2007 Brendan Dolan-Gavitt
A Correlation Method for Establishing Provenance of Timestamps in Digital Evidence DFRWS USA 2006 Bradley Schatz, Ph.D., George Mohay, Andrew Clark
A Cyber Forensics Ontology - Creating a New Approach to Studying Cyber Forensics DFRWS USA 2006 Ashley Brinson, Abigail Robinson, Marcus Rogers
A Strategy for Testing Hardware Write Block Devices DFRWS USA 2006 James Lyle
A Survey of Forensic Characterization Methods for Physical Devices DFRWS USA 2006 Nitin Khanna, Aravind Mikkilineni, Anthony Martone, Gazi Ali, George Chiu, Jan Allebach, Ed Delp
An Empirical Study of Automatic Event Reconstruction Systems DFRWS USA 2006 Sundararaman Jeyaraman, Mikhail Atallah
Arriving at an Anti-forensics Consensus - Examining How to Define and Control the Anti-forensics Problem DFRWS USA 2006 Ryan Harris
Categories of Digital Investigation Analysis Techniques Based On The Computer History Model DFRWS USA 2006 Brian Carrier, Ph.D., Eugene Spafford
Cross-Drive Analysis DFRWS USA 2006 Simson Garfinkel, Ph.D.
Current Cyber Investigation Challenges in Digital Forensics DFRWS USA 2006 Ted Lindsey