DFRWS EU 2017 was held March 21-23, 2017 in Überlingen, Lake Constance, Germany. Überlingen is a city on the northern shore of Lake Constance (Bodensee). The conference venue is the Parkhotel St. Leonhard, Überlingen. DFRWS EU 2017 is co-located with the 10th International Conference on IT Security Incident Management & IT Forensics (IMF 2017).

This year brings together two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the 10th International Conference on IT Security Incident Management & IT Forensics (IMF 2017). 12 peer-reviewed research papers were published in a special issue of Digital Investigation Journal. There were 4 featured keynote addresses, 6 workshops, and a reception at Sigmaringen Castle.

The Best Paper Award went to “Improving the Reliability of Chip-Off Forensic Analysis of NAND Flash Memory Devices” by Aya Fukami, Saugata Ghose, Yixin Luo, Yu Cai, and Onur Mutlu.

DFRWS EU/IMF 2017 is organised in cooperation with the German Informatics Society and its Special Interest Group SIDAR.

Conference Location:

Parkhotel St. Leonhard, Lake Constance, Germany

March 21, 2017 to March 23, 2017

Keynotes

Developments in the threat landscape, how to mitigate the risks of targeted attacks?

Freddy Dezure | CERT-EU

Freddy Dezeure graduated as Master of Science in Engineering in 1982. He was CIO of a private company from 1982 until 1987. After joining the European Commission, he has held a variety of management functions in administrative, financial and operational areas, in particular in information technology. He has set up the CERT for the EU institutions, agencies and bodies in 2011 and he has been Head of CERT-EU since then. He is a frequent keynote speaker at international conferences.

21st Century Bank Robberies: How modern criminals attack financial institutions

Patrick Lodder | SWIFT

Patrick Lodder is a Lead Security Management Specialist in SWIFT’s Customer Security Intelligence team. The Customer Security Intelligence team supports customers with forensic cyber investigations and with the analysis of compromised customer systems. The results of these investigations, combined with the analysis of threat intelligence specifically related to SWIFT customers, are used to inform users on how they can better protect their local infrastructure against cyber-attacks.

Patrick studied Software Engineering in Utrecht, the Netherlands. He joined SWIFT in 2005 where he held various positions within the EMEA Services & Support division, and was responsible for Implementation and Support of SWIFT's software and services in banks across Europe, the Middle East and Africa.

Participation

They Are Coming To Get You For A Wrongful Conviction

Peter van Koppen of VU University Amsterdam

Peter van Koppen JD is a psychologist and full professor of Legal Psychology at the Faculty of Law of VU University Amsterdam.

Peter van Koppen is a member of the Royal Holland Society of Sciences and Humanities. He is editor of the international journal Psychology, Crime, and Law (since 1992). He is a member of the Governing Board of the Netherlands Register of Court Experts.

Van Koppen published, next to some 35 books, 125 articles and 100 chapters in edited volumes, many of legal psychology, but also on the quality of evidence and misbehaviour of police, prosecution and judges.

Van Koppen has served as an expert witness in more than 450 cases. In 2014 he was awarded the Tom Williamson Award for life time achievement by the International Investigative Interviewing Research Group, iIIRG. In 2016 he received the Lifetime Achievement Award of the European Association of Psychology and Law (EAPL).

IT-Forensic challenges in ensuring the rule of law – not only in cyberspace

Martin Lühning of Baden-Württemberg State Bureau of Investigation

Martin Lühning is Head of the Division of Digital Traces at the Baden-Württemberg State Bureau of Investigation. In his prior position, he led the Economic Crime Investigation Division of the Stuttgart Police Department. His expertise includes investigation of Organized Crime, Narcotics, and Economic Crime with specialization in Digital Traces. His extensive practical experience with digital evidence and criminal investigation gives him a unique perspective of the emerging challenges for law enforcement in this area.

This year brings together two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017).

Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics.

Since 2003, IMF has established itself as one of the premier venues for presenting research on IT security incident response and management and IT forensics. While the first IMF conference was organized to establish a research forum for German speaking researchers and practitioners from the field, it soon became an International conference attracting many experts across Europe. IMF 2017, being the 10th Conference, is also an important mile stone in bringing the two worlds of IT security incident response and management and forensics together.

Both DFRWS and IMF organise informal collaborative environments each year that bring together leading researchers, practitioners, industry, tool developers, academics, law enforcement, and other government bodies from around the globe to tackle current and emerging challenges in their fields.

The co-hosting of the two events will help generate new discussions and ideas by bringing together two strong research communities: DFRWS’s community encompassing a broad range of topics in digital forensics, and IMF’s community focusing on IT security incident response and management.

The proceedings of DFRWS EU / IMF 2017 will be published in a special open-access issue of Elsevier’s Digital Investigation journal, and will be freely available on the DFRWS website.

Possibilities to contribute:

In recent years, DFRWS and IMF conferences have added practitioner presentations and hands-on tutorials/workshops taught by leading experts in the fields. Presentations are opportunities for industry researchers and practitioners who do not have the time to write a paper, but who have forensics information and experiences that would be of interest to DFRWS / IMF attendees. Presentation proposals undergo a light reviewing process to filter out sales pitches and ensure the topic is relevant to our audience.

We invite original contributions as research papers, non-research practitioner presentations, tutorials/workshops, panels, demos, and posters on the following topics in digital forensics and IT security incident response and management:

IT Security Incident Management

Incident management standardization, metrics and life cycle
Incident management formats and protocols
Incident response and/or Vulnerability response workflows, procedures and tools
Incident analysis including live analysis
Research in incident management and related processes
Development of tools supporting incident management processes
Exchange of cyber threat intelligence
Sharing of data/information about threats, attacks, incidents, etc.
Setup of cyber defense entities including but not limited to: CSIRTs, PSIRTs, ISACs, SOCs and any other organization specialising in (some) IT security incident management processes
Maturity of such cyber defense entities
Warning of large scale communities about upcoming threats or detected vulnerabilities
Ensuring situational awareness and early warning
Mandatory vs. discretionary attack / incident / vulnerability reporting
Non-traditional incident management scenarios and approaches (e.g. vehicles, control systems, and SCADA)

Digital Forensics

“Big data” approaches to forensics, including data collection, data mining, and large scale visualization
Research and development of tools supporting digital forensics
Digital forensic laboratories and other organizations specialising in digital forensic science
Addressing forensic challenges of systems-on-a-chip
Anti-forensics and anti-anti-forensics
Bridging the gap between analog and digital traces/evidence/investigators
Case studies and trend reports
Data hiding and discovery
Data recovery and reconstruction
Database forensics
Digital evidence and the law
Digital evidence storage and preservation
Digital evidence and open source intelligence analysis
Event reconstruction methods and tools
Impact of digital forensics on forensic science
Interpersonal communications and social network analysis
Malware and targeted attacks: analysis, attribution
Memory analysis and snapshot acquisition
Mobile and embedded device forensics
Multimedia forensic analysis
Network and distributed system forensics
Non-traditional forensic scenarios and approaches (e.g. vehicles, control systems, and SCADA)
Storage forensics, including file system and Flash
Tool testing and development
Triage, prioritization, automation: efficiently processing large amounts of data in digital forensics
Typology of digital traces
Virtualized environment forensics, with specific attention to the cloud and virtual machine introspection

The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to: eu-papers <at> dfrws <dot> org

SUBMISSIONS

RESEARCH PAPERS: Research papers must be original contributions, not duplicate previous work (including the authors’ own), and must not be under simultaneous publication review elsewhere. The review process will be “double-blind” (reviewers will not know who the authors are, and authors will not know who the reviewers are). Therefore, the version submitted for review should not contain the names or affiliations of the authors. When referring to their own previous work, authors should use the third person instead of the first person (i.e. “Smith and Jones [2] previously determined…” instead of “We [2] previously determined…”).

Papers must be written in English and should not exceed 10 single-spaced, two-column pages with 1 inch margins and 10pt font. Papers should be submitted as PDF files. Accepted papers will be required to utilize the provided Microsoft Word template or Elsevier’s LaTeX template (elsarticle class with the “5p” option). Authors are encouraged to use these templates for the submission version as well. After using the templates, do not forget to remove authors’ names and other revealing information for double-blind submission.

Authors are expected to present their work in person at the conference. At least one registration per paper is required in order to be included in the proceedings. Authors shall register for the conference prior to submitting their final draft for publication. At the conference, authors of accepted papers will be given 25 minutes to present their work, followed by 5 minutes of questions.

Research papers must be submitted through the EasyChair site at https://easychair.org/conferences/?conf=dfrwseu2017. Submissions must be in Adobe Acrobat PDF format. Send any questions about research paper submissions to eu-papers (at) dfrws (dot) org.

PANEL PROPOSALS: These should be one to three pages and clearly describe the topic, its relevance, and a list of potential panelists and their biographies. Panels will be evaluated based on the topic relevance and diversity of the panelists.

Panel proposals must be emailed to eu-panels (at) dfrws (dot) org in PDF or plain text format.

NON-RESEARCH PRACTITIONER PRESENTATIONS: DFRWS EU / IMF 2017 is soliciting proposals for 15-minute presentations that showcase forensics experiences of interest to DFRWS attendees, including (but not limited to) case studies and advances in user interface, real-time analysis, and triage. Presentation proposals are not included in the printed proceedings and should not be anonymized. Presentation proposals only undergo a light reviewing process to make sure they are of interest to the community. Sales pitches will not be accepted. Presentation proposals are in the form of an abstract (150-300 words) in PDF format. At least one author is expected to register and present their work in person at the conference. Presenters will be given 15 minutes, followed by 5 minutes of questions. Presentation duration will be strictly enforced.

Presentation proposals must be submitted through the EasyChair site at https://easychair.org/conferences/?conf=dfrwseu2017. Submissions must be in Adobe Acrobat PDF format. Send any questions about presentation proposal submissions to eu-papers (at) dfrws (dot) org.

DEMO OR POSTER PROPOSALS: DFRWS EU / IMF 2017 welcomes demonstrations or posters of proof of concept and research-based tools. Proposals should describe the tool, its relevance to the forensics field, and space/equipment needs (e.g., table size, power, networking, etc.).

Demo or poster proposals must be emailed to eu-demos (at) dfrws (dot) org in PDF or plain text format.

WORKSHOP PROPOSALS: DFRWS EU / IMF 2017 offers an expanded opportunity to present half-day or full-day workshops and vendor-agnostic tutorial sessions. Tutorial/workshop proposals must be emailed to eu-workshops (at) dfrws (dot) org in PDF or plain text format.

LIGHTNING TALKS: Conference attendees are invited to present parts of their ongoing work or open research questions for 5 minutes. Registration for lightning talks is possible at the conference.

STUDENT AWARD and STUDENT SCHOLARSHIP PROGRAM

DFRWS continues its outreach to students studying digital forensics. This year DFRWS will be offering an award with a cash prize to the best student paper. A student paper is any paper in which the majority of the work was performed and the paper written by full-time students at an accredited university, college, or high school.

A limited number of scholarships may be awarded to students presenting a paper at the conference. The intent is to help alleviate the financial burden due to the cost of hotel expenses and conference registration.

Deadlines

Date	Event
October 6, 2016	Papers/Presentations/Panel Proposals Submission Deadline
October 24, 2016	Workshop/Tutorials Proposals Submission Deadline
December 19, 2016	Papers/Presentations/Panel Proposals Notification
January 16, 2017	Demo/Poster Proposals Submission Deadline
January 23, 2017	Final Paper Draft and Presenter Registration

Committees

Organizing Committee

Conference Chair

Holger Morgenstern (Albstadt-Sigmaringen University)

Conference Chair

Felix Freiling (Friedrich-Alexander-University)

Conference Vice-Chair

Mariangela Biasiotti (Italian National Research Council)

Technical Program Committee Chair

Pavel Gladyshev, Ph.D. (University College Dublin)

Technical Program Committee Chair

Klaus-Peter Kossakowski (Hamburg University of Applied Sciences)

Technical Program Committee Vice Chair

Joshua James (Digital Forensic Investigation Research Laboratory, Hallym University)

Keynote Chair

Robert-Jan Mora (Royal Dutch Shell)

Keynote Chair

Eoghan Casey, Ph.D. (University of Lausanne)

Proceedings Chair:

Vassil Roussev, Ph.D. (University of New Orleans)

Local and Registration Chair

Tobias Scheible (Albstadt-Sigmaringen University)

Advertising/Sponsorship

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Advertising/Sponsorship

David-Olivier Jaquet-Chiffelle (University of Lausanne)

Advertising/Sponsorship

Hans Henseler (University of Applied Sciences Leiden)

Outreach Chair

Hans Henseler (University of Applied Sciences Leiden)

Outreach Chair

Bruce Nikkel (Bern University of Applied Sciences)

Web Chair

Mark Scanlon, Ph.D. (University College Dublin)

Web Chair

Tim Vidas (Carnegie Mellon University)

Demo & Posters Chair

Thomas Gloe (dence)

Workshop Chair

Robert-Jan Mora (Royal Dutch Shell)

Workshop Chair

Eoghan Casey, Ph.D. (University of Lausanne)

Rodeo Creator

Christian Oertle (Albstadt-Sigmaringen University)

Technical Program Committee

Philip Anderson

Cosimo Anglano

Universitá del Piemonte Orientale

Frédéric Baguelin

ArxSys

Harald Baier

University of Applied Sciences, Darmstadt

Endre Bangerter

Bern University of Applied Sciences

Nicole Beebe, Ph.D.

UTSA

Christiaan Beek

David Billard

University of Applied Sciences in Geneva

Elias Bou-Harb

National Cyber Forensics and Training Alliance / Concordia University

Owen Brady

King's College London

Frank Breitinger

University of New Haven

Eoghan Casey, Ph.D.

University of Lausanne

Ahmad Raza Cheema

National University of Sciences and Technology

Michael Cohen

Google

Patrick De Smet

NICC/INCC

Mauriella Ditommaso

Jana Dittmann

Universität Magdeburg

Reza Elgalai

Jon Evans

Felix Freiling

Friedrich-Alexander-University

Simson Garfinkel, Ph.D.

U.S. Census Bureau

Zeno Geradts

Netherlands Forensic Institute

Pavel Gladyshev, Ph.D.

University College Dublin

Thomas Gloe

dence

Oliver Göbel

Universität Stuttgart

Bernd Grobauer

SIEMENS AG

Michael Gruhn

Friedrich-Alexander-Universität Erlangen-Nürnberg

Detlef Guenther

Volkswagen AG

Hans Henseler

University of Applied Sciences Leiden

Mario Hildebrandt

Universität Magdeburg

Solal Jacob

ArxSys

Joshua James

Digital Forensic Investigation Research Laboratory, Hallym University

David-Olivier Jaquet-Chiffelle

University of Lausanne

Christian Keil

DFN-CERT

Stefan Kelm

DFN-CERT

Bruno Kerouanton

Stefan Kiltz

Universität Magdeburg

Matthias Kirchner

Binghamton University

Klaus-Peter Kossakowski

Hamburg University of Applied Sciences

Christian Krätzer

Universität Magdeburg

Volker Krummel

WINCOR Nixdorf

Hanno Langweg

HTWG Konstanz

Nhien An Le Khac

University College Dublin

Timothy Leschke, Ph.D.

Johns Hopkins University

Andrew Marrington

Zayed University

Holger Morgenstern

Albstadt-Sigmaringen University

Bruce Nikkel

Bern University of Applied Sciences

Owen O'Connor

Gilbert Peterson

US Air Force Institute of Technology

Vassil Roussev, Ph.D.

University of New Orleans

Christian Riess

Mark Scanlon, Ph.D.

University College Dublin

Bradley Schatz, Ph.D.

Schatz Forensic

Tobias Scheible

Albstadt-Sigmaringen University

Sebastian Schinzel

Martin Schmiedecker

SBA Research

Thomas Schreck

Marko Schuba

FH Aachen

Ahmed Shosha

University College Dublin

Peter Sommer

Michael Spreitzenbarth

Siemens CERT

Johannes Stüttgen

University of Erlangen-Nuremberg)

Marian Svetlik

Risk Analysis Consultants

Jean-Philippe Teissier

CERT Société Générale

Erik Tews

Christina Thorpe

Institute of Technology Blanchardstown)

Simon Tjoa

Philip Turner

Hewlett Packard

Jeroen van den Bos

Netherlands Forensic Institute

Ronald van der Knijff

Erwin van Eijk

Netherlands Forensic Institute

Wietse Venema, Ph.D.

Google

Claus Vielhauer

FH Brandenburg

Tim Vidas

Carnegie Mellon University

Registration

DFRWS EU/IMF 2017 registration includes access to all presentations, a copy of the printed proceedings, breakfasts, a welcome reception, and entrance to the famous rodeo challenge. Additionally, registered attendees may attend a banquet (including presentation of best paper awards).

Group discounts are available. If you have a group larger than four, please contact eu-registration (at) dfrws (dot) org

If you are a student in a third level graduate or postgraduate degree programme, you may qualify for a student grant covering part or all of your registration fee and/or travel expenses. Please note that travel grants are normally reserved for students presenting original research papers at the conference. For more information, please contact eu-registration (at) dfrws (dot) org. The decisions will be made by the organizing committee on a case-by-case basis considering your circumstances, provided evidence, objectives of the conference, and the available/remaining funds.

Program

Click Here To View Program