DFRWS USA 2018 was held July 15-18, 2018 at the Omni Providence in Providence, RI. The conference was help in cooperation with the ACM.
A keynote address from Prof. Eugene Spafford started the conference. On the second day, Captain John C Alfred of the Rhode Island State Police gave us a local perspective of the use of forensics in investigations. The program also consisted of 14 peer-reviewed papers, 7 industry presentations, and 5 workshops. Evening events included the Welcome Reception and Poster Session at the Skyline at Waterplace on the Providence River and a banquet at the hotel with the world famous Forensics Rodeo.
The Best Paper Award was for “Forensic Analysis of Multiple Device BTRFS Configurations Using The Sleuth Kit” by Jan-Niclas Hilgert, Martin Lambertz, and Shujian Yang. The Best Student Paper Award went to “Memory Forensics and the Windows Subsystem for Linux” by Nathan Lewis (Louisiana State University), Andrew Case (Volexity), Aisha Ali-Gombe, and Golden Richard III, Ph.D. (Louisiana State University).
The 2018 Forensics Challenge was about Internet of Things (IoT), defined generally to include network and Internet connected devices usually for the purpose of monitoring and automation tasks. Consumer-grade “Smart” devices are increasing in popularity and scope. These devices and the data they collect are potentially interesting for digital investigations, but also come with a number of new investigation challenges.
This year’s grand prize was awarded to the SPAWAR Systems Center ATLANTIC Team: Mark Gramajo, Joshua Lewis, Randall Sharo, Shawn Zwach. This team not only analyzed available digital traces to reconstruct the scenario, but also developed open source plugins for the plaso forensic framework, provided a script to parse the Google OnHub diagnostic report, loaded results into Elastic and Kibana for correlation and analysis, and uncovered IoT traces within network traffic.
Providence, RI United States
July 15, 2018 to July 18, 2018
How Well Are We Meeting the Challenge?Prof. Eugene Spafford | Purdue University
Eugene H. Spafford is one of the most senior cybersecurity researchers in the field. During his 30+ years in computing—including 29 years as a faculty member at Purdue University -- Spaf (as he is widely known) has worked on issues in privacy, public policy, law enforcement, software engineering, education, social networks, operating systems, and cybersecurity. He has been involved in the development of fundamental technologies in intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His interests range over these and many other areas, and this has been one of the factors behind his leadership of CERIAS, the Center for Education and Research in Information Assurance and Security, where he is the Executive Director Emeritus. Professor Spafford is a Fellow of the AAAS, ACM, IEEE, (ISC)2, a Distinguished Fellow of the ISSA, and a member of the Cyber Security Hall of Fame -- the only person to ever hold all these distinctions. In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for the combination of scholarship, teaching, and service. Among many other activities, he is the immediate past-chair of the Public Policy Council of ACM (USACM), and is the editor-in-chief of the journal Computers & Security.
Captain Alfred, a twenty-year veteran of the Rhode Island State Police, serves as the Captain of the Division’s Cyber Crimes Unit and State Fusion Center within the Detective Bureau. Captain Alfred is responsible for managing the day-to-day operations of the Computer and Cyber Crimes Unit and Fusion Center Operations. He also oversees the Joint Cyber Task Force, which is a public and private partnership of cyber professionals. In the Uniform Bureau, Captain Alfred was assigned to all the barracks locations. He was transferred to the Detective Bureau in 2005 where he was assigned to the Major Crimes Unit, Officer-in-Charge of the Auto Theft and Insurance Fraud Unit, and the Computer and Cyber Crimes Unit where he is currently assigned. He is a former member of the Motorcycle Unit and Honor Guard Unit. Most recently he served as a Night Executive Officer. Prior to joining the Rhode Island State Police, Captain Alfred served as a Barrington Police Officer for nine years and as a Captain and Company Commander of the 115th Military Police Company in the Rhode Island Army National Guard. Captain Alfred is an Encase certified digital forensic examiner and holds a Bachelor of Arts Degree from Providence College, an Associates of Science Degree in the Administration of Justice from Roger Williams University, and a Master of Science Degree in Administration of Justice and Homeland Security with a Concentration in Cyber Security and Intelligence from Salve Regina University.
We invite contributions in five categories: research papers, presentation proposals, panel proposals, workshop proposals, and demo proposals.
RESEARCH PAPERS undergo double-blinded, peer review, and are published by Elsevier in a special issue of Digital Investigation.
PRESENTATIONS, POSTERS, and DEMOS undergo a light review process to select presentations of maximal interest to DFRWS attendees, and filter out sales pitches. Presentation proposals must specify their target length from the following options: 20 minutes, 120 minutes (2 hours), or 240 minutes (4 hours). Note, 2-4 hour presentations are referred to as ‘workshops’ described below.
WORKSHOPS can be several hours or full day, and typically include hands-on participation by attendees, allowing for an in-depth, detailed exploration of tools and techniques of interest to DFRWS attendees. Workshops can and they can cover state-of-the-art research projects, useful tips and techniques for standard tools, or most anything that DFRWS attendees would consider beneficial. While commercial tools can be used, these workshops or tutorials should NOT be thinly-veiled commercial advertisements.
DFRWS will provide one free conference registration for each tutorial and workshop accepted.
Student award and student scholarship program
DFRWS continues its outreach to students studying digital forensics. DFRWS and its sponsors will award one or more Student Travel Scholarships each year. One scholarship will be awarded to the Best Student Research Paper awardee and include a monitary award of $599. More travel scholarships may be awarded, depending on sponsorship funding each year. Scholarships are free registration and accomodation at the conference hotel. DFRWS will notify the recipient of the Best Student Research Paper award on or before the conference registration deadline. Other awards (e.g. industry sponsored awards for research in specific topic areas) may be awarded after the registration deadline and are fully contingent on scholarship sponsorship by industry each year. Refer below for further details regarding eligibility, funding and selection.
ELIGIBILITY: Students must be co-authors on research paper submissions—presentation session presenters and poster presenters are not eligible. The student recipient of the Best Student Research Paper award must be the lead author on the paper being awarded. Student recipients of other travel scholarships (i.e. research paper awards on specific topics of interest funded by industry sponsors) must be co-authors, but they need not be lead authors. Awarded students must be the presenter of the paper for which the award was given at the conference.
FUNDING: Students will receive a code for free registration after being chosen. If a student has already registered, the fee can be refunded, or a check can be issued. Hotel rooms will be reserved by DFRWS and assigned to the students. The Best Student Paper monitary award will be provided at the conference.
SELECTION: Student travel scholarship recipients will be selected by a student scholarship committee, consisting of DFRWS Organizing Committee members, DFRWS Board of Directors, and/or industry scholarship sponsors. Award recipients will be selected based on research paper quality (contribution and writing), student contribution to the paper (authorship position), and research topic.
APPLY: Write a letter to email@example.com that includes:
– Which paper they authored
– What their author position is
– Whether they will present their paper
– An explanation of why they should receive a scholarship.
Topics of Interest
- Memory analysis and snapshot acquisition
- Storage forensics, including solid state
- “Big data” forensics, related to the collection, analysis, and visualization
- Incident response and live analysis
- Forensics of cloud and virtualized environments
- Malware and targeted attacks (analysis and attribution)
- Network and distributed system forensics
- Event reconstruction methods and tools
- Mobile and embedded device forensics
- Digital evidence storage and preservation
- Data recovery and reconstruction
- Multimedia analysis
- Database forensics
- Tool testing and development
- Digital evidence and the law
- Case studies and trend reports
- Data hiding and discovery
- Anti-forensics and anti-anti-forensics
- Interpersonal communications and social network analysis
- Non-traditional forensic scenarios and approaches (e.g. vehicles, Internet of Things, industrial control systems, and SCADA)
- Archival preservation & reconstruction
The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to firstname.lastname@example.org.Click Here For Proposal Requirements
|March 8, 2018||Author notification date|
|March 10, 2018||Submission Deadline - Presentations|
|March 10, 2018||Submission Deadline - Posters/Demos (with abstract to be included in printed proceedings)|
|March 27, 2018||Presenter Registration - - Research Papers, Presentations & Posters/Demos with abstract|
|June 22, 2018||Hotel Registration Deadline|
|July 2, 2018||Regular Registration Ends|
Elizabeth Schweinsberg (Facebook)
Conference Vice Chair
Bradley Schatz, Ph.D. (Schatz Forensic)
Josiah Dykstra, Ph.D. (National Security Agency)
Program Vice Chair
Tim Vidas, Ph.D. (Carnegie Mellon University)
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
Mark Guido (The MITRE Corporation)
Matthew Geiger (Qintel)
Doug White (Roger Williams University)
Alex Nelson, Ph.D. (NIST)
Golden Richard III, Ph.D. (Louisiana State University)
Workshop Vice Chair
Joe Sylve, Ph.D. (BlackBag Technologies)
Eoghan Casey, Ph.D. (University of Lausanne)
Nicole Beebe, Ph.D. (UTSA)
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
At Large Member
Wietse Venema, Ph.D. (Google)
At Large Member
David Baker (DFRWS)
At Large Member
Vassil Roussev, Ph.D. (University of New Orleans)
Frank Adelstein, Ph.D. (NFA Digital)
Technical Program Committee
Norwegian University of Science and Technology
University of New Haven
Nicole Beebe, Ph.D.
University of New Haven
James Madison University
University of Denver
Simson Garfinkel, Ph.D.
U.S. Census Bureau
Netherlands Forensic Institute
AT&T Security Research Center
The MITRE Corporation
Universita` degli studi di Milano
Timothy Leschke, Ph.D.
Johns Hopkins University
The Ohio State University
Vico Marziale, Ph.D.
Alex Nelson, Ph.D.
Universidad de Vigo
US Air Force Institute of Technology
Sandia National Laboratories
Golden Richard III, Ph.D.
Louisiana State University
Vassil Roussev, Ph.D.
University of New Orleans
Bradley Schatz, Ph.D.
La Trobe University
University of New Orleans
Joe Sylve, Ph.D.
Wietse Venema, Ph.D.
The University of Texas at Dallas
DFRWS USA 2018 registration includes access to all presentations, a copy of the printed proceedings, breakfasts, a welcome reception, and entrance to the famous rodeo challenge. Additionally, registered attendees may attend a banquet (including presentation of best paper awards).
Group discounts are available. If you have a group larger than four, please contact email@example.com
If you are a student in a third level graduate or postgraduate degree programme, you may qualify for a student grant covering part or all of your registration fee and/or travel expenses. Please note that travel grants are normally reserved for students presenting original research papers at the conference. For more information, please contact firstname.lastname@example.org. The decisions will be made by the organizing committee on a case-by-case basis considering your circumstances, provided evidence, objectives of the conference, and the available/remaining funds.
Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.
Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities
No Starch Press - Rodeo Prize Sponsor
San Francisco–based No Starch Press has published the finest in geek entertainment since 1994, covering topics like hacking, open source, Linux, LEGO, STEM, and programming for all ages. Our titles have personality and attitude, our authors are passionate about their subjects, and we read and edit every book that bears our name. Our goal is to make computing accessible to technophile and novice alike, and our readers appreciate our straightforward presentation and fearless approach to the complex world of technology.Learn More
Python Forensics - Breakfast Sponsorship
Python Forensics, Inc. is a non-profit organization focused on the collaborative development of open source investigative technologies using the Python programming language. We invite you to join us! The rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.Learn More
Google - Student Scholarship Sponsor
Google's mission is to organize the world's information and make it universally accessible and useful. Google is pleased to sponsor scholarships for students to attend DFRWS.Learn More
Riscure - Community Builder Sponsorship
Our international team of experts combines the latest attack techniques on hardware and software to explore the strength of any product. With our foundation in hardware testing, we are uniquely positioned to evaluate security where hardware and software challenges meet. We specialize in the security of devices that operate in an untrusted or hostile context. Used by organizations worldwide, the integrated modular platform of Inspector combines cutting edge side channel analysis (DPA) and fault injection testing. Custom designed hardware and software enable government institutions, defense organizations, security evaluation laboratories and chip manufacturers around the globe to perform time efficient, reproducible, cutting edge security research.Learn More
Welcome Reception Sponsor
With one campus on the coast of Bristol and another in the heart of Providence, R.I., Roger Williams University is a forward-thinking private university committed to strengthening society through engaged teaching and learning. In this dynamic setting, RWU’s Cybersecurity degree and certificate options combine the technical skills, situational management, and problem-solving employers seek careers in information security. Created in partnership with industry professionals, this cutting-edge program is taught online using virtual environments that simulate the operating systems that you’ll monitor on the job.Learn More
Magnet Forensics - Women in DFIR Luncheon
Magnet Forensics is a global leader in digital investigative technology and was built on a foundation of helping and empowerment. We help investigative teams find more evidence and empower them to uncover the truth. Our products are designed to leverage the latest technological innovations to help law enforcement, consultants, military, and private enterprise address these issues. We use AI, automation, advanced searching techniques, modern data visualization and more to help investigative teams find digital evidence and understand the story it is telling.Learn More