DFRWS USA 2018 was held July 15-18, 2018 at the Omni Providence in Providence, RI.  The conference was help in cooperation with the ACM.

A keynote address from Prof. Eugene Spafford started the conference.  On the second day, Captain John C Alfred of the Rhode Island State Police gave us a local perspective of the use of forensics in investigations.  The program also consisted of 14 peer-reviewed papers, 7 industry presentations, and 5 workshops.  Evening events included the Welcome Reception and Poster Session at the Skyline at Waterplace on the Providence River and a banquet at the hotel with the world famous Forensics Rodeo.

The Best Paper Award was for “Forensic Analysis of Multiple Device BTRFS Configurations Using The Sleuth Kit” by Jan-Niclas Hilgert, Martin Lambertz, and Shujian Yang.  The Best Student Paper Award went to “Memory Forensics and the Windows Subsystem for Linux” by Nathan Lewis (Louisiana State University), Andrew Case (Volexity), Aisha Ali-Gombe, and Golden Richard III, Ph.D. (Louisiana State University).

The 2018 Forensics Challenge was about Internet of Things (IoT), defined generally to include network and Internet connected devices usually for the purpose of monitoring and automation tasks. Consumer-grade “Smart” devices are increasing in popularity and scope. These devices and the data they collect are potentially interesting for digital investigations, but also come with a number of new investigation challenges.

This year’s grand prize was awarded to the SPAWAR Systems Center ATLANTIC Team: Mark Gramajo, Joshua Lewis, Randall Sharo, Shawn Zwach.  This team not only analyzed available digital traces to reconstruct the scenario, but also developed open source plugins for the plaso forensic framework, provided a script to parse the Google OnHub diagnostic report, loaded results into Elastic and Kibana for correlation and analysis, and uncovered IoT traces within network traffic.

Conference Location:

Providence, RI United States

Keynotes

How Well Are We Meeting the Challenge?

Prof. Eugene Spafford | Purdue University

Eugene H. Spafford is one of the most senior cybersecurity researchers in the field. During his 30+ years in computing—including 29 years as a faculty member at Purdue University -- Spaf (as he is widely known) has worked on issues in privacy, public policy, law enforcement, software engineering, education, social networks, operating systems, and cybersecurity. He has been involved in the development of fundamental technologies in intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His interests range over these and many other areas, and this has been one of the factors behind his leadership of CERIAS, the Center for Education and Research in Information Assurance and Security, where he is the Executive Director Emeritus. Professor Spafford is a Fellow of the AAAS, ACM, IEEE, (ISC)2, a Distinguished Fellow of the ISSA, and a member of the Cyber Security Hall of Fame -- the only person to ever hold all these distinctions. In 2012 he was named as one of Purdue's inaugural Morrill Professors -- the university's highest award for the combination of scholarship, teaching, and service. Among many other activities, he is the immediate past-chair of the Public Policy Council of ACM (USACM), and is the editor-in-chief of the journal Computers & Security.

Captain John C Alfred | Rhode Island State Police

Captain Alfred, a twenty-year veteran of the Rhode Island State Police, serves as the Captain of the Division’s Cyber Crimes Unit and State Fusion Center within the Detective Bureau. Captain Alfred is responsible for managing the day-to-day operations of the Computer and Cyber Crimes Unit and Fusion Center Operations. He also oversees the Joint Cyber Task Force, which is a public and private partnership of cyber professionals. In the Uniform Bureau, Captain Alfred was assigned to all the barracks locations. He was transferred to the Detective Bureau in 2005 where he was assigned to the Major Crimes Unit, Officer-in-Charge of the Auto Theft and Insurance Fraud Unit, and the Computer and Cyber Crimes Unit where he is currently assigned. He is a former member of the Motorcycle Unit and Honor Guard Unit. Most recently he served as a Night Executive Officer. Prior to joining the Rhode Island State Police, Captain Alfred served as a Barrington Police Officer for nine years and as a Captain and Company Commander of the 115th Military Police Company in the Rhode Island Army National Guard. Captain Alfred is an Encase certified digital forensic examiner and holds a Bachelor of Arts Degree from Providence College, an Associates of Science Degree in the Administration of Justice from Roger Williams University, and a Master of Science Degree in Administration of Justice and Homeland Security with a Concentration in Cyber Security and Intelligence from Salve Regina University.

Participation

We invite contributions in five categories: research papers, presentation proposals, panel proposals, workshop proposals, and demo proposals.

RESEARCH PAPERS undergo double-blinded, peer review, and are published by Elsevier in a special issue of Digital Investigation.

PRESENTATIONS, POSTERS, and DEMOS undergo a light review process to select presentations of maximal interest to DFRWS attendees, and filter out sales pitches. Presentation proposals must specify their target length from the following options: 20 minutes, 120 minutes (2 hours), or 240 minutes (4 hours). Note, 2-4 hour presentations are referred to as ‘workshops’ described below.

WORKSHOPS can be several hours or full day, and typically include hands-on participation by attendees, allowing for an in-depth, detailed exploration of tools and techniques of interest to DFRWS attendees. Workshops can and they can cover state-of-the-art research projects, useful tips and techniques for standard tools, or most anything that DFRWS attendees would consider beneficial. While commercial tools can be used, these workshops or tutorials should NOT be thinly-veiled commercial advertisements.

DFRWS will provide one free conference registration for each tutorial and workshop accepted.

Student award and student scholarship program
DFRWS continues its outreach to students studying digital forensics. DFRWS and its sponsors will award one or more Student Travel Scholarships each year. One scholarship will be awarded to the Best Student Research Paper awardee and include a monitary award of $599. More travel scholarships may be awarded, depending on sponsorship funding each year. Scholarships are free registration and accomodation at the conference hotel. DFRWS will notify the recipient of the Best Student Research Paper award on or before the conference registration deadline. Other awards (e.g. industry sponsored awards for research in specific topic areas) may be awarded after the registration deadline and are fully contingent on scholarship sponsorship by industry each year. Refer below for further details regarding eligibility, funding and selection.

ELIGIBILITY: Students must be co-authors on research paper submissions—presentation session presenters and poster presenters are not eligible. The student recipient of the Best Student Research Paper award must be the lead author on the paper being awarded. Student recipients of other travel scholarships (i.e. research paper awards on specific topics of interest funded by industry sponsors) must be co-authors, but they need not be lead authors. Awarded students must be the presenter of the paper for which the award was given at the conference.

FUNDING: Students will receive a code for free registration after being chosen. If a student has already registered, the fee can be refunded, or a check can be issued. Hotel rooms will be reserved by DFRWS and assigned to the students. The Best Student Paper monitary award will be provided at the conference.

SELECTION: Student travel scholarship recipients will be selected by a student scholarship committee, consisting of DFRWS Organizing Committee members, DFRWS Board of Directors, and/or industry scholarship sponsors. Award recipients will be selected based on research paper quality (contribution and writing), student contribution to the paper (authorship position), and research topic.

APPLY: Write a letter to usa-scholarship@dfrws.org that includes:
– Which paper they authored
– What their author position is
– Whether they will present their paper
– An explanation of why they should receive a scholarship.

Topics of Interest

  • Memory analysis and snapshot acquisition
  • Storage forensics, including solid state
  • “Big data” forensics, related to the collection, analysis, and visualization
  • Incident response and live analysis
  • Forensics of cloud and virtualized environments
  • Malware and targeted attacks (analysis and attribution)
  • Network and distributed system forensics
  • Event reconstruction methods and tools
  • Mobile and embedded device forensics
  • Digital evidence storage and preservation
  • Data recovery and reconstruction
  • Multimedia analysis
  • Database forensics
  • Tool testing and development
  • Digital evidence and the law
  • Case studies and trend reports
  • Data hiding and discovery
  • Anti-forensics and anti-anti-forensics
  • Interpersonal communications and social network analysis
  • Non-traditional forensic scenarios and approaches (e.g. vehicles, Internet of Things, industrial control systems, and SCADA)
  • Archival preservation & reconstruction

The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to usa-papers@dfrws.org

Click Here To Proposal Requirements

Deadlines

Deadlines Date Event Name
08/03/2018 Author notification date
10/03/2018 Submission Deadline - Presentations
10/03/2018 Submission Deadline - Posters/Demos (with abstract to be included in printed proceedings)
27/03/2018 Presenter Registration - - Research Papers, Presentations & Posters/Demos with abstract
22/06/2018 Hotel Registration Deadline
02/07/2018 Regular Registration Ends

Committees

Organizing Committee

Conference Chair

Elizabeth Schweinsberg (Facebook)

Conference Vice Chair

Bradley Schatz, Ph.D. (Schatz Forensic)

Program Chair

Josiah Dykstra, Ph.D. (National Security Agency)

Program Vice Chair

Tim Vidas, Ph.D. (Carnegie Mellon University)

Event Management/Production

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Demo/Posters

Mark Guido (The MITRE Corporation)

Forensic Rodeo

Matthew Geiger (Qintel)

Local Host

Doug White (Roger Williams University)

Proceedings

Alex Nelson, Ph.D. (NIST)

Workshop Chair

Golden Richard III, Ph.D. (Louisiana State University)

Workshop Vice Chair

Joe Sylve, Ph.D. (BlackBag Technologies)

Forensic Challenge

Eoghan Casey, Ph.D. (University of Lausanne)

Registration

Nicole Beebe, Ph.D. (UTSA)

Advertisement/Sponsorship

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

At Large Member

Wietse Venema, Ph.D. (Google)

At Large Member

David Baker (DFRWS)

At Large Member

Vassil Roussev, Ph.D. (University of New Orleans)

Keynotes

Frank Adelstein, Ph.D. (NFA Digital)

Technical Program Committee

Frank Adelstein

NFA Digital

Stefan Axelsson

Norwegian University of Science and Technology

Ibrahim Baggili

University of New Haven

David Baker

DFRWS

Nicole Beebe, Ph.D.

UTSA

Frank Breitinger

University of New Haven

Florian Buchholz

James Madison University

Michael Cohen

Google

Rinku Dewri

University of Denver

Sarah Edwards

SANS Institute

Simson Garfinkel, Ph.D.

U.S. Census Bureau

Matthew Geiger

Qintel

Zeno Geradts

Netherlands Forensic Institute

Paul Giura

AT&T Security Research Center

Mark Guido

The MITRE Corporation

Andrea Lanzi

Universita` degli studi di Milano

Timothy Leschke, Ph.D.

Johns Hopkins University

Zhiqiang Lin

The Ohio State University

David Loveall

FBI

Andrew Marrington

Zayed University

Vico Marziale, Ph.D.

BlackBag Technologies

Alex Nelson, Ph.D.

NIST

Erika Noerenberg

Carbon Black

Fernando Perez-Gonzalez

Universidad de Vigo

Gilbert Peterson

US Air Force Institute of Technology

Tu-Thach Quach

Sandia National Laboratories

Golden Richard III, Ph.D.

Louisiana State University

Vassil Roussev, Ph.D.

University of New Orleans

Bradley Schatz, Ph.D.

Schatz Forensic

Elizabeth Schweinsberg

Facebook

Kathryn Seigfried-Spellar

Purdue University

Jill Slay

La Trobe University

Christopher Stelly

University of New Orleans

Joe Sylve, Ph.D.

BlackBag Technologies

Wietse Venema, Ph.D.

Google

Andrew White

Dell Secureworks

Junyuan Zeng

The University of Texas at Dallas

Registration

DFRWS USA 2018 registration includes access to all presentations, a copy of the printed proceedings, breakfasts, a welcome reception, and entrance to the famous rodeo challenge. Additionally, registered attendees may attend a banquet (including presentation of best paper awards).

Group discounts are available. If you have a group larger than four, please contact usa-registration@dfrws.org

If you are a student in a third level graduate or postgraduate degree programme, you may qualify for a student grant covering part or all of your registration fee and/or travel expenses. Please note that travel grants are normally reserved for students presenting original research papers at the conference. For more information, please contact usa-registration@dfrws.org. The decisions will be made by the organizing committee on a case-by-case basis considering your circumstances, provided evidence, objectives of the conference, and the available/remaining funds.

Type of Registration Early Bird Regular Rate Onsite Registration
Regular Attendee 875
Full Time Student Special Rate 650
Law Enforcement Special Rate 650
Single Day (no other discounts apply; additional charge for Tuesday banquet) 300

Registration is closed!

Sponsors

Sponsors help DFRWS to produce quality events and foster community. Please consider supporting our cause. http://www.dfrws.org/sponsorship-opportunities

No Starch Press - Rodeo Prize Sponsor

San Francisco–based No Starch Press has published the finest in geek entertainment since 1994, covering topics like hacking, open source, Linux, LEGO,​ STEM, and programming for all ages. Our titles have personality and attitude, our authors are passionate about their subjects, and we read and edit every book that bears our name. Our goal is to make computing accessible to technophile and novice alike, and our readers appreciate our straightforward presentation and fearless approach to the complex world of technology.

Learn More

Python Forensics - Breakfast Sponsorship

Python Forensics, Inc. is a non-profit organization focused on the collaborative development of open source investigative technologies using the Python programming language. We invite you to join us! The rapid development of new cybercrime investigation tools is an essential ingredient in virtually every case and environment. Whether you are performing post-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.

Learn More

Google - Student Scholarship Sponsor

Google's mission is to organize the world's information and make it universally accessible and useful. Google is pleased to sponsor scholarships for students to attend DFRWS.

Learn More

Riscure - Community Builder Sponsorship

Our international team of experts combines the latest attack techniques on hardware and software to explore the strength of any product. With our foundation in hardware testing, we are uniquely positioned to evaluate security where hardware and software challenges meet. We specialize in the security of devices that operate in an untrusted or hostile context. Used by organizations worldwide, the integrated modular platform of Inspector combines cutting edge side channel analysis (DPA) and fault injection testing. Custom designed hardware and software enable government institutions, defense organizations, security evaluation laboratories and chip manufacturers around the globe to perform time efficient, reproducible, cutting edge security research.

Learn More

Welcome Reception Sponsor

With one campus on the coast of Bristol and another in the heart of Providence, R.I., Roger Williams University is a forward-thinking private university committed to strengthening society through engaged teaching and learning. In this dynamic setting, RWU’s Cybersecurity degree and certificate options combine the technical skills, situational management, and problem-solving employers seek careers in information security. Created in partnership with industry professionals, this cutting-edge program is taught online using virtual environments that simulate the operating systems that you’ll monitor on the job.

Learn More

Magnet Forensics - Women in DFIR Luncheon

Magnet Forensics is a global leader in digital investigative technology and was built on a foundation of helping and empowerment. We help investigative teams find more evidence and empower them to uncover the truth. Our products are designed to leverage the latest technological innovations to help law enforcement, consultants, military, and private enterprise address these issues. We use AI, automation, advanced searching techniques, modern data visualization and more to help investigative teams find digital evidence and understand the story it is telling.

Learn More