Program

Sunday, July 15, 2018
	Foyer Area	Grand Ballroom B	Grand Ballroom C
2018-07-15T11:30:00-05:00 11:30	Registration Opens
2018-07-15T13:00:00-05:00 13:00 to 15:00		Getting Saucy with APFS! - The State of Apple’s New File System Workshop Sarah Edwards (SANS Institute)	Linux Memory Forensics Part 1 Workshop Hal Pomeranz (Deer Run Associates)
2018-07-15T15:00:00-05:00 15:00 to 17:00		Examining Recent Advances in Chip-Off for Mobile Device Forensics Workshop Steve Watson (VTO Labs)	Linux Memory Forensics Part 2 Workshop Hal Pomeranz (Deer Run Associates)
2018-07-15T17:30:00-05:00 17:30	Registration Closes
2018-07-15T18:00:00-05:00 18:00	Dinner On Your Own

Monday, July 16, 2018
	Foyer Area	Grand Ballroom (B&C)
2018-07-16T08:00:00-05:00 8:00 to 9:00	Registration / Breakfast
2018-07-16T09:00:00-05:00 9:00 to 9:15		Opening Remarks
2018-07-16T09:15:00-05:00 9:15 to 10:15		Keynote Address Prof. Eugene Spafford Purdue University
2018-07-16T10:15:00-05:00 10:15 to 10:30	Break
2018-07-16T10:30:00-05:00 10:30 to 12:00		Session 1 - Analysis Chair: Golden Richard III, Ph.D. (Louisiana State University) Memory Forensics and the Windows Subsystem for Linux Paper Nathan Lewis Andrew Case (Volexity) Aisha Ali-Gombe Golden Richard III, Ph.D. (Louisiana State University) Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification Paper Manish Bhatt Irfan Ahmed (University of New Orleans) Forensic Analysis of Multiple Device BTRFS Configurations Using The Sleuth Kit Paper Jan-Niclas Hilgert Martin Lambertz Shujian Yang
2018-07-16T12:00:00-05:00 12:00 to 14:00	Lunch On Your Own
2018-07-16T14:00:00-05:00 14:00 to 15:30		Session 2 - Artifacts Chair: Wietse Venema, Ph.D. (Google) Reconstructing Streamed Video Content: A Case Study on YouTube and Facebook Live Stream Content in the Chrome Web Browser Cache Paper Graeme Horsman Welcome pwn: Almond Smart Home Hub Forensics Paper Akshay Awasthi Huw Read Iain Sutherland Konstantinos Xynos Experience Constructing the Artifact Genome Project (AGP): Managing the Domain's Knowledge One Artifact at a Time Paper Cinthya Grajeda Mendez Laura Sanchez Ibrahim Baggili (University of New Haven) Devon Clark Frank Breitinger (University of New Haven)
2018-07-16T15:30:00-05:00 15:30 to 16:00	Break
2018-07-16T16:00:00-05:00 16:00 to 16:30		Presentations 1 Chair: Frank Adelstein, Ph.D. (NFA Digital) IoT 4n6: The Growing Impact of IoT on Digital Forensics Presentation Jessica Hyde (George Mason University / Magnet Forensics ) Was the 2016 Election Hacked? Your Forensic Expertise is Needed! Presentation Suzanne Mello-Stark
2018-07-16T16:30:00-05:00 16:30 to 16:45		One Minute Teasers for Poster Sessions / Tool Demos (sign-up on-site)
2018-07-16T18:00:00-05:00 18:00	Welcome Reception & Poster / Demos Held offsite at Skyline at Waterplace

Tuesday, July 17, 2018
	Foyer Area	Grand Ballroom (B&C)
2018-07-17T08:00:00-05:00 8:00 to 9:00	Registration / Breakfast
2018-07-17T09:00:00-05:00 9:00 to 9:05		Administrative Remarks
2018-07-17T09:05:00-05:00 9:05 to 9:55		Keynote Address Captain John C Alfred Rhode Island State Police
2018-07-17T09:55:00-05:00 9:55 to 10:00		Best Paper Awards
2018-07-17T10:00:00-05:00 10:00 to 10:15	Break
2018-07-17T10:15:00-05:00 10:15 to 12:00		Session 3 – Mobile Chair: Alex Nelson, Ph.D. (NIST) Automated Forensic Analysis of Mobile Applications on Android Devices Paper Xiaodong Lin, Ph.D. (Wilfrid Laurier University) Ting Chen Tong Zhu Kun Yang Fengguo Wei DroidKex: Fast Extraction of Ephemeral TLS Keys from the Memory of Android Apps Paper Benjamin Taubmann Omar Al Abduljaleel Hans Reiser Digital Forensic Investigation of Two-Way Radio Communication Equipment and Services Paper Arie Kouwen Mark Scanlon, Ph.D. (University College Dublin) Kim-Kwang Raymond Choo Nhien An Le Khac (University College Dublin)
2018-07-17T12:00:00-05:00 12:00 to 14:00	Lunch On Your Own
2018-07-17T14:00:00-05:00 14:00 to 15:00		Session 4 – Techniques Chair: Vassil Roussev, Ph.D. (University of New Orleans) Analyzing the DarkNetMarkets Subreddit for Evolutions of Tools and Trends Using LDA Topic Modeling Paper Kyle Porter Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests Paper Tomasz Tuzel Mark Bridgman Joshua Zepf
2018-07-17T15:00:00-05:00 15:00 to 15:30	Break
2018-07-17T15:30:00-05:00 15:30 to 16:30		Presentations 2 Chair: Elizabeth Schweinsberg (Facebook) Turbinia: Automation of Forensic Processing in the Cloud Presentation Thomas Chopitea Aaron Peterson Drone Forensics Program Presentation Steve Watson (VTO Labs)
2018-07-17T16:30:00-05:00 16:30 to 17:00		Forensic Challenge Presentation and Prizes
2018-07-17T18:00:00-05:00 18:00 to 19:30		Banquet
2018-07-17T19:30:00-05:00 19:30		Forensic Rodeo

Wednesday, July 18, 2018
	Foyer Area	Grand Ballroom (B&C)	Grand Ballroom B	Grand Ballroom C
2018-07-18T08:00:00-05:00 8:00 to 9:00	Registration / Breakfast
2018-07-18T09:00:00-05:00 9:00 to 10:30		Session 5 – Malware Chair: Joe Sylve, Ph.D. (BlackBag Technologies) Multinomial Malware Classification Via Low-level Features Paper Sergii Banin Geir Olav Dyrkolbotn (NTNU) Deep Learning at the Shallow End: Malware Classification for Non-Domain Experts Paper Quan Le Oisin Boydell Mark Scanlon, Ph.D. (University College Dublin) CGC Monitor: A Vetting System for the DARPA Cyber Grand Challenge Paper Michael Thompson Timothy Vidas
2018-07-18T10:30:00-05:00 10:30 to 10:45	Break
2018-07-18T10:45:00-05:00 10:45 to 11:45		Presentations 3 Chair: Bradley Schatz, Ph.D. (Schatz Forensic) Using Santa to Augment Forensic Investigations Presentation James Nettesheim Gary Brown Damaged Device Forensics Presentation Steve Watson (VTO Labs) Adding APFS Support to The Sleuthkit Framework Presentation Joe Sylve, Ph.D. (BlackBag Technologies)
2018-07-18T11:45:00-05:00 11:45 to 12:00		Works in Progress (sign-up on-site) Chair: Daryl Pfeif (Digital Forensics Solutions and DFRWS)
2018-07-18T12:00:00-05:00 12:00 to 12:20	Closing Comments
2018-07-18T12:20:00-05:00 12:20 to 13:30	Lunch On Your Own
2018-07-18T13:30:00-05:00 13:30 to 15:30			Android Forensics and Reverse Engineering (Part 1) Workshop Trevor Haigh (University of New Haven) Frank Breitinger (University of New Haven)	Plaso: The Missing Manual (Part 1) Workshop Mark Hallman (SANS Institute)
2018-07-18T15:30:00-05:00 15:30 to 17:30			Android Forensics and Reverse Engineering (Part 2) Workshop Trevor Haigh (University of New Haven) Frank Breitinger (University of New Haven)	Plaso: The Missing Manual (Part 2) Workshop Mark Hallman (SANS Institute)
2018-07-18T18:00:00-05:00 18:00	DFRWS 2019 Planning Session (first drink is on DFRWS) Offsite - See signup sheet at Registration Desk

iCal Feed

Please click the button to subscribe to the iCal feed for this Conference.