SUNDAY
Workshop Track 1Workshop Track 2
13:00 to 15:00Coding Digital Forensics Tools in Go (part 1) Lodovico Marziale (BlackBag Technologies) Joe Sylve (BlackBag Technologies)Rapid, Agentless, and Scalable Forensics and Incident Response Using WARDEN Adam Meily (Assured Information Security)
15:00 to 17:00Coding Digital Forensics Tools in Go (part 2) Lodovico Marziale (BlackBag Technologies) Joe Sylve (BlackBag Technologies)
MONDAYMain Hall
9:00Opening Remarks
9:15Keynote Address Erin Kenneally -- Department of Homeland Security
10:15Break
10:30Session 1: Memory & Executable Analysis
Chair: Vassil Roussev, Ph.D. (University of New Orleans)
Detecting Objective-C Malware Through Memory Forensics Andrew Case Golden Richard III, Ph.D. (University of New Orleans)
BinGold: Towards Robust Binary Analysis by Extracting the Semantics of Binary Code as Semantic Flow Graphs (SFGs) Saed Alrabaee Lingyu Wang Mourad Debbabi
Robust Bootstrapping Memory Analysis against Anti-forensics Kyoungho Lee Hyunuk Hwang Kibom Kim Bongnam Noh
12:00Lunch on your own
14:00Session 2: Mobile & Thin Clients
Chair: Frank Adelstein, Ph.D. (Cayuga Networks)
Fingerprinting Android Packaging: Generating DNAs for Malware Detection by ElMouatez Billah Karbab Mourad Debbabi Djedjiga Mouheb
Rapid differential forensic imaging of mobile devices by Mark Guido, Justin Grover, and Jonathan Buttner
dbling: Identifying Extensions Installed on Encrypted Web Thin Clients by Mike Mabey, Adam Doupe, Ziming Zhao, Gail-Joon Ahn
15:30Break
16:00Presentations I
Practical Analyzing the Relation of Wallet Addresses in Bitcoin by Hiroki Kuzuno and Christian Karam
A practical approach to analyze smartphone backup data as a digital evidence by Jaehyeok Han and Sangjin Lee
Digital Forensics as a Service: an update by Harm van Beek
17:00 to 17:15One-Minute Teasers for Tool Demos and poster Sessions (sign-up on-site)
18:00 to 18:30Poster and Demo Sessions (off-site)
18:30 to 20:00Welcome Reception (off-site) Location: http://www.livingcomputermuseum.org/ A shuttle bus to and from the conference hotel will be provided from 5-9
TUESDAYMain Hall
9:00Administrative Remarks
9:15Keynote Address Troy Larson -- Microsoft
10:00Break
10:30Session 3: Anti-Forensics
Chair: Golden Richard III, Ph.D. (University of New Orleans)
Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy by Kevin Conlan, Ibrahim Baggili (University of New Haven),and Frank Breitinger (University of New Haven)
Time is on my side: Steganography in filesystem metadata by Sebastian Neuner, Artemios Voyiatzis, Martin Schmiedecker (SBA Research), Stefan Brunthaler, Stefan Katzenbeisser, and Edgar Weippl
Deleting collected digital evidence by exploiting a widely adopted hardware write blocker by Christopher Meffert, Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven)
12:00Lunch on your own
14:00Session 4: Data Recovery
Chair: Matthew Geiger (Dell SecureWorks)
Database Image Content Explorer: Carving Data That Does Not Officially Exist by James Wagner, Alexander Rasin, and Jonathan Grier
Recovery of Heavily Fragmented JPEG Files by Yanbin Tang, Junbin Fang, K.P. Chow (University of Hong Kong), Siu Ming, Jun Xu, Bo Feng, Qiong Li, and Qi Han
Recovery method of deleted records and tables from ESE Database by Kim Jeonghyeon Park Aran Lee Sangjin
15:30Break
16:00Presentations II
Forensic investigations in SDN networks Izzat Alsmadi Samer Khamaiseh Data Sets Available from the National Software Reference Library by Douglas White
Data Sets Available from the National Software Reference Library by Douglas White
16:45 to 17:15Forensic Challenge Presentation and Prizes
18:00 to 19:30Banquet
19:30 to 22:00Forensic Rodeo
WEDNESDAYMain Hall
9:30Session 5: Artifact Identification and Search
Chair: Elizabeth Schweinsberg (Google)
CuFA: a more formal definition for digital forensic artifacts by Vikram Harichandran, Daniel Walnycky, Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven)
InVEST: Intelligent Visual Email Search and Triage by Jay Koven, Enrico Bertini, Luke Dubois, and Nasir Memon
PeekaTorrent: Leveraging P2P Hash Values for Digital Forensics by Sebastian Neuner, Martin Schmiedecker (SBA Research), and Edgar Weippl
11:00Works in Progress
11:15Closing Comments
11:30Lunch on your own
Workshop 1Workshop 2
13:30 to 15:30Hands-On With Open Source Similarity Digests Jon OliverUsing GRR and Rekall for Scalable Memory Analysis (part 1) Michael Cohen (Google)
15:30 to 17:30IED Forensics: Hunting the IED Engineer Larry LeibrockUsing GRR and Rekall for Scalable Memory Analysis (part 2) Michael Cohen (Google)