| Sunday, August 6, 2017 | ||
|---|---|---|
| Salon F - 6th Floor | Salon G - 6th Floor | |
| 13:00to17:00 | A Light Introduction to Linux Malware Analysis Workshop Adam Pridgen | SMS Recovery From NAND Memory of Erased eMMC Chip Workshop Sasha Sheremetov (Rusolut) |
| Monday, August 7, 2017 | ||
| Salon G - 6th Floor | ||
| 9:00 | Welcome / Announcements | |
| 9:15 | Keynote Address Kara Nance Virginia Tech |
|
| 10:15 | Break / Networking | |
| 10:30 | Session I - Papers: Artefacts & Interpretation 1 Chair: Frank Adelstein, Ph.D. (NFA Digital) |
|
| DROP (DRone Open source Parser) Your Drone - Forensic Analysis of the DJI Phantom III Devon Clark, Christopher Meffert (University of New Haven), Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven) |
||
| Digital Forensic Approaches for Amazon Alexa Ecosystem Hyunji Chung, Jungheum Park, and Sangjin Lee |
||
| Leveraging the SRTP protocol for Over-The-Network Memory Acquisition of a GE Fanuc Series 90-30 Denton George, Filip Karpisek, Frank Breitinger (University of New Haven), and Ibrahim Baggili (University of New Haven) |
||
| 12:00 | Lunch (On Your Own) | |
| 14:00 | Session II - Papers: Scale Chair: Alex Nelson, Ph.D. (NIST) |
|
| SCARF: A Container-Based Approach to Cloud-Scale Digital Forensic Processing Christopher Stelly (University of New Orleans) and Vassil Roussev, Ph.D. (University of New Orleans) |
||
| Insights Gained From Constructing a Large Scale Dynamic Analysis Platform Cody Miller, Dae Glendowne, Henry Cook, Demarcus Thomas, Patrick Pape, and Chris Lanclos |
||
| 15:00 | Break / Networking | |
| 15:30 | Session III - Presentations 1 Chair: Elizabeth Schweinsberg (Facebook) |
|
| Virtualization-Based Security: A Forensics Perspective Jason Hale |
||
| Use of Generalized Hough Transform on Interpretation of Memory Dumps Paulo Roberto Nunes de Souza (University College Dublin) and Pavel Gladyshev, Ph.D. (University College Dublin) |
||
| Advancing the AFF4 to the Challenges of Volatile Memory and Single Hashes Bradley Schatz, Ph.D. (Schatz Forensic) |
||
| 16:30 | Teasers For Tool Demos / Poster Sessions (Sign Up On-Site) | |
| 18:00 | Welcome Reception (w/Demos, Posters) | |
| 19:30 | Rodeo | |
| Tuesday, August 8, 2017 | ||
| Salon G - 6th Floor | ||
| 9:00 | Welcome / Announcements | |
| 9:05 | Keynote Address Brian Hay |
|
| 10:05 | Break / Networking | |
| 10:30 | Session IV -Papers: Artefacts & Interpretation 2 Chair: Golden Richard III, Ph.D. (Louisiana State University) |
|
| Extending The Sleuth Kit and its Underlying Model for Pooled Storage File System Forensic Analysis Jan-Niclas Hilgert, Martin Lambertz, and Daniel Plohmann |
||
| SCADA Network Forensics of the PCCC Protocol Saranyan Senthivel, Irfan Ahmed (University of New Orleans), and Vassil Roussev, Ph.D. (University of New Orleans) |
||
| Linux Memory Forensics: Dissecting the User Space Process Heap Frank Block and Andreas Dewald |
||
| 12:00 | Lunch (On Your Own) | |
| 14:00 | Session V - Papers: Methodology & Validation Chair: Tim Vidas, Ph.D. (Carnegie Mellon University) |
|
| Gaslight: A Comprehensive Fuzzing Architecture for Memory Forensics Frameworks Andrew Case (Volexity), Arghya Das, Seung-Jong Park, Ram Ramanujam, Golden Richard III, Ph.D. (Louisiana State University) |
||
| Availability of Datasets for Digital Forensics - and What is Missing Cinthya Grajeda Mendez, Frank Breitinger (University of New Haven), and Ibrahim Baggili (University of New Haven) |
||
| 15:00 | Break / Networking | |
| 15:30 | Session VI - Presentations 2 Chair: Josiah Dykstra, Ph.D. (National Security Agency) |
|
| Finding Digital Evidence in Mobile Devices Hans Henseler, Ph.D. (University of Applied Sciences Leiden) and Vince Noort |
||
| Memory Based Dynamic Malware Analysis Endre Bangerter (Bern University of Applied Sciences) and Jonas Wagner |
||
| Deleted File Persistence on Digital Media Jim Jones and Tahir Khan |
||
| 17:25 | Boat Ride Banquet Ride To Austin Paddleboat (Boat Stages behind LCRA Jack Miller Building at |
|
| Wednesday, August 9, 2017 | ||
| Salon F - 6th Floor | Salon G - 6th Floor | |
| 9:00 | Session VII - Papers: Analytic Techniques Chair: Vassil Roussev, Ph.D. (University of New Orleans) |
|
| Analyzing User-Event Data Using Score-based Likelihood Ratios with Marked Point Processes Christopher Galbraith and Padhraic Smyth |
||
| Time-of-Recording Estimation for Audio Recordings Lilei Zheng, Ying Zhang, Chien Eao Lee, and Vrizlynn Thing |
||
| Carving Database Storage to Detect and Trace Security Breaches James Wagner (DePaul University), Alexander Rasin (DePaul University), Boris Glavic, Karen Heart, Jacob Furst, Lucas Bressan, and Jonathan Grier (Grier Forensics) |
||
| 10:30 | Break / Networking | |
| 10:45 | Session VIII - Presentations 3 Chair: Matthew Geiger (Qintel) |
|
| Pull It Together: Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API Sean Barnum and Ryan Griffith (DC3) |
||
| AFIDS: Another Forensic Image Data Set Mark Guido (The MITRE Corporation), Michael McCarrin, David Baker (DFRWS), Vik Harichandran, and Sam Brothers |
||
| Browser Artifacts of Google Drive and Gmail Elizabeth Schweinsberg (Facebook) |
||
| 11:45 | Works In Progress (Signup OnSite) | |
| 12:00 | Closing Comments | |
| 12:15 | Lunch (On Your Own) | |
| 13:30 | Modern Password Cracking Systems Workshop Sudhir Aggarwal and Shiva Houshmand | Rekall Everywhere - DFIR in the Cloud Workshop Michael Cohen (Google) |
| 18:00 | DFRWS 2018 Planning Session | |