| Workshop 1 | Workshop 2 |
| 13:00 to 15:00 | Introducing a New Method for Chip-Off Success: Vapor Phase Workshop by Steve Watson (VTO Labs) and David Rathbone (VTO Labs) | KAPE: What’s all the buzz about? Workshop by Mark Hallman (SANS Institute) |
| 15:00 to 15:15 | Break: Refreshments in the Foyer |
| 15:15 to 17:15 | Behind the scenes of memory extraction Workshop by Joe FitzPatrick | Introduction to Ghidra Malware Analysis Workshop by Erika Noerenberg (Carbon Black) |
| Monday, July 15, 2019 |
| Columbia Falls Ballroom |
| 8:45 to 9:00 | Opening Remarks |
| 9:00 to 10:15 | Keynote Address
Sarah Edwards, SANS Institute |
| 10:15 to 10:30 | Break: Refreshments in the Foyer |
| 10:30 to 11:30 | Session I: Memory Forensics
Chair: Andrew White (Dell Secureworks) |
| Windows Memory Forensics: Detecting (un)intentionally hidden injected Code by examining Page Table Entries by Frank Block (ERNW Research GmbH) and Andreas Dewald (ERNW Research GmbH) Best Paper |
| Inception: Virtual Space in Memory Space in Real Space -- Memory Forensics of Immersive Virtual Reality with the HTC Vive by Peter Casey (University of New Haven), Rebecca Lindsay-Decusati (University of New Haven), Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven) |
| 11:30 to 12:50 | Lunch with Birds of a Feather |
| 12:50 to 13:00 | Works in Progress
Share a new idea or project in 5 minutes or less! Sign up on site. |
| 13:00 to 15:00 | Session II: Files and Filesystem Forensics
Chair: Alex Nelson, Ph.D. (NIST) |
| Syntactical File Carving and Automated Generation of Reproducible Datasets by Jan-Niclas Hilgert (Fraunhofer FKIE), Martin Lambertz (Fraunhofer FKIE), Mariia Rybalka (Fraunhofer FKIE), and Roman Schell (Fraunhofer FKIE) |
| bring2lite: A structural Concept and Tool for Forensic Data Analysis and Recovery of Deleted SQLite Records by Christian Meng (da/sec Biometrics and Internet Security Research Group, Hochschule Darmstadt) and Harald Baier (da/sec Biometrics and Internet Security Research Group, Hochschule Darmstadt) |
| DB3F & DF-Toolkit: The Database Forensic File Format and the Database Forensic Toolkit by James Wagner (DePaul University), Alexander Rasin (DePaul University), Karen Heart (DePaul University), Rebecca Jacob (DePaul University), and Jonathan Grier (Grier Forensics) |
| Using NTFS Cluster Allocation Behavior to Find the Location of User Data by Martin Karresand (Norwegian University of Science and Technology), Stefan Axelsson (Norwegian University of Science and Technology), and Geir Olav Dyrkolbotn (NTNU) |
| 15:00 to 15:30 | Break: Refreshments in the Foyer |
| 15:30 to 17:00 | Presentations: Access & Accessibility
Chair: Jessica Hyde (George Mason University / Magnet Forensics ) |
Extreme Damaged Devices by
Steve Watson (VTO Labs) |
| Forensic Jailbreaking of iOS devices by Bradley Schatz, Ph.D. (Schatz Forensic) |
| Introducing Digital Forensics Science in a Virtual Learning Environment by Eoghan Casey, Ph.D. (University of Lausanne), Daryl Pfeif (Digital Forensics Solutions and DFRWS), and Cassy Soden |
| CASE the Cyber-investigation Analysis Standard Expression by Vik Harichandran (MITRE), Cory Hall (MITRE), Andrew Sovern, Deborah Nichols, Navaneeth Subramanian, and Trevor Bobka |
| 19:00 to 21:30 | Reception on the Portland Spirit
Join us for a 2.5 hour evening welcome reception, river cruise and dinner. |
| | |
| Tuesday, July 16, 2019 |
| Columbia Falls Ballroom |
| 8:55 to 9:00 | Opening Remarks |
| 9:00 to 10:15 | Keynote Address |
Jonathan Levin
CTO, Technologeeks |
| 10:15 to 10:30 | Break: Refreshments in the Foyer |
| 10:30 to 12:00 | Presentations: Artefacts & Interpretation
Chair: Erika Noerenberg (Carbon Black) |
| Android Auto & Google Assistant – How Google Encourages Hands-Free Motoring by Joshua Hickman |
| School Cyber Risk & Challenges for Community Oriented Policing, Crime Prevention, and Investigations by Nicholas Dubois |
| An Incomplete Tour of the Forensic Implications of the Windows 10 Activity Timeline by Vico Marziale, Ph.D. (BlackBag Technologies) |
| Memory forensics as Triage Analysis by Aaron Sparling |
| 12:00 to 13:20 | Lunch and Posters |
| 13:20 to 13:30 | Works in Progress |
| 13:30 to 15:30 | Session III: IoT Forensics
Chair: Frank Adelstein, Ph.D. (NFA Digital) |
| Forensic analysis of the Nintendo 3DS NAND by Gus Pessolano (Norwich University), Huw Read (Norwich University), Iain Sutherland (Noroff University College), and Konstantinos Xynos (Noroff University College) |
| Forensic analysis of water damaged mobile devices by Aya Fukami and Kazuhiro Nishimura |
| Digital Forensic Practices and Methodologies for AI Speaker Ecosystems by Wooyeon Jo (Ajou University), Yeonghun Shin (Ajou University), Hyungchan Kim (Ajou University), Dongkyun Yoo (Ajou University), Donghyun Kim (KITRI BoB), Cheulhoon Kang (Supreme Prosecutor's Office, Republic of Korea), Jongmin Jin (Supreme Prosecutor's Office, Republic of Korea), Junghoon Oh (Supreme Prosecutor's Office, Republic of Korea), Bitna Na (Ajou University), and Taeshik Shon (Ajou University) |
| Leveraging Electromagnetic Side-Channel Analysis for the Investigation of IoT Devices by Asanka Sayakkara (University College Dublin), Nhien An Le Khac (University College Dublin), and Mark Scanlon, Ph.D. (University College Dublin) |
| 15:30 to 15:50 | Break: Refreshments in the Foyer |
| 15:50 to 16:00 | Awards
Join us for the announcement of the Best Paper Award |
| 16:00 to 17:10 | Presentations: Cognition, Introspection, & Perception
Chair: Matthew Geiger (Qintel) |
| Detection of Lateral Movement Across Valid Accounts by Using Human Behavior in the Physical Environment by Tomohiko Yano |
| Not Your Father’s Forensics: Concept Searching for Data Forensic Investigations: Uncover what keywords miss by Warren G. and Robert Kruse |
| Forensic String Search Tool Quirks or What I Learned Testing String Search Tools by James Lyle |
| 17:10 to 17:30 | DFRWS Forensic Challenge Presentation
The winners of the 2019 Forensic Challenge will present their submission. |
| 18:00 to 19:30 | Banquet
The Banquet will be held on-site in the Willamette Falls / University Grill Lounge & Restaurant. Join us for dinner and camaraderie. |
| 19:30 to 22:00 | Forensics Rodeo
The DFRWS Rodeo is a team based event where participants group together to solve forensically themed challenges in order to score points. The Rodeo is open to all attendees of the conference, regardless of ability level, and is designed to be a lighthearted social event where participants can meet new people and learn new skills. Stick around after the banquet to participate and try to win some prizes! To learn more about the rodeo, try out previous challenges or read challenge write-ups, go to https://dfrws.rodeo. |
| | |
| Wednesday, July 17, 2019 |
| Columbia Falls Ballroom |
| 9:25 to 9:30 | Opening Remarks |
| 9:30 to 11:30 | Session IV: Special Topics in Forensics
Chair: Wietse Venema, Ph.D. (Google) |
| HookTracer: A System for Automated and Accessible API Hooks Analysis by Golden Richard III, Ph.D. (Louisiana State University), Andrew Case (Volexity), Aisha Ali-Gombe, Mingxuan Sun, Ryan Maggio, Md Firoz-Ul-Amin, and Mohammad Jalalzai |
| FbHash: A New Similarity Hashing Scheme for Digital Forensics by Donghoon Chang, Mohona Ghosh, Somitra Sanadhya, Monika Singh, and Douglas White (NIST) |
| A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) by Laura Sanchez (University of New Haven), Cinthya Grajeda Mendez (University of New Haven), Ibrahim Baggili (University of New Haven), and Cory Hall (MITRE) |
| AFF4-L: A scalable open logical evidence container by Bradley Schatz, Ph.D. (Schatz Forensic) |
| 11:30 to 11:50 | Closing Remarks |
| 11:50 to 13:00 | Lunch on Wednesday |
| Workshop 1 | Workshop 2 |
| 13:00 to 17:00 | The Cyber-investigation Analysis Standard Expression (CASE) Workshop by Cory Hall (MITRE) | Investigating LOLBins & Scripts Workshop by Alissa Torres |
| 18:00 to 20:00 | Wrap Party @ Ground Kontrol |