| Sunday, August 6, 2017 | ||
|---|---|---|
| Salon F - 6th Floor | Salon G - 6th Floor | |
| 13:00to17:00 | A Light Introduction to Linux Malware Analysis Workshop Adam Pridgen | SMS Recovery From NAND Memory of Erased eMMC Chip Workshop Sasha Sheremetov (Rusolut) |
| Monday, August 7, 2017 | ||
| Salon G - 6th Floor | ||
| 9:00 | Welcome / Announcements | |
| 9:15 | Keynote Address Kara Nance Virginia Tech | |
| 10:15 | Break / Networking | |
| 10:30 | Session I - Papers: Artefacts & Interpretation 1 Chair: Frank Adelstein, Ph.D. (NFA Digital) | |
| DROP (DRone Open source Parser) Your Drone - Forensic Analysis of the DJI Phantom III Devon Clark, Christopher Meffert (University of New Haven), Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven) | ||
| Digital Forensic Approaches for Amazon Alexa Ecosystem Hyunji Chung, Jungheum Park, and Sangjin Lee | ||
| Leveraging the SRTP protocol for Over-The-Network Memory Acquisition of a GE Fanuc Series 90-30 Denton George, Filip Karpisek, Frank Breitinger (University of New Haven), and Ibrahim Baggili (University of New Haven) | ||
| 12:00 | Lunch (On Your Own) | |
| 14:00 | Session II - Papers: Scale Chair: Alex Nelson, Ph.D. (NIST) | |
| SCARF: A Container-Based Approach to Cloud-Scale Digital Forensic Processing Christopher Stelly (University of New Orleans) and Vassil Roussev, Ph.D. (University of New Orleans) | ||
| Insights Gained From Constructing a Large Scale Dynamic Analysis Platform Cody Miller, Dae Glendowne, Henry Cook, Demarcus Thomas, Patrick Pape, and Chris Lanclos | ||
| 15:00 | Break / Networking | |
| 15:30 | Session III - Presentations 1 Chair: Elizabeth Schweinsberg (Facebook) | |
| Virtualization-Based Security: A Forensics Perspective Jason Hale | ||
| Use of Generalized Hough Transform on Interpretation of Memory Dumps Paulo Roberto Nunes de Souza (University College Dublin) and Pavel Gladyshev, Ph.D. (University College Dublin) | ||
| Advancing the AFF4 to the Challenges of Volatile Memory and Single Hashes Bradley Schatz, Ph.D. (Schatz Forensic) | ||
| 16:30 | Teasers For Tool Demos / Poster Sessions (Sign Up On-Site) | |
| 18:00 | Welcome Reception (w/Demos, Posters) | |
| 19:30 | Rodeo | |
| Tuesday, August 8, 2017 | ||
| Salon G - 6th Floor | ||
| 9:00 | Welcome / Announcements | |
| 9:05 | Keynote Address Brian Hay | |
| 10:05 | Break / Networking | |
| 10:30 | Session IV -Papers: Artefacts & Interpretation 2 Chair: Golden Richard III, Ph.D. (Louisiana State University) | |
| Extending The Sleuth Kit and its Underlying Model for Pooled Storage File System Forensic Analysis Jan-Niclas Hilgert, Martin Lambertz, and Daniel Plohmann | ||
| SCADA Network Forensics of the PCCC Protocol Saranyan Senthivel, Irfan Ahmed (University of New Orleans), and Vassil Roussev, Ph.D. (University of New Orleans) | ||
| Linux Memory Forensics: Dissecting the User Space Process Heap Frank Block and Andreas Dewald | ||
| 12:00 | Lunch (On Your Own) | |
| 14:00 | Session V - Papers: Methodology & Validation Chair: Tim Vidas, Ph.D. (Carnegie Mellon University) | |
| Gaslight: A Comprehensive Fuzzing Architecture for Memory Forensics Frameworks Andrew Case (Volexity), Arghya Das, Seung-Jong Park, Ram Ramanujam, Golden Richard III, Ph.D. (Louisiana State University) | ||
| Availability of Datasets for Digital Forensics - and What is Missing Cinthya Grajeda Mendez, Frank Breitinger (University of New Haven), and Ibrahim Baggili (University of New Haven) | ||
| 15:00 | Break / Networking | |
| 15:30 | Session VI - Presentations 2 Chair: Josiah Dykstra, Ph.D. (National Security Agency) | |
| Finding Digital Evidence in Mobile Devices Hans Henseler, Ph.D. (University of Applied Sciences Leiden) and Vince Noort | ||
| Memory Based Dynamic Malware Analysis Endre Bangerter (Bern University of Applied Sciences) and Jonas Wagner | ||
| Deleted File Persistence on Digital Media Jim Jones and Tahir Khan | ||
| 17:25 | Boat Ride Banquet Ride To Austin Paddleboat (Boat Stages behind LCRA Jack Miller Building at | |
| Wednesday, August 9, 2017 | ||
| Salon F - 6th Floor | Salon G - 6th Floor | |
| 9:00 | Session VII - Papers: Analytic Techniques Chair: Vassil Roussev, Ph.D. (University of New Orleans) | |
| Analyzing User-Event Data Using Score-based Likelihood Ratios with Marked Point Processes Christopher Galbraith and Padhraic Smyth | ||
| Time-of-Recording Estimation for Audio Recordings Lilei Zheng, Ying Zhang, Chien Eao Lee, and Vrizlynn Thing | ||
| Carving Database Storage to Detect and Trace Security Breaches James Wagner (DePaul University), Alexander Rasin (DePaul University), Boris Glavic, Karen Heart, Jacob Furst, Lucas Bressan, and Jonathan Grier (Grier Forensics) | ||
| 10:30 | Break / Networking | |
| 10:45 | Session VIII - Presentations 3 Chair: Matthew Geiger (Qintel) | |
| Pull It Together: Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API Sean Barnum and Ryan Griffith (DC3) | ||
| AFIDS: Another Forensic Image Data Set Mark Guido (The MITRE Corporation), Michael McCarrin, David Baker (DFRWS), Vik Harichandran, and Sam Brothers | ||
| Browser Artifacts of Google Drive and Gmail Elizabeth Schweinsberg (Facebook) | ||
| 11:45 | Works In Progress (Signup OnSite) | |
| 12:00 | Closing Comments | |
| 12:15 | Lunch (On Your Own) | |
| 13:30 | Modern Password Cracking Systems Workshop Sudhir Aggarwal and Shiva Houshmand | Rekall Everywhere - DFIR in the Cloud Workshop Michael Cohen (Google) |
| 18:00 | DFRWS 2018 Planning Session | |