Sunday, August 9, 2015
Workshop Track 1Workshop Track 2
1:00-3:00pmGRR Rapid Response, Part 1Creating forensic tools in Go
3:00-5:00pmGRR Rapid Reponse, Part 2Vehicle Forensics
5:30 PMRegistration closes
Monday, August 10, 2015
9:00 AMOpening Remarks
9:15 AMKeynote Address
Luke Dembosky, Deputy Assistant Attorney General, Department of Justice National Security Division
10:15 AMBreak
10:30 AMSESSION 1: Malware Analysis
Session Chair: Vassil Roussev
"The Impact of GPU-Assisted Malware on Memory Forensics: A Case Study" by Davide Balzarotti, Roberto Di Pietro and Antonio Villani
"Advancing Mac OS X Rootkit Detection" by Andrew Case and Golden Richard
"Graph-Theoretic Characterization of Cyber-threat Infrastructures" by Amine Boukhtouta, Djedjiga Mouheb, Mourad Debbabi, Omar Alfandi, Farkhund Iqbal and May El Barachi
12:00 PMLunch on your own
1:40 PMForensic Challenge Presentations and Prizes
2:00 PMSESSION 2: Acquisition and E-Discovery
Session Chair: Wietse Venema
"Rapid Forensic Imaging of Large Disks with Sifting Collectors" by Jonathan Grier and Golden Richard -- Best Paper Award
"Extending the AFF4 container format for scalable acquisition and live analysis" by Bradley Schatz
"LINCS: Towards Building a Trustworthy Litigation Hold Enabled Cloud Storage System" by Shams Zawoad, Ragib Hasan and John Grimes
3:30 PMBreak
4:00 PMPRESENTATIONS I
Session Chair: Elizabeth Schweinsberg
"Inferring Past Activity from Partial Digital Artifacts" by James Jones, Tahir Khan, Kathryn Laskey, Alexander Nelson, Mary Laamanen and Douglas White
"Visualizing the Version-Controlled Filesystem" by Jon Stewart and Zack Weger
"Finding your naughty BITS" by Matthew Geiger
5:00 PMOne-Minute Teasers for Tool Demos and Poster Session
5:20 PM2016 DFRWS Challenge by Michael McCarrin, Brian Greunke, and Robert Beverly (pres)
5:30 PMWelcome Reception(Poster and Demo Session)
Tuesday, August 11, 2015
9:00 AMAdministrative Remarks
9:05 AMKeynote Address
Jason Upchurch, Intel
10:00 AMBreak
10:25 AMSESSION 3: Android & Network Forensics
Session Chair: Frank Adelstein
"New acquisition method based on firmware update protocols for Android smartphones" by Seung Jei Yang, Jung Ho Choi, Ki Bom Kim and Tae Joo Chang
"Network and device forensic analysis of Android social-messaging applications" by Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Frank Breitinger and Jason Moore
"Detecting very large sets of referenced files at 40/100 GbE, especially MP4 files" by Adrien Larbanet, Jonas Lerebours and Jean Pierre David
11:55 AMLunch on your own
1:25 PMInvited talk
Ricky Connell, Director of Incident Response, Yahoo!
2:15 PMSESSION 4: Computational Forensics
Session Chair: Josiah Dykstra
"Hash-Based Carving: Searching media for complete files and file fragments with sector hashing and hashdb" by Simson Garfinkel and Michael McCarrin
"Database Forensic Analysis through Internal Structure Carving" by James Wagner, Alexander Rasin and Jonathan Grier
"E-mail Authorship Attribution using Customized Associative Classification" by Michael Schmid, Farkhund Iqbal and Benjamin Fung
3:45 PMBreak
4:10 PMPRESENTATIONS II
Session Chair: Alex Nelson
"Federated Testing: Shared Test Materials from the CFTT Program at NIST" by Ben Livelsberger and James Lyle
"The Chain of Custody: A big misconception?" by Tobias Eggendorfer
"Video Authentication Using File Structure and Metadata" by Jake Hall
6:00 PMBanquet
7:30 PMForensic Rodeo
Wednesday, August 12, 2015
8:00 AMRegistration / Breakfast
9:00 AMSESSION 5: Archival and Reverse Engineering
Session Chair: Golden Richard
"Privacy Preserving Email-Forensics" by Frederik Armknecht, Andreas Dewald and Michael Gruhn
"Archival Science, Digital Forensics, and New Media Art" by Dianne Dietrich and Frank Adelstein
"BinComp: A Practical Approach to Compiler Provenance Attribution" by Saed Alrabaee, Paria Shirani, Mourad Debbabi, Ashkan Rahimian and Lingyu Wang
"Automatic Classification of Object Code Using Machine Learning" by John Clemens
11:00 AMWorks in Progress
11:15 AMClosing Comments
11:30 AMLunch on your own
Workshop Track 1Workshop Track 2Workshop Track 3
1:00-5:00pmReverse Engineering with RekallBitcurator: Redacting and providing access to data from disk imagesPython scripting in Autopsy
6:00 PMDFRWS 2016 Planning Session aboard the Moshulu, "the world's oldest and largest square rigged sailing vessel still afloat"
Thursday, August 13, 2015
9:00 AMDigital Forensics Curriculum Standards 3rd Workshop (6 hours)