Please note: All times below are in Eastern Daylight Time. Current EDT Time:
Register now!
Monday, July 20, 2020
| 11:00 to 11:15 | Opening Remarks |
|---|---|
| 11:15 to 12:00 | Keynote Address This is the Way David Cowen, Managing Director at KPMG |
| 12:00 to 12:30 | Break |
| 12:30 to 13:45 | Session I: Memory Forensics Chair: Joe Sylve (BlackBag Technologies) |
| Hiding Process Memory via Anti-Forensic Techniques Ralph Palutke (Friedrich-Alexander Universität Erlangen-Nürnberg), Frank Block (Friedrich-Alexander Universität Erlangen-Nürnberg (FAU) and ERNW Research GmbH), Patrick Reichenberger (Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)), and Dominik Stripeika (Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)) | |
| Memory Analysis of macOS Page Queues Andrew Case (Volatility Foundation), Modhuparna Manna (Louisiana State University), Ryan Maggio (Louisiana State University), and Golden Richard (Louisiana State University) | |
| Memory FORESHADOW: Memory FOREnSics of HArDware cryptOcurrency Wallets – A Tool and Visualization Framework Tyler Thomas (University of New Haven (UNHcFREG)), Mathew Piscitelli (UNHcFREG), Ilya Shavrov (UNHcFREG), and Ibrahim Baggili (UNHcFREG) | |
| 13:45 to 14:15 | Break |
| 14:15 to 15:15 | Birds of a Feather Breakout Sessions |
| 15:15 to 15:30 | Break |
| 15:30 to 16:30 | Presentations I: Validation Chair: Matthew Geiger (Qintel) |
| The Potential of Digital Traces in Providing Evidence at Activity Level Dr. J. Henseler (University of Applied Sciences Leiden) and Prof.dr. C.J. de Poot (Amsterdam University of Applied Sciences, the Police Academy, and VU University of Amsterdam) | |
| Revisiting the Linear Hash Joe Sylve | |
| I Care, But Where Do I Start? Sharing Knowledge in Digital Forensics Josh Hickman | |
| 16:30 | Forensic Rodeo Opens |
Tuesday, July 21, 2020
| 11:00 to 11:15 | Opening Remarks |
|---|---|
| 11:15 to 12:00 | Keynote Address Mari DeGrazia, Associate Managing Director at Kroll Cyber Risk |
| 12:00 to 12:30 | Break |
| 12:30 to 13:45 | Session II: File System Forensics Chair: Wietse Venema (Google) |
| Generic Metadata Time Carving Rune Nordvik (Norwegian University of Science and Technology (NTNU); Norwegian Police University College), Kyle Porter (NTNU), Fergus Toolan (Norwegian Police University College), Stefan Axelsson (NTNU and Halmstad University), and Katrin Franke (NTNU) Winner of the Best Paper Award for USA 2020 | |
| An Empirical Study of the NTFS Cluster Allocation Behavior Over Time Martin Karresand (Norwegian University of Science and Technology (NTNU); Swedish Defence Research Agency (FOI)), Stefan Axelsson (NTNU and Norwegian Defence Cyber Academy (NDCA)), and Geir Olav Dyrkolbotn (Halmstad University) | |
| Unifying Metadata-Based Storage Reconstruction and Carving with LAYR Janine Schneider (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Hans-Peter Deifel (FAU), Stefan Milius (FAU), and Felix Freiling (FAU) | |
| 13:45 to 14:15 | Break |
| 14:15 to 14:45 | Lightning Talks |
| 14:45 to 15:00 | Break |
| 15:00 to 16:45 | Pub Quiz including Best Paper Award |
Wednesday, July 22, 2020
| 11:00 to 12:00 | Presentations II: Development Chair: Alex Nelson (NIST) |
|---|---|
| Integrating GRR Rapid Response with Graylog Extended Log Format Jacob Brown (RIT) and Yin Pan (RIT) | |
| Forensic Readiness Framework for 3D Printing Process: A Case Study of Ultimaker 3 Muhammad Haris Rais (Virginia Commonwealth University), Ye Li (Bradley University), and Irfan Ahmed (Virginia Commonwealth University) | |
| iLEAPP & ALEAPP: Parse and validate mobile forensic artifacts with Python Alexis Brignoni | |
| 12:00 to 12:30 | Break |
| 12:30 to 13:45 | Session III: Knowledge Aggregation Chair: Frank Adelstein (NFA Digital) |
| Exploring the Learning Efficacy of Digital Forensics Concepts and Bagging & Tagging of Digital Devices in Immersive Virtual Reality Courtney Hassenfeldt (University of New Haven (UNHcFREG)), Jillian Jacques (UNHcFREG), and Ibrahim Baggili (UNHcFREG) | |
| Statistical Methods for the Forensic Analysis of Geolocated Event Data Christopher Galbraith (Department of Statistics, University of California, Irvine), Padhraic Smyth (Department of Computer Science, University of California, Irvine), and Hal S. Stern (Department of Statistics, University of California, Irvine) | |
| VIDE - Vault App Identification and Extraction System for iOS Devices Gokila Dorai (Augusta University), Sudhir Aggarwal (Florida State University), Neet Patel (Florida State University), and Charisa Powell (Florida State University) | |
| 13:45 to 14:15 | Break |
| 14:15 to 15:15 | Birds of a Feather Breakout Sessions |
| 15:15 to 15:30 | Break |
| 15:30 to 16:10 | Presentations III: Analysis Chair: Dave Loveall (FBI) |
| Putting a User Behind an iOS Device Heather Mahalik | |
| Investigating Windows Subsystem for Linux (WSL) Endpoints Asif Matadar | |
| 16:10 | Reception |
Thursday, July 23, 2020
| 11:00 to 12:15 | Session IV: Acquisition and Decoding Chair: Golden G. Richard III (LSU) | |
|---|---|---|
| Facilitating Electromagnetic Side-Channel Analysis for IoT Investigation: Evaluating the EMvidence Framework Asanka Sayakkara (University College Dublin), Nhien An Le Khac (University College Dublin), and Mark Scanlon (University College Dublin) | ||
| Control Logic Forensics Framework using Built-in Decompiler of Engineering Software in Industrial Control Systems Syed Ali Qasim (Virginia Commonwealth University), Jared Smith (Oak Ridge National Laboratory), and Irfan Ahmed (Virginia Commonwealth University) Winner of the Best Student Paper Award for USA 2020 | ||
| Certificate Injection-based Encrypted Traffic Forensics in AI Speaker Ecosystem Yeonghun Shin (Ajou University), Hyungchan Kim (Ajou University), Sungbum Kim (Ajou University), Dongkyun Yoo (Ajou University), Wooyeon Jo (Ajou University), and Taeshik Shon (Ajou University) | ||
| 12:15 to 12:30 | Break | |
| 12:30 to 13:00 | Lightning Talks | |
| 13:00 to 13:30 | Closing Remarks | |
| 13:30 to 14:15 | Rodeo Results | |
| 14:15 to 14:30 | Break | |
| 14:30 to 18:30 | WORKSHOP: Performing Linux Forensic Analysis and Why You Should Care Ali H. Hadi, Ph.D., Champlain College | WORKSHOP: How Security Ninjas whisper the Sigma sounds Roberto Martinez (Kaspersky, GReAT Mexico) and Ido Naor (Kaspersky, GReAT Israel) |
Friday, July 24, 2020
| 11:00 to 15:00 | The Future of Inter-Tool Functionality and Informational Resources via CASE and UCO Cory Hall, CASE | |
|---|---|---|
| 15:00 to 15:30 | Break | |
| 15:30 to 17:30 | Forensic Audio Clarification – A Hands on Workshop for Beginners David Notowitz | Transitioning from Python to Rust for Forensic Tool Creation Matthew Seyer, KPMG |