The DFRWS-APAC 2022 Conference will be held Wednesday, September 28 through Friday, September 30. The DFRWS APAC program committee are currently planning the conference as a hybrid event, with it possible for attendees and presenters to attend either virtually via Zoom or physically in Adelaide, Australia (pandemic permitting).

Conference Location:

The conference will be held at the University of Adelaide and will be live streamed for online attendees.

September 28, 2022 to September 30, 2022



Lessons learned from implementing digital forensic as a service

Harm Van Beek | Senior Digital Forensic Scientist, Netherlands Forensic Institute


Harm van Beek is an experienced senior digital forensic scientist at the Netherlands Forensic Institute (NFI). His work consists of performing examinations in criminal cases, and conducting scientific research in the digital forensic field. Harm is one of the founders of the forensic investigation, innovation and knowledge sharing platform Hansken. He was technical director of CASE, the international standard for sharing cyber-investigation traces.

Harm obtained his PhD in formal methods (mathematics and computer science) at the Eindhoven University of Technology. Before joining the NFI in 2009, he was cofounder and CTO of ISAAC (becoming iO), a company dedicated to digital strategy, design, development and integration.


Since 2010, The Netherlands Forensic Institute offers the digital forensics as a service (DFaaS) platform Hansken to law-enforcement agencies. Nowadays, these agencies as well as academic institutes cooperate in the Hansken community, joining forces to improve the platform and share knowledge. Implementing DFaaS overhauls the process of handling digital evidence, amongst others by directly delivering the digital evidence to case investigators. They can search, filter and report the evidence according to their needs. The investigative results, of course, must be admissible in court. Therefore, Hansken includes precautions to ensure forensic integrity and implements multiple legal functions. Access is provided to defense lawyers to review investigative results and possibly identify exculpatory evidence. Building and servicing such a platform and supporting on-premise implementations comes with many challenges. This puts high demands on both the platform design and implementation as well as the investigative process. In this talk, Harm explains the challenges and key lessons learned from providing this service for over a decade.

Side Channels and the Art of Recovering Secrets from your Microarchitecture

Yuval Yarom | Associate Professor, the University of Adelaide


Yuval Yarom is an Associate Professor at the School of Computer Science at the University of Adelaide. He earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. In between he has been the Vice President of Research in Memco Software and a co-founder and Chief Technology Officer of

Yuval's research explores the security of the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He works on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.


Modern computer systems often run multiple programs that do not trust each other. Research over the last two decades has highlighted the risk that sharing resources poses to the security of systems. Specifically, microarchitectural side-channel attacks allow malicious programs to steal secrets of co-resident programs. This talk presents an overview of such side channels and how they operate. It first presents traditional cache attacks and how they exploit the cache state as a communication channel for leaking information. It then continues to the more recently discovered transient-execution attacks, which exploit processor behaviour to bypass security checks.


DFRWS invites contributions in the categories listed below. 

FULL RESEARCH PAPERS undergo double-blinded peer review, and the proceedings are published by Elsevier as a special issue of the Journal of Forensic Science International: Digital Investigation. We ask to submit articles according to the submission instructions.

PRESENTATIONS / DEMOS require a brief proposal (~500 words, informal), not a paper. These proposals undergo a light review process to select presentations of maximal interest to DFRWS attendees, and to filter out sales pitches. Accepted proposals will be given a presentation slot (~15min) during the conference. Note that the presentation/demo will not be part of the published proceedings. There will be (at least) one session where participants can directly watch demos and talk to the people running them.

POSTERS allow for the presentation of current research efforts and the discussion of preliminary results with the Digital Forensics Community. Consequently, posters can include early results, brief demonstration of a prototype or can outline research ideas. Posters will be available on the website and authors have the opportunity to present during breaks to receive feedback from the community. Note, posters will not be part of the published proceedings.

WORKSHOPS / TUTORIALS can be 2 to 4 hours (please indicate) and ideally include hands-on participation by attendees, allowing for an in-depth, detailed exploration of tools and techniques of interest to DFRWS attendees. Workshops can cover state-of-the-art research projects, useful tips and techniques for standard tools, or most anything that DFRWS attendees would consider beneficial. While commercial tools can be used, these workshops or tutorials should NOT be thinly-veiled commercial advertisements.

DFRWS will provide one free conference registration for each workshop accepted.

PANEL PROPOSALS should be one to three pages and clearly describe the topic, its relevance, and a list of potential panelists including their biographies (short). Panels will be evaluated based on the topic relevance and diversity of the panelists.

Submission Information

We ask you to submit all contributions via EasyChair (select the appropriate track during submission). Please make sure to follow the submission guidelines on the website ( Organizers may reject work that does not follow the listed criteria.


Topics of Interest

DFRWS welcomes new perspectives that push the envelope of what is currently possible in digital forensic. Potential topics to be addressed by submissions include, but are not limited to:

  • Machine learning and data mining for digital evidence extraction/query
  • Malware and targeted attacks (analysis and attribution)
  • Forensics analysis and visualization of Big Data
  • Non-traditional forensic scenarios / contexts
  • Network and distributed system forensics
  • Mobile and embedded device forensics
  • Forensic analysis of cloud and virtualized environments
  • Vehicle forensics (e.g., drones, cars)
  • Forensic analysis of new devices (e.g., wearables)
  • Forensic analysis of SCADA and ICS (industrial control systems), smart power grids
  • Covert channels (e.g., TOR, VPN)
  • Implanted medical devices forensics
  • Smart buildings investigations and forensics
  • Virtual currency investigations and forensics
  • Digital forensic preparedness / readiness
  • Digital investigation case management
  • Digital evidence sharing and exchange
  • Digital forensic triage / survey
  • Digital forensic tool validation
  • Event reconstruction methods and tools
  • Digital evidence and the law
  • Case studies and trend reports
  • Anti-forensics and anti-anti-forensics

Click Here For Proposal Requirements


Date Event
February 28, 2022 Call for papers announced
May 16, 2022 Submission deadline for papers
June 27, 2022 Author notification for full papers
July 19, 2022 Submission deadline for presentations, posters and workshops
July 22, 2022 Notifications for presentations, posters and workshops


Organizing Committee

Conference Chair

Bradley Schatz (Schatz Forensic)

Conference Vice Chair

Matthew Sorell (University of Adelaide)


Daryl Pfeif (Digital Forensic Solutions)


Frank Adelstein (NFA Digital)


Manoranjan Mohanty (University of Technology Sydney)

TPC Chair

KP Chow (University of Hong Kong)

TPC Vice Chair

Andrew Marrington (Zayed University)


Bradley Schatz (Schatz Forensic)

Technical Platform

Richard Matthews (University of Adelaide)


Jungheum Park (Korea University)


Asanka Sayakkara (University of Colombo)

Forensic Rodeo

Luke Jennings and Matthew Sorell


Yogesh Khatri (CyberCX)

Social Media

Inderbeer Singh

Academic Outreach

Emmanuel Pilli (Malaviya National Institute of Technology Jaipur)


Yogesh Khatri (CyberCX)


Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.

Information about sponsorship opportunities is available at:


CBIT Digital Forensic Services (CDFS) is Australia’s premier and most trusted supplier of digital forensic tools, training and certification.

CDFS is a well-regarded authority on the subject of Digital Forensics, with an established track record providing end-to-end solutions including procurement, implementation, consulting, expert witness testimony, as well as designing and delivering training nationally and on an international scale.

Our team of specialists provide innovated solutions to clients across numerous sectors throughout Asia Pacific, as well as Law Enforcement and Government panels across Australia. We strive to deliver education and service at a level that far surpasses what has traditionally been available in the industry.

Learn More