For this year’s DFRWS EU, we are planning a fully online event and this delivery will contain all of the elements you expect from DFRWS events.
We successfully replicated all of the components of the regular physical DFRWS event for DFRWS EU and USA 2020, both held online, incorporating the formal technical programme and the social events. Due to the uncertainty surrounding potential travel restrictions for the 2021 event due to COVID-19, we have made the decision early to run DFRWS EU 2021 online. Despite the conference running online, DFRWS Europe 2021 will include; Keynotes, Papers and Presentations, Hands-on Workshops, Poster and Demo Sessions, the Forensics Rodeo, Interactive Birds of a Feather Sessions and Lightning Talks.
Conference Location:
Cyberspace
March 29, 2021 to April 1, 2021
Keynotes
Keynote: The encryption challenge: an eternal search for the light switch in the dark?
Dr. Nicole S. van der Meulen | Senior Strategic Analyst at European Cybercrime Centre (EC3) at EuropolAbstract: There is no doubt encryption plays a key role in the safeguarding of the confidentiality and integrity of information in general and personal data in particular. Strong encryption is an essential feature of protecting privacy and doing business. Simultaneously, the widespread implementation of encryption has also introduced challenges for law enforcement and the entire criminal justice chain. Whilst these challenges surrounding encryption are not new, they remain in fashion as long as critical questions remain unanswered. This talk will reflect on how the different features of the current state of affairs – from technology to policy – complicate the ability to reach satisfying answers and how such absence continues to plague law enforcement efforts in its crime fighting mission.
Bio: Dr. Nicole S. van der Meulen studied Political Science with a focus on International Relations and Comparative Politics at the University of Maryland, Baltimore County (Bachelor of Arts, 2005, Cum Laude) and VU University Amsterdam (Master of Science, 2006, Cum Laude). In 2010 she obtained her PhD with a doctoral dissertation on digital financial identity theft at the Law Faculty of Tilburg University in the Netherlands. Afterwards, she worked as a Cyber Security advisor at GOVCERT.NL, the predecessor to the Dutch National Cyber Security Centre (NCSC), where she was co-responsible for the development of the first Cyber Security Threat Assessment of the Netherlands. She also held posts as an Assistant Professor at the Department of Transnational Legal Studies at the VU University in Amsterdam and as an Analyst in the Defence & Security team at RAND Europe in Cambridge, UK. Before coming to the European Cybercrime Centre (EC3) at Europol, she was an Advisor of Security Affairs at the Dutch Banking Association. She is currently a Senior Strategic Analyst at EC3 and head of the Policy & Development team.
Keynote: Emotet: The “king“ is dead – is he?
Linda Bertram | Public Prosecutor at the Prosecutor General's Office Frankfurt am Main – Center for Combatting Cybercrime (ZIT)and
Andre Dornbusch | Team Leader Cybercrime Investigations with the Federal Criminal Police Office (BKA)
Abstract: Emotet has been challenging cybersecurity for more than half a decade, not only causing millions and millions worth of damage, but even paralyzing hospitals and other parts of the so-called critical infrastructure by opening doors for other types of malware. After two and a half years of intensive investigations the infrastructure of the Emotet malware was taken over and dismantled in a joint international operation on January 26, 2021. For the first time in the history of cybercrime investigations, this team of international experts has been able to not only "pull the plug", but to gain control over the whole bot net – and to maintain it up to now. The dismantling of the Emotet infrastructure represents a significant blow against internationally organized cybercrime and, at the same time, a major improvement in cybersecurity. Join us for a ride through the investigations and find out how something as small as a ladybird can make a difference.
Bios: Linda Bertram studied law at the Georg-August-Universität in Göttingen/Germany with a focus on criminal law, obtaining the first state examination in 2007. From 2007 until 2009, she completed her mandatory legal clerkship, acquiring the second state examination in December 2009. She entered the judicial service in January 2010. After working for the public prosecutor's offices in Braunschweig, Bielefeld and Wiesbaden, she joined the ZIT in March 2020. At the ZIT, Linda Bertram conducts investigations in proceedings from the field of cybercrime in the narrower sense such as the Emotet case, which she has been dealing with since April 2020. Furthermore, she is entrusted with matters of international legal assistance.
Andre Dornbusch joined the BKA in 2002 after achieving his high school diploma. Completing police academy Andre joined the “Intelligence Team” of the newly founded “Computer Crimes Unit” of the “Serious and Organized Crime Division” in 2006. Andre worked within this team until 2018, witnessing the expansion of “fighting cybercrime” from a single unit to a subdivision consisting of four units. As of 2018 Andre joined an investigations unit, currently acting as team leader supervising two teams that are dealing with cybercrime cases. Main focus of these teams are malware-, hacking-, ddos- and (criminal) APT-cases. In 2020 a full scale “Division” was installed in the BKA to fight cybercrime.
Keynote: An Investigation of the Microsoft Exchange Vulnerability Used by Hafnium
Steven Adair | President, VolexityAbstract: While many organizations—and the information security community as a whole—were still reeling from the impact of the the SolarWinds Orion breach, another catastrophic event was already underway. In early January 2021, a Chinese APT actor was taking aim at organizations running Microsoft Exchange with a critical zero-day exploit that allowed them to download e-mails at will. As bad that sounds, it was actually just the beginning. The initial flaw would soon be combined with other zero-day exploits to allow full remote code execution on Exchange servers around world. This talk will review Volexity’s initial discovery of the main vulnerability that allowed these events to happen, and the actions of the threat actor known as Hafnium. It will cover the initial stealthy activities of the group; the later targeted exploitation and lateral movement; and the resulting widespread exploitation that compromised tens of thousands of servers around the world.
Bio: Steven Adair is a founder and president of Volexity Inc., an information security firm specializing in incident response, digital forensics, threat intelligence, network security monitoring, and trusted advisory. Steven currently leads a team of experts that frequently deals with advanced, complex cyber intrusions by nation-state-level intruders targeting organizations ranging from small think tanks to large global defense contractors.
Participation
DFRWS invites contributions in the categories listed below. We ask to submit all contributions via EasyChair (https://easychair.org/my/conference?conf=dfrwseu2021) and follow the submission guidelines (https://dfrws.org/submission-criteria-eu/).
FULL RESEARCH PAPERS undergo double-blinded peer review, and the proceedings are published by Elsevier as a special issue of the Journal of Forensic Science International: Digital Investigation. We ask to submit articles according to the submission instructions.
PRESENTATIONS / DEMOS require a brief proposal (~500 words, informal), not a paper. These proposals undergo a light review process to select presentations of maximal interest to DFRWS attendees, and to filter out sales pitches. Accepted proposals will be given a presentation slot (~15min) during the conference. These proposals must be submitted through EasyChair. Note that the presentation/demo will not be part of the published proceedings.
POSTERS allow for the presentation of current research efforts and the discussion of preliminary results with the Digital Forensics Community. Consequently, posters can include early results, brief demonstration of a prototype or can outline research ideas. Posters will be available on the website and authors have the opportunity to present during breaks.
WORKSHOPS / TUTORIALS can be 2 to 4 hours (please indicate) and typically include hands-on participation by attendees, allowing for an in-depth, detailed exploration of tools and techniques of interest to DFRWS attendees. Workshops can cover state-of-the-art research projects, useful tips and techniques for standard tools, or most anything that DFRWS attendees would consider beneficial. While commercial tools can be used, these workshops or tutorials should NOT be thinly-veiled commercial advertisements. DFRWS will provide one free conference registration for each workshop accepted.
PANEL PROPOSALS should be one to three pages and clearly describe the topic, its relevance, and a list of potential panelists including their biographies (short). Panels will be evaluated based on the topic relevance and diversity of the panelists.
Submission Information
All submissions must be submitted through the EasyChair site at https://easychair.org/my/conference?conf=dfrwseu2021. Submissions must be in PDF format and follow the submission criteria and guidelines (https://dfrws.org/submission-criteria-eu/). Organizers may reject work that does not follow the listed criteria.
Contact Information
For questions related to paper, presentation, and demo submissions, please send email to: eu-papers <at> dfrws <dot> org
For questions about workshop/tutorial proposals, please send email to: eu-workshops <at> dfrws <dot> org
For questions related to the organisation of DFRWS EU 2021 please send email to: eu <at> dfrws <dot> org
Student Scholarship and Award Program
DFRWS continues its outreach to students studying digital forensics. DFRWS and its sponsors will award one or more Scholarships each year to students (first author) who present their accepted research papers. One scholarship will be awarded to the Best Student Research Paper awardee. More scholarships may be awarded, depending on sponsorship funding each year. Exact award amounts will vary, but usually cover at least registration expenses. DFRWS will notify the recipient of the Best Student Research Paper award on or before the conference registration deadline. Other awards (e.g. industry sponsored awards for research in specific topic areas) may be awarded after the registration deadline and are fully contingent on scholarship sponsorship by industry each year. Refer to the website for further details regarding eligibility, funding and selection (Student Scholarship & Award Program).
Topics of Interest
DFRWS welcomes new perspectives that push the envelope of what is currently possible in digital forensics. Potential topics to be addressed by submissions include, but are not limited to:
- Machine learning and data mining for digital evidence extraction/query
- Social networking analysis and OSINT (Open Source Intelligence)
- Malware and targeted attacks (analysis and attribution)
- Forensics analysis and visualization of Big Data
- Non-traditional forensic scenarios / contexts
- Network and distributed system forensics
- Mobile and embedded device forensics
- Cloud and virtualized environments
- Vehicle forensics (e.g., drones, cars)
- SCADA / industrial control systems
- Covert channels (e.g. TOR, VPN)
- Implanted medical devices
- Smart power grids
- Smart buildings
- Virtual currency
- Digital forensic preparedness / readiness
- Digital investigation case management
- Digital evidence sharing and exchange
- Digital forensic triage / survey
- Digital forensic tool validation
- Event reconstruction methods and tools
- Digital evidence and the law
- Case studies and trend reports
- Anti-forensics and anti-anti-forensics
Deadlines
| Date | Event |
|---|---|
| February 28, 2021 | Poster Proposals Submission Deadline |
Committees
Organizing Committee
Conference Chair
Mark Scanlon, Ph.D. (University College Dublin)
Conference Co-Chair
Chris Hargreaves, Ph.D. (University of Oxford)
Conference Co-Chair
Thomas Souvignet, Ph.D. (University of Lausanne)
Technology Chair
Felix Freiling, Ph.D.
Program Chair
Frank Breitinger, Ph.D. (University of Liechtenstein)
Program Vice Chair
John Sheppard, Ph.D. (Waterford Institute of Technology)
Chief Organizational Officer
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
Local Arrangements Chair
Scar de Courcier (Forensic Focus)
Workshop Chair
Pavel Gladyshev, Ph.D. (University College Dublin)
Workshop Vice Chair
Robert Jan Mora
Forensic Challenge Chair
Eoghan Casey, Ph.D. (University of Lausanne)
Proceedings Co-Chair
Jan-Niclas Hilgert
Proceedings Co-Chair
Babak Habibnia, Ph.D. (University College Dublin)
Poster Chair
Jens-Petter Sandvik (Norwegian University of Technology and Science)
Poster Co-Chair
Maike Raphael
Web Chair
Mark Scanlon
Social Media Chair
Aikaterini Kanta
Outreach Chair
Scar de Courcier (Forensic Focus)
Keynote Co-Chair
Bruce Nikkel, Ph.D. (BFH)
Keynote Co-Chair
Robert Jan Mora
Birds of a Feather Chair
Frank Adelstein, Ph.D.
Panel Session Chair
Eoghan Casey, Ph.D. (University of Lausanne)
Sponsorship Co-Chair
David-Olivier Jaquet-Chiffelle, Ph.D. (University of Lausanne)
Technical Program Committee
Frank Adelstein, Ph.D.
NFA Digital
Irfan Ahmed
Virginia Commonwealth University
Saed Alrabaee
United Arab Emirates University
Olga Angelopoulou, Ph.D.
University of Warwick
Cosimo Anglano
Universitá del Piemonte Orientale
Harald Baier, Ph.D.
University of Applied Sciences, Darmstadt
Elias Bou-Harb, Ph.D.
University of Texas at San Antonio
Owen Brady, Ph.D.
King's College London
Frank Breitinger, Ph.D.
University of Liechtenstein
Patrick De Smet, Ph.D.
NICC/INCC
Mattia Epifani
ITTIG - CNR
Virginia Franqueira
University of Kent
Felix Freiling, Ph.D.
Friedrich-Alexander-Universität Erlangen-Nürnberg
Zeno Geradts, Ph.D.
Netherlands Forensic Institute
Oliver Goebel
University of Stuttgart
Chris Hargreaves, Ph.D.
University of Oxford
Hans Henseler, Ph.D.
University of Applied Sciences Leiden
Mario Hildebrandt
Otto-von-Guericke University of Magdeburg
Jan-Niclas Hilgert
Fraunhofer
Joshua James, Ph.D.
Hallym University
David-Olivier Jaquet-Chiffelle, Ph.D.
University of Lausanne
Michael Johnson
Self Employed
Erisa Karafili
University of Southampton
Christian Keil, Ph.D.
DFN-CERT
Stefan Kiltz
Universität Magdeburg
Christian Kraetzer, Ph.D.
Otto-von-Guericke University Magdeburg
Martin Lambertz
Fraunhofer FKIE
Hanno Langweg, Ph.D.
HTWG Konstanz
David Lillis, Ph.D.
University College Dublin
Tilo Müller
Friedrich-Alexander-Universität Erlangen-Nürnberg
Bruce Nikkel, Ph.D.
Bern University of Applied Sciences
Owen O'Connor
Salesforce
Gilbert Peterson, Ph.D.
US Air Force Institute of Technology
Daryl Pfeif
DFRWS
Christian Riess, Ph.D.
University of Erlangen-Nuremberg
Ricardo J. Rodríguez
Universidad de Zaragoza
Mark Scanlon, Ph.D.
University College Dublin
Bradley Schatz, Ph.D.
Schatz Forensic
Tobias Scheible
Albstadt-Sigmaringen University
Thomas Schreck, Ph.D.
University of Applied Sciences Munich
Marko Schuba, Ph.D.
FH Aachen - Aachen University of Applied Sciences
Andreas Schuster
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
John Sheppard, Ph.D.
Waterford Institute of Technology
Michael Spreitzenbarth, Ph.D.
Siemens CERT
Marian Svetlik
Risk Analysis Consultants
Harm Van Beek
Netherlands Forensic Institute
Jeroen van den Bos, Ph.D.
Netherlands Forensic Institute
Ronald van der Knijff
Netherlands Forensic Institute
Erwin van Eijk
Netherlands Forensic Institute
Wietse Venema, Ph.D.
Claus Vielhauer, Ph.D.
FH Brandenburg
Xiaolu Zhang
The University of Texas at San Antonio
Registration
DFRWS EU registration is open!
| Type of Registration | Early Bird Rate | Regular Rate | Last Chance Rate |
|---|---|---|---|
| Available through... | |||
| Standard | TBD | $150 | TBD |
| Law Enforcement/Government | TBD | $125 | TBD |
| Student | TBD | $100 | TBD |
Sponsors
Sponsors help DFRWS to produce quality events and foster community. Please consider supporting our cause. http://www.dfrws.org/sponsorship-opportunities
Magnet Forensics
Magnet Forensics is a global leader in digital investigative technology and was built on a foundation of helping and empowerment. We help investigative teams find more evidence and empower them to uncover the truth. Our products are designed to leverage the latest technological innovations to help law enforcement, consultants, military, and private enterprise address these issues. We use AI, automation, advanced searching techniques, modern data visualization and more to help investigative teams find digital evidence and understand the story it is telling.
Learn MoreForensic Focus
Forensic Focus is the web's leading digital forensics portal for computer forensics and eDiscovery professionals. Founded in July 2002, the site quickly developed a reputation for encouraging open discussion and information sharing in support of best practice development within the digital forensics industry. Although perhaps best known for its busy forums, Forensic Focus also offers breaking industry news, a worldwide directory of computer forensics education courses, interviews with industry thought leaders, job vacancy listings, a growing articles section and a monthly email newsletter with over 16,000 subscribers. For those looking to expand their professional network, Forensic Focus runs LinkedIn's largest digital forensics group.
Learn MoreGrayshift
Grayshift is the leader in mobile device digital forensics, specializing in lawful access and extraction. Grayshift’s innovative solutions are purpose-built to help law enforcement and government investigative agencies swiftly resolve critical investigations and ensure public safety. Designed and assembled in the United States, the company’s GrayKey technology provides same-day access, complete control, and comprehensive data extraction from mobile devices. Powered by the Grayshift advanced security research team, GrayKey exemplifies the company’s promise of innovation and mission to deliver solutions that safeguard the public. Delivering world-class customer success, Grayshift is trusted by 1000 agencies across more than 25 countries worldwide.
Learn MoreBern University of Applied Sciences
The Bern University of Applied Sciences offers Bachelor and Master level education in Digital Forensics & Cyber Investigation (bfh.ch/mas-dfci) and in Cyber Security. The security research institute conducts research and development in areas of digital forensics, cyber security, E-Voting, privacy, and secure IoT.
Learn MoreCompelson
Compelson, in the forensics field since 1996, will present their new generation tools. The all-in-one MOBILedit Forensic Express is capable of a wide range of deleted data recovery, advanced application data analysis, multiple-device concurrent extractions, beautiful reports and huge phone base support. Free on-demand application analysis will be introduced. Also to be presented is the pioneering digital photo analysis tool, Camera Ballistics, that matches a photo to a camera or phone, like a bullet to a gun answering the question if a photo was taken by an analyzed device. The tool uses the latest research in mathematics and physics.
Learn MoreQintel
Qintel is the industry leader for cyber threat intelligence and investigations. Founded in 2009, Qintel provides its partners unique insight into cyber threats and adversarial behavior. Qintel's capabilities are driven by proprietary technologies and unparalleled access to data sources across the globe. These resources are leveraged by a staff of veteran researchers and technologists who have decades of experience analyzing and pursuing cyber threats that span the spectrum of online activity.
Learn MoreRiscure
As encrypted devices like smartphones, USB memory sticks and connected car is a growing topic in the digital forensic communities, the need for professional security consulting and professional tooling for hardware analysis is growing. Riscure can support with tools, training and device security services. Riscure is a leading security test tools manufacturer and security test lab since 2001. The objective is to enable forensic laboratories to develop capabilities and knowledge to perform digital forensic tasks as well as provide technical experts that can extract data from encrypted devices
Learn MoreEvimetry
Evimetry is a system for accelerating workflow at the front end of forensic processes, encompassing acquisition, live analysis, triage, and remote forensics.
Learn More