For this year’s DFRWS EU, we are planning a fully online event and this delivery will contain all of the elements you expect from DFRWS events.

We successfully replicated all of the components of the regular physical DFRWS event for DFRWS EU and USA 2020, both held online, incorporating the formal technical programme and the social events. Due to the uncertainty surrounding potential travel restrictions for the 2021 event due to COVID-19, we have made the decision early to run DFRWS EU 2021 online. Despite the conference running online, DFRWS Europe 2021 will include; Keynotes, Papers and Presentations, Hands-on Workshops, Poster and Demo Sessions, the Forensics Rodeo, Interactive Birds of a Feather Sessions and Lightning Talks.

Conference Location:

Cyberspace

March 29, 2021 to April 1, 2021

Keynotes

Keynote: The encryption challenge: an eternal search for the light switch in the dark?

Dr. Nicole S. van der Meulen | Senior Strategic Analyst at European Cybercrime Centre (EC3) at Europol

Abstract: There is no doubt encryption plays a key role in the safeguarding of the confidentiality and integrity of information in general and personal data in particular. Strong encryption is an essential feature of protecting privacy and doing business. Simultaneously, the widespread implementation of encryption has also introduced challenges for law enforcement and the entire criminal justice chain. Whilst these challenges surrounding encryption are not new, they remain in fashion as long as critical questions remain unanswered. This talk will reflect on how the different features of the current state of affairs – from technology to policy – complicate the ability to reach satisfying answers and how such absence continues to plague law enforcement efforts in its crime fighting mission.

Bio: Dr. Nicole S. van der Meulen studied Political Science with a focus on International Relations and Comparative Politics at the University of Maryland, Baltimore County (Bachelor of Arts, 2005, Cum Laude) and VU University Amsterdam (Master of Science, 2006, Cum Laude). In 2010 she obtained her PhD with a doctoral dissertation on digital financial identity theft at the Law Faculty of Tilburg University in the Netherlands. Afterwards, she worked as a Cyber Security advisor at GOVCERT.NL, the predecessor to the Dutch National Cyber Security Centre (NCSC), where she was co-responsible for the development of the first Cyber Security Threat Assessment of the Netherlands. She also held posts as an Assistant Professor at the Department of Transnational Legal Studies at the VU University in Amsterdam and as an Analyst in the Defence & Security team at RAND Europe in Cambridge, UK. Before coming to the European Cybercrime Centre (EC3) at Europol, she was an Advisor of Security Affairs at the Dutch Banking Association. She is currently a Senior Strategic Analyst at EC3 and head of the Policy & Development team.

Keynote: Emotet: The “king“ is dead – is he?

Linda Bertram | Public Prosecutor at the Prosecutor General's Office Frankfurt am Main – Center for Combatting Cybercrime (ZIT)
and
Andre Dornbusch | Team Leader Cybercrime Investigations with the Federal Criminal Police Office (BKA)

Abstract: Emotet has been challenging cybersecurity for more than half a decade, not only causing millions and millions worth of damage, but even paralyzing hospitals and other parts of the so-called critical infrastructure by opening doors for other types of malware. After two and a half years of intensive investigations the infrastructure of the Emotet malware was taken over and dismantled in a joint international operation on January 26, 2021. For the first time in the history of cybercrime investigations, this team of international experts has been able to not only "pull the plug", but to gain control over the whole bot net – and to maintain it up to now. The dismantling of the Emotet infrastructure represents a significant blow against internationally organized cybercrime and, at the same time, a major improvement in cybersecurity. Join us for a ride through the investigations and find out how something as small as a ladybird can make a difference.

Bios: Linda Bertram studied law at the Georg-August-Universität in Göttingen/Germany with a focus on criminal law, obtaining the first state examination in 2007. From 2007 until 2009, she completed her mandatory legal clerkship, acquiring the second state examination in December 2009. She entered the judicial service in January 2010. After working for the public prosecutor's offices in Braunschweig, Bielefeld and Wiesbaden, she joined the ZIT in March 2020. At the ZIT, Linda Bertram conducts investigations in proceedings from the field of cybercrime in the narrower sense such as the Emotet case, which she has been dealing with since April 2020. Furthermore, she is entrusted with matters of international legal assistance.

Andre Dornbusch joined the BKA in 2002 after achieving his high school diploma. Completing police academy Andre joined the “Intelligence Team” of the newly founded “Computer Crimes Unit” of the “Serious and Organized Crime Division” in 2006. Andre worked within this team until 2018, witnessing the expansion of “fighting cybercrime” from a single unit to a subdivision consisting of four units. As of 2018 Andre joined an investigations unit, currently acting as team leader supervising two teams that are dealing with cybercrime cases. Main focus of these teams are malware-, hacking-, ddos- and (criminal) APT-cases. In 2020 a full scale “Division” was installed in the BKA to fight cybercrime.

Keynote: An Investigation of the Microsoft Exchange Vulnerability Used by Hafnium

Steven Adair | President, Volexity

Abstract: While many organizations—and the information security community as a whole—were still reeling from the impact of the the SolarWinds Orion breach, another catastrophic event was already underway. In early January 2021, a Chinese APT actor was taking aim at organizations running Microsoft Exchange with a critical zero-day exploit that allowed them to download e-mails at will. As bad that sounds, it was actually just the beginning. The initial flaw would soon be combined with other zero-day exploits to allow full remote code execution on Exchange servers around world. This talk will review Volexity’s initial discovery of the main vulnerability that allowed these events to happen, and the actions of the threat actor known as Hafnium. It will cover the initial stealthy activities of the group; the later targeted exploitation and lateral movement; and the resulting widespread exploitation that compromised tens of thousands of servers around the world.

Bio: Steven Adair is a founder and president of Volexity Inc., an information security firm specializing in incident response, digital forensics, threat intelligence, network security monitoring, and trusted advisory. Steven currently leads a team of experts that frequently deals with advanced, complex cyber intrusions by nation-state-level intruders targeting organizations ranging from small think tanks to large global defense contractors.

Participation

DFRWS invites contributions in the categories listed below. We ask to submit all contributions via EasyChair (https://easychair.org/my/conference?conf=dfrwseu2021) and follow the submission guidelines (https://dfrws.org/submission-criteria-eu/).

FULL RESEARCH PAPERS undergo double-blinded peer review, and the proceedings are published by Elsevier as a special issue of the Journal of Forensic Science International: Digital Investigation. We ask to submit articles according to the submission instructions.

PRESENTATIONS / DEMOS require a brief proposal (~500 words, informal), not a paper. These proposals undergo a light review process to select presentations of maximal interest to DFRWS attendees, and to filter out sales pitches. Accepted proposals will be given a presentation slot (~15min) during the conference. These proposals must be submitted through EasyChair. Note that the presentation/demo will not be part of the published proceedings. 

POSTERS allow for the presentation of current research efforts and the discussion of preliminary results with the Digital Forensics Community. Consequently, posters can include early results, brief demonstration of a prototype or can outline research ideas. Posters will be available on the website and authors have the opportunity to present during breaks. 

WORKSHOPS / TUTORIALS can be 2 to 4 hours (please indicate) and typically include hands-on participation by attendees, allowing for an in-depth, detailed exploration of tools and techniques of interest to DFRWS attendees. Workshops can cover state-of-the-art research projects, useful tips and techniques for standard tools, or most anything that DFRWS attendees would consider beneficial. While commercial tools can be used, these workshops or tutorials should NOT be thinly-veiled commercial advertisements. DFRWS will provide one free conference registration for each workshop accepted.

PANEL PROPOSALS should be one to three pages and clearly describe the topic, its relevance, and a list of potential panelists including their biographies (short). Panels will be evaluated based on the topic relevance and diversity of the panelists.

Submission Information

All submissions must be submitted through the EasyChair site at https://easychair.org/my/conference?conf=dfrwseu2021. Submissions must be in PDF format and follow the submission criteria and guidelines (https://dfrws.org/submission-criteria-eu/). Organizers may reject work that does not follow the listed criteria.

Contact Information

For questions related to paper, presentation, and demo submissions, please send email to: eu-papers <at> dfrws <dot> org

For questions about workshop/tutorial proposals, please send email to: eu-workshops <at> dfrws <dot> org

For questions related to the organisation of DFRWS EU 2021 please send email to: eu <at> dfrws <dot> org

Student Scholarship and Award Program

DFRWS continues its outreach to students studying digital forensics. DFRWS and its sponsors will award one or more Scholarships each year to students (first author) who present their accepted research papers. One scholarship will be awarded to the Best Student Research Paper awardee. More scholarships may be awarded, depending on sponsorship funding each year. Exact award amounts will vary, but usually cover at least registration expenses. DFRWS will notify the recipient of the Best Student Research Paper award on or before the conference registration deadline. Other awards (e.g. industry sponsored awards for research in specific topic areas) may be awarded after the registration deadline and are fully contingent on scholarship sponsorship by industry each year. Refer to the website for further details regarding eligibility, funding and selection (Student Scholarship & Award Program).

Topics of Interest

DFRWS welcomes new perspectives that push the envelope of what is currently possible in digital forensics. Potential topics to be addressed by submissions include, but are not limited to:

  • Machine learning and data mining for digital evidence extraction/query
  • Social networking analysis and OSINT (Open Source Intelligence)
  • Malware and targeted attacks (analysis and attribution)
  • Forensics analysis and visualization of Big Data
  • Non-traditional forensic scenarios / contexts
  • Network and distributed system forensics
  • Mobile and embedded device forensics
  • Cloud and virtualized environments
  • Vehicle forensics (e.g., drones, cars)
  • SCADA / industrial control systems
  • Covert channels (e.g. TOR, VPN)
  • Implanted medical devices
  • Smart power grids
  • Smart buildings
  • Virtual currency
  • Digital forensic preparedness / readiness
  • Digital investigation case management
  • Digital evidence sharing and exchange
  • Digital forensic triage / survey
  • Digital forensic tool validation
  • Event reconstruction methods and tools
  • Digital evidence and the law
  • Case studies and trend reports
  • Anti-forensics and anti-anti-forensics

Click Here For Proposal Requirements

Deadlines

DateEvent
February 28, 2021 Poster Proposals Submission Deadline

Committees

Organizing Committee

Conference Chair

Mark Scanlon, Ph.D. (University College Dublin)

Conference Co-Chair

Chris Hargreaves, Ph.D. (University of Oxford)

Conference Co-Chair

Thomas Souvignet, Ph.D. (University of Lausanne)

Technology Chair

Felix Freiling, Ph.D.

Program Chair

Frank Breitinger, Ph.D. (University of Liechtenstein)

Program Vice Chair

John Sheppard, Ph.D. (Waterford Institute of Technology)

Chief Organizational Officer

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Local Arrangements Chair

Scar de Courcier (Forensic Focus)

Workshop Chair

Pavel Gladyshev, Ph.D. (University College Dublin)

Workshop Vice Chair

Robert Jan Mora

Forensic Challenge Chair

Eoghan Casey, Ph.D. (University of Lausanne)

Proceedings Co-Chair

Jan-Niclas Hilgert

Proceedings Co-Chair

Babak Habibnia, Ph.D. (University College Dublin)

Poster Chair

Jens-Petter Sandvik (Norwegian University of Technology and Science)

Poster Co-Chair

Maike Raphael

Web Chair

Mark Scanlon

Social Media Chair

Aikaterini Kanta

Outreach Chair

Scar de Courcier (Forensic Focus)

Keynote Co-Chair

Bruce Nikkel, Ph.D. (BFH)

Keynote Co-Chair

Robert Jan Mora

Birds of a Feather Chair

Frank Adelstein, Ph.D.

Panel Session Chair

Eoghan Casey, Ph.D. (University of Lausanne)

Sponsorship Co-Chair

David-Olivier Jaquet-Chiffelle, Ph.D. (University of Lausanne)

Technical Program Committee

Frank Adelstein, Ph.D.

NFA Digital

Irfan Ahmed

Virginia Commonwealth University

Saed Alrabaee

United Arab Emirates University

Olga Angelopoulou, Ph.D.

University of Warwick

Cosimo Anglano

Universitá del Piemonte Orientale

Harald Baier, Ph.D.

University of Applied Sciences, Darmstadt

Elias Bou-Harb, Ph.D.

University of Texas at San Antonio

Owen Brady, Ph.D.

King's College London

Frank Breitinger, Ph.D.

University of Liechtenstein

Patrick De Smet, Ph.D.

NICC/INCC

Mattia Epifani

ITTIG - CNR

Virginia Franqueira

University of Kent

Felix Freiling, Ph.D.

Friedrich-Alexander-Universität Erlangen-Nürnberg

Zeno Geradts, Ph.D.

Netherlands Forensic Institute

Oliver Goebel

University of Stuttgart

Chris Hargreaves, Ph.D.

University of Oxford

Hans Henseler, Ph.D.

University of Applied Sciences Leiden

Mario Hildebrandt

Otto-von-Guericke University of Magdeburg

Jan-Niclas Hilgert

Fraunhofer

Joshua James, Ph.D.

Hallym University

David-Olivier Jaquet-Chiffelle, Ph.D.

University of Lausanne

Michael Johnson

Self Employed

Erisa Karafili

University of Southampton

Christian Keil, Ph.D.

DFN-CERT

Stefan Kiltz

Universität Magdeburg

Christian Kraetzer, Ph.D.

Otto-von-Guericke University Magdeburg

Martin Lambertz

Fraunhofer FKIE

Hanno Langweg, Ph.D.

HTWG Konstanz

David Lillis, Ph.D.

University College Dublin

Tilo Müller

Friedrich-Alexander-Universität Erlangen-Nürnberg

Bruce Nikkel, Ph.D.

Bern University of Applied Sciences

Owen O'Connor

Salesforce

Gilbert Peterson, Ph.D.

US Air Force Institute of Technology

Daryl Pfeif

DFRWS

Christian Riess, Ph.D.

University of Erlangen-Nuremberg

Ricardo J. Rodríguez

Universidad de Zaragoza

Mark Scanlon, Ph.D.

University College Dublin

Bradley Schatz, Ph.D.

Schatz Forensic

Tobias Scheible

Albstadt-Sigmaringen University

Thomas Schreck, Ph.D.

University of Applied Sciences Munich

Marko Schuba, Ph.D.

FH Aachen - Aachen University of Applied Sciences

Andreas Schuster

DCSO Deutsche Cyber-Sicherheitsorganisation GmbH

John Sheppard, Ph.D.

Waterford Institute of Technology

Michael Spreitzenbarth, Ph.D.

Siemens CERT

Marian Svetlik

Risk Analysis Consultants

Harm Van Beek

Netherlands Forensic Institute

Jeroen van den Bos, Ph.D.

Netherlands Forensic Institute

Ronald van der Knijff

Netherlands Forensic Institute

Erwin van Eijk

Netherlands Forensic Institute

Wietse Venema, Ph.D.

Google

Claus Vielhauer, Ph.D.

FH Brandenburg

Xiaolu Zhang

The University of Texas at San Antonio

Registration

DFRWS EU registration is open!

Virtual Conference Prices


Type of RegistrationTriple - All 3 ConferencesDouble - Any 2 ConferencesSingle - Just DFRWS EU 2021
Standard 150
Law Enforcement/Government
Student

Sponsors

Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.

Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities

Magnet Forensics

Magnet Forensics is a global leader in digital investigative technology and was built on a foundation of helping and empowerment. We help investigative teams find more evidence and empower them to uncover the truth. Our products are designed to leverage the latest technological innovations to help law enforcement, consultants, military, and private enterprise address these issues. We use AI, automation, advanced searching techniques, modern data visualization and more to help investigative teams find digital evidence and understand the story it is telling.

Learn More

Forensic Focus

Forensic Focus is the web's leading digital forensics portal for computer forensics and eDiscovery professionals. Founded in July 2002, the site quickly developed a reputation for encouraging open discussion and information sharing in support of best practice development within the digital forensics industry. Although perhaps best known for its busy forums, Forensic Focus also offers breaking industry news, a worldwide directory of computer forensics education courses, interviews with industry thought leaders, job vacancy listings, a growing articles section and a monthly email newsletter with over 16,000 subscribers. For those looking to expand their professional network, Forensic Focus runs LinkedIn's largest digital forensics group.

Learn More

Google

Learn More

DeSales University

Online Master of Criminal Justice: Digital Forensics

Learn More

Grayshift

Grayshift is the leader in mobile device digital forensics, specializing in lawful access and extraction. Grayshift’s innovative solutions are purpose-built to help law enforcement and government investigative agencies swiftly resolve critical investigations and ensure public safety. Designed and assembled in the United States, the company’s GrayKey technology provides same-day access, complete control, and comprehensive data extraction from mobile devices. Powered by the Grayshift advanced security research team, GrayKey exemplifies the company’s promise of innovation and mission to deliver solutions that safeguard the public. Delivering world-class customer success, Grayshift is trusted by 1000 agencies across more than 25 countries worldwide.

Learn More

Bern University of Applied Sciences

The Bern University of Applied Sciences offers Bachelor and Master level education in Digital Forensics & Cyber Investigation (bfh.ch/mas-dfci) and in Cyber Security. The security research institute conducts research and development in areas of digital forensics, cyber security, E-Voting, privacy, and secure IoT.

Learn More

Compelson

Compelson, in the forensics field since 1996, will present their new generation tools. The all-in-one MOBILedit Forensic Express is capable of a wide range of deleted data recovery, advanced application data analysis, multiple-device concurrent extractions, beautiful reports and huge phone base support. Free on-demand application analysis will be introduced. Also to be presented is the pioneering digital photo analysis tool, Camera Ballistics, that matches a photo to a camera or phone, like a bullet to a gun answering the question if a photo was taken by an analyzed device. The tool uses the latest research in mathematics and physics.

Learn More

Qintel

Qintel is the industry leader for cyber threat intelligence and investigations. Founded in 2009, Qintel provides its partners unique insight into cyber threats and adversarial behavior. Qintel's capabilities are driven by proprietary technologies and unparalleled access to data sources across the globe. These resources are leveraged by a staff of veteran researchers and technologists who have decades of experience analyzing and pursuing cyber threats that span the spectrum of online activity.

Learn More

Riscure

As encrypted devices like smartphones, USB memory sticks and connected car is a growing topic in the digital forensic communities, the need for professional security consulting and professional tooling for hardware analysis is growing. Riscure can support with tools, training and device security services. Riscure is a leading security test tools manufacturer and security test lab since 2001. The objective is to enable forensic laboratories to develop capabilities and knowledge to perform digital forensic tasks as well as provide technical experts that can extract data from encrypted devices

Learn More

Evimetry

Evimetry is a system for accelerating workflow at the front end of forensic processes, encompassing acquisition, live analysis, triage, and remote forensics.

Learn More