The fourth annual Digital Forensics Research Workshop was held August 11-13 2004 in Baltimore MD. DFRWS 2004 was sponsored by the Air Force Research Lab Information Directorate, and held in conjunction with the NIST Hashapalooza conference. Over 110 law enforcement practitioners, academics, scientists, industry experts, and DoD representatives participated. Each day of DFRWS adhered to a main theme, and consisted of a keynote, paper presentations, panel discussions, workshops, and briefs back to the plenary group. There was fun to be had as well, through the traditional evening activities of Forensic Feud, Forensic Rodeo, and the DFRWS Dinner.

The theme for Day 1 was to advance the digital forensic investigative framework outlined in the first workshop report (2001). Mark Pollitt, formerly of the FBI, served as keynote, followed by papers from Nicole Beebe, Florance Tushabe, and Brian Carrier. The panel discussion was comprised of James Cristy, Chet Hosmer, and Chris Sanft. Workshops were led by Dario Forte, James Lyle, Eoghan Casey, Gary Palmer, and Mark Pollitt. The main outcome of Day 1 was the realization that no single framework will suffice to meet the needs of all practitioners, forensic investigators, and computer network defense professionals. Instead, general processes will need to be adapted to provide the specific detailed steps, procedures, or iterations that are appropriate for the domain of application.

Addressing the technical and procedural barriers to “In-Time” forensic investigation was the theme for Day 2. Lance Spitzner of the Honeynet Project provided the keynote address, followed by papers from Edward Balas, Heather Dussault, John Lowry, and Golden Richard. The panel discussion was comprised of Phil Turner, James Collins, Frank Adelstein, and John Ward. Workshops were led by Golden Richard, Chet Maciag, Jack Mineo, Heather Dussault, and Chet Hosmer.

Day 3 was composed of papers accepted to the DFRWS that did not fall clearly into the two predominant themes, yet were deemed to have important value in generating scientific discussion or sharing technical information. Ian Bryant, Mark Hirsh, and Mike Seiffert presented papers, while Hashapolooza took place concurrently in another room. Following the presentation of papers, the DFRWS community convened to discuss the overall impressions of the workshop, and provided input on topics that should be addressed in 2005.

Conference Location:

Baltimore, MD United States

August 11, 2004 to August 13, 2004


A Framework for Digital Forensic Science

Mr. Mark Pollitt |

Honeynets and Digital Forensics

Mr. Lance Spitzner |

Lance is a geek who constantly plays with computers, especially network security. He loves security because it is a constantly changing environment, your job is to do battle with the bad guys. This love for tactics first began in the Army, where he served for seven years, four as an Armor officer in the Army's Rapid Deployment Force. Following the military he received his M.B.A and became involved in the world of information security. Now he fights threats with IPv4 packets as opposed to 120mm SABOT rounds. His passion is researching honeypot technologies and using them to learn more about the enemy. He is founder of the Honeynet Project, moderator of the honeypot maillist, author of "Honeypots: Tracking Hacker", co-author of "Know Your Enemy" and author of several whitepapers. He has also spoken at various conferences and organizations, including SANS, Blackhat, FIRST, the Pentagon, the FBI Academy, the President's Advisory Board, the Army War College, West Point and Navy War College.