DFRWS is the leading digital forensics research conference and the 9th annual conference was held from August 17 to 19, 2009 in Montreal, Canada. The conference was held at the Delta Centre-ville Hotel and was the week after Usenix Security. 15 peer-reviewer papers were presented as well keynotes by Zeno Geradts and Benoit Ganon. Day 1 also featured a panel on “Technical Approaches to Large-Scale Digital Forensics” with Vassil Roussev, Golden Richard, Simson Garfinkel, and Michael Cohen.
Congratulations to Simson Garfinkel, Paul Farrell, Vassil Roussev and George Dinolt for winning the Best Paper Award for “Bringing Science to Digital Forensics with Standardized Forensic Corpora”. We would also like to congratulate Wouter van Dongen and Alain Van Hoof for winning the Forensics Challenge. Thanks to the organizing committee, program committee, and sponsors for helping to make the conference go so smoothly.
The DFRWS 2009 Challenge focused on the development of tools and techniques for analyzing Playstation 3’s (PS3s). The Playstation 3 is a powerful, Cell processor-based system that can run both its native OS (which has significant DRM features that also thwart forensic investigation) and modern versions of Linux. This challenge focused on the Linux and network aspects of PS3s, and did not touch the DRM protected data. The challenge scenario required analysis of a physical memory dump, filesystem images, and network traces involving 2 PS3’s and a Playstation Portable (PSP).
The winners of the challenge were Wouter van Dongen and Alain van Hoof at University of Amsterdam System. Their submission provided a thorough analysis of the file system and network traffic, with some information extracted from the physical memory dump. The careful correlation of information from multiple data sources was a major strength of this submission. The results were presented in a very clear manner, and there is a particularly impressive timeline diagram.
Conference Location:
Montreal, QC Canada
August 17, 2009 to August 19, 2009
Keynotes
Challenges and Opportunities in Digital and Multimedia Evidence
Zeno Geradts | Netherlands Forensic InstituteWithin Digital Evidence and Multimedia sections in forensic institutes there is a wide range of research and casework that is available. Often research for the casework has to be implemented, and validation will be required at the same time, unless it is equipment from other cases in a database. In this presentation an general overview will be given of the fields within digital evidence, such as embedded systems, examinations of phones, media analysis, data analysis, image processing and integrity of the evidence.
Interpretation of digital evidence and multimedia and conclusions that are drawn are discussed also in relation to the report of the National Academy of Sciences "Strengthening Forensic Science in the United States, a path forward". Possible solutions will be discussed such as having double blind cases, collecting databases for statistical analysis, open source software for validation, concluding by Bayes rules and how to communicate these findings to the court.
Bio:Zeno Geradts is a forensic scientist working for the Netherlands Forensic Institute. He started in 1991 in traditional forensic science, becoming an expert in toolmarks and firearms forensics. In 1997 he shifted his attention to digital evidence. He is an expert witness in image analysis and biometrics (face comparison) as well as the R&D coordinator in digital evidence at NFI. In 2002 he received a PhD from the University of Utrecht based on research on computational matching of images from shoe prints, toolmarks, drugs pills and cartridge cases. At the AAFS he has been chairman of the Engineering Section and since 2008 he is chairman of the Digital Evidence and Multimedia section. He is chairman of the ENFSI Forensic IT working group. He has published several papers in forensic journals and is active on casework as an expert witness and working on projects in digital evidence.
Who are they? Understanding computer hackers
Benoît Gagnon | Chaire du Canada en Sécurité, Identité et TechnologieIn February 2008, the Sûreté du Quebec uncovered a network of computer hackers from Quebec that were herding botnets for criminal purposes. Called Operation "Basique", this investigation went on for several months and collected an important quantity of information on their modi operandi. What can we learn from the data obtained in this investigation? This presentation will expose the results of our research exploiting this data. We will be able to see how the bot herders operate, how they conceive the World and how personal relationships influence their actions
Bio:Benoît Gagnon is a Ph.D. candidate in Criminology at the University of Montreal. He works as a research fellow at the Chaire du Canada en Sécurité, Identité et Technologie and at the Terrorism and Counter-terrorism Research Group on areas such as cybercrime, terrorism and security. M. Gagnon is a member of the Commission de l'Éthique de la Science et de la Technologie du Québec, the Computer Security Institute, the Canadian Association for Security and Intelligence Studies, the International Association for Counterterrorism and Security Professionals, and the American Society for Industrial Security (ASIS).
Committees
Organizing Committee
Conference Chair
Brian Carrier, PhD (Basis Technology)
Conference Vice Chair
Eoghan Casey (Johns Hopkins University)
Technical Program
Wietse Venema, PhD (IBM) and Andreas Schuster (Deutsche Telekom AG)
Local Arrangements
Jose Fernandez, PhD (Ecole Polytechnique de Montreal)
Registration
Dave Baker (MITRE)
Keynote
Florian Buchholz, PhD (James Madison University)
Proceedings
Vassil Roussev, PhD (University of New Orleans)
Advertising / Sponsorship
Daryl Pfeif (Digital Forensics Solutions)
Finances
Rick Smith (ATC-NY)
Challenge:
Golden Richard, PhD (University of New Orleans)
Workshops:
Frank Adelstein, PhD (ATC-NY)
At Large
Matthew Geiger (CERT)
Technical Program Committee
Frank Adelstein
ATC-NY
Cory Altheide
Mandiant
David Baker
MITRE
Nicole Beebe
University of Texas at San Antonio
Richard Bejtlich
General Electric
Florian Buchholz
James Madison University
Brian Carrier
Basis Technology
Harlan Carvey
IBM ISS
Eoghan Casey
Johns Hopkins University
Michael Cohen
Australian Federal Police
Heather Dussault
State University of New York Institute of Technology
Knut Eckstein
European Space Agency
Jose Fernandez
Ecole Polytechnique de Montreal
Dario Forte
University of milano at Crema
Simson Garfinkel
Naval Postgraduate School
Matthew Geiger
CERT
Grant Gottfried
MITRE
Yong Guan
Iowa State University
Warren Harrison
Portland State University
Rob Joyce
ATC-NY
Erin Kenneally
University of California San Diego
Jesse Kornblum
ManTech
Brian Levine
University of Massachusetts
Michael Losavio
University of Louisville
James Lyle
NIST
Chester Maciag
Air Force Research Lab
Nasir Memon
Polytechnic University
Richard Mislan
Purdue University
Timothy Morgan
Virtual Security Research LLC
Gilbert Peterson
Air Force Institute of Technology
Wei Ren
China University of Geosciences
Golden Richard
University of New Orleans
Marcus Rogers
Purdue University
Vassil Roussev
University of New Orleans
Nicolas Ruff
EADS-IW
Bradley Schatz
Queensland University of Technology
Andreas Schuster
Deutsche Telekom AG
Kulesh Shanmugasundaram
Polytechnic University
Clay Shields
Georgetown University
Eugene Spafford
Purdue University
Philip Turner
QinetiQ
Wietse Venema
IBM Research
AAron Walters
Volatile Systems LLC
Doug White
Roger Williams University
Sponsors
Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.
Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities
WetStone
WetStone software solutions support investigators and analysts engaged in cyber-crime investigations, digital forensics, and incident response activities.
Learn MoreAccess Data
Need to mitigate risk or ensure compliance? AccessData's targeted, forensically sound collection, preservation, hold, processing and data assessment tools .
Learn MoreCERT
A Computer Emergency Response Team is an expert group that handles computer security incidents. Alternative names for such groups include Computer Emergency Readiness Team and Computer Security Incident Response Team
Learn MoreTaylor & Francis
Taylor & Francis Group publishes quality peer-reviewed journals under the Routledge and Taylor & Francis imprints. The newest part of the group, Cogent OA, offers a purely open access program. Our journal content is hosted on Taylor & Francis Online, our content platform.
Learn Moreforensic-validation.com
Validation refers to the process of demonstrating that a laboratory procedure is robust, reliable, and reproducible in the hands of the personnel performing the test in that laboratory. ... All three types of methods are important for techniques performed in forensic laboratories.
Learn More