DFRWS is the leading digital forensics research conference and the 9th annual conference was held from August 17 to 19, 2009 in Montreal, Canada. The conference was held at the Delta Centre-ville Hotel and was the week after Usenix Security. 15 peer-reviewer papers were presented as well keynotes by Zeno Geradts and Benoit Ganon. Day 1 also featured a panel on “Technical Approaches to Large-Scale Digital Forensics” with Vassil Roussev, Golden Richard, Simson Garfinkel, and Michael Cohen.
Congratulations to Simson Garfinkel, Paul Farrell, Vassil Roussev and George Dinolt for winning the Best Paper Award for “Bringing Science to Digital Forensics with Standardized Forensic Corpora”. We would also like to congratulate Wouter van Dongen and Alain Van Hoof for winning the Forensics Challenge. Thanks to the organizing committee, program committee, and sponsors for helping to make the conference go so smoothly.
The DFRWS 2009 Challenge focused on the development of tools and techniques for analyzing Playstation 3’s (PS3s). The Playstation 3 is a powerful, Cell processor-based system that can run both its native OS (which has significant DRM features that also thwart forensic investigation) and modern versions of Linux. This challenge focused on the Linux and network aspects of PS3s, and did not touch the DRM protected data. The challenge scenario required analysis of a physical memory dump, filesystem images, and network traces involving 2 PS3’s and a Playstation Portable (PSP).
The winners of the challenge were Wouter van Dongen and Alain van Hoof at University of Amsterdam System. Their submission provided a thorough analysis of the file system and network traffic, with some information extracted from the physical memory dump. The careful correlation of information from multiple data sources was a major strength of this submission. The results were presented in a very clear manner, and there is a particularly impressive timeline diagram.
Montreal, QC Canada
Challenges and Opportunities in Digital and Multimedia EvidenceZeno Geradts | Netherlands Forensic Institute
Within Digital Evidence and Multimedia sections in forensic institutes there is a wide range of research and casework that is available. Often research for the casework has to be implemented, and validation will be required at the same time, unless it is equipment from other cases in a database. In this presentation an general overview will be given of the fields within digital evidence, such as embedded systems, examinations of phones, media analysis, data analysis, image processing and integrity of the evidence.
Interpretation of digital evidence and multimedia and conclusions that are drawn are discussed also in relation to the report of the National Academy of Sciences "Strengthening Forensic Science in the United States, a path forward". Possible solutions will be discussed such as having double blind cases, collecting databases for statistical analysis, open source software for validation, concluding by Bayes rules and how to communicate these findings to the court.
Bio:Zeno Geradts is a forensic scientist working for the Netherlands Forensic Institute. He started in 1991 in traditional forensic science, becoming an expert in toolmarks and firearms forensics. In 1997 he shifted his attention to digital evidence. He is an expert witness in image analysis and biometrics (face comparison) as well as the R&D coordinator in digital evidence at NFI. In 2002 he received a PhD from the University of Utrecht based on research on computational matching of images from shoe prints, toolmarks, drugs pills and cartridge cases. At the AAFS he has been chairman of the Engineering Section and since 2008 he is chairman of the Digital Evidence and Multimedia section. He is chairman of the ENFSI Forensic IT working group. He has published several papers in forensic journals and is active on casework as an expert witness and working on projects in digital evidence.
Who are they? Understanding computer hackersBenoît Gagnon | Chaire du Canada en Sécurité, Identité et Technologie
In February 2008, the Sûreté du Quebec uncovered a network of computer hackers from Quebec that were herding botnets for criminal purposes. Called Operation "Basique", this investigation went on for several months and collected an important quantity of information on their modi operandi. What can we learn from the data obtained in this investigation? This presentation will expose the results of our research exploiting this data. We will be able to see how the bot herders operate, how they conceive the World and how personal relationships influence their actions
Bio:Benoît Gagnon is a Ph.D. candidate in Criminology at the University of Montreal. He works as a research fellow at the Chaire du Canada en Sécurité, Identité et Technologie and at the Terrorism and Counter-terrorism Research Group on areas such as cybercrime, terrorism and security. M. Gagnon is a member of the Commission de l'Éthique de la Science et de la Technologie du Québec, the Computer Security Institute, the Canadian Association for Security and Intelligence Studies, the International Association for Counterterrorism and Security Professionals, and the American Society for Industrial Security (ASIS).
Brian Carrier, PhD (Basis Technology)
Conference Vice Chair
Eoghan Casey (Johns Hopkins University)
Wietse Venema, PhD (IBM) and Andreas Schuster (Deutsche Telekom AG)
Jose Fernandez, PhD (Ecole Polytechnique de Montreal)
Dave Baker (MITRE)
Florian Buchholz, PhD (James Madison University)
Vassil Roussev, PhD (University of New Orleans)
Advertising / Sponsorship
Daryl Pfeif (Digital Forensics Solutions)
Rick Smith (ATC-NY)
Golden Richard, PhD (University of New Orleans)
Frank Adelstein, PhD (ATC-NY)
Matthew Geiger (CERT)
Technical Program Committee
University of Texas at San Antonio
James Madison University
Johns Hopkins University
Australian Federal Police
State University of New York Institute of Technology
European Space Agency
Ecole Polytechnique de Montreal
University of milano at Crema
Naval Postgraduate School
Iowa State University
Portland State University
University of California San Diego
University of Massachusetts
University of Louisville
Air Force Research Lab
Virtual Security Research LLC
Air Force Institute of Technology
China University of Geosciences
University of New Orleans
University of New Orleans
Queensland University of Technology
Deutsche Telekom AG
Volatile Systems LLC
Roger Williams University
Sponsors help DFRWS to produce quality events and foster community. Please consider supporting our cause. http://www.dfrws.org/sponsorship-opportunities
WetStone software solutions support investigators and analysts engaged in cyber-crime investigations, digital forensics, and incident response activities.Learn More
Need to mitigate risk or ensure compliance? AccessData's targeted, forensically sound collection, preservation, hold, processing and data assessment tools .Learn More
A Computer Emergency Response Team is an expert group that handles computer security incidents. Alternative names for such groups include Computer Emergency Readiness Team and Computer Security Incident Response TeamLearn More
Taylor & Francis
Taylor & Francis Group publishes quality peer-reviewed journals under the Routledge and Taylor & Francis imprints. The newest part of the group, Cogent OA, offers a purely open access program. Our journal content is hosted on Taylor & Francis Online, our content platform.Learn More
Validation refers to the process of demonstrating that a laboratory procedure is robust, reliable, and reproducible in the hands of the personnel performing the test in that laboratory. ... All three types of methods are important for techniques performed in forensic laboratories.Learn More