DFRWS 2012 returned to the greater DC area by being in DC from August 6 to August 8 at the Embassy Suites in Dupont Circle. This year introduced the first tutorials — now called workshops! 14 peer-reviewed papers were presented along side Keynotes by Ovie Carroll and Danny Quist. There was also a panel “Triage in Digital Forensics” on the first day that was moderated Eoghan Casey and featured Michael Cohen (Google), Chet Hosmer (WetStone / Allen Corporation), Special Agent Ryan Moore (U.S. Secret Service), and Harry Parsonage (ADF Solutions). The 2012 conference was held in cooperation with the Association for Computing Machinery (ACM) and its Special Interest Group on Security, Audit and Control (SIGSAC).
The Best Paper Award went to “Surveying The User Space Through User Allocations” by Andrew White, Bradley Schatz and Ernest Foo (Queensland University of Technology).
The 2012 Forensics Challenge was to develop the fastest and most accurate data block classifier.
The scoring will be based on the weighted scores of three criteria:
1. Correctness, as measured by precision & recall rates: 55%.
2. Processing speed, in terms of throughput & scalability: 30%.
3. Quality of code and multi-platform support: 15%.
The winning submission was from Laurence Maddox, Lishu Liu, DJ Bauch & Nicole Beebe from UTSA.
The inaugural workshops were:
- Automating the Forensics Triage Process Using Python and Linux by Doug Koster (Senior Computer Forensic Analyst, TASC)
- Google Analytics(tm) Cookies and the Forensic Implications by James Meyer (Forensics Track Instructor, Defense Cyber Investigations Training Academy)
- Memory Forensics with Volatility by Dr. Michael Cohen (Senior Software Engineer, Google Inc.)
- Using bulk_extractor for digital forensics triage and cross-drive analysis by Dr. Simson Garfinkel (Associate Professor Naval Postgraduate School)
- Forensic Triage & Scalable Data Correlation with sdhash by Dr. Vassil Roussev, (Associate Professor, University of New Orleans)
- Advanced Registry forensics with Registry Decoder by Dr. Lodovico Marziale (Digital Forensics Solutions, LLC)
- Challenges in Forensic Analysis of Smartphone Memory (Flash) by Eoghan Casey (cmdLabs)
Conference Location:
Embassy Suites - Downtown Washington, DC, US
August 6, 2012 to August 8, 2012
Keynotes
Current and Future Trends in Digital Investigative Analysis
Ovie Carroll | Director for the Department of JusticeBio: Ovie Carroll has 25-years law enforcement experience and is currently the Director for the Department of Justice, Cybercrime Lab at the Computer Crime and Intellectual Property Section (CCIPS) and a Digital Forensics Certified Examiner (DFCE). The Cybercrime lab provides advanced computer forensics, cybercrime investigative and other technical support to DOJ prosecutors as it applies to implement the Department's national strategies in digital evidence, combating electronic penetrations, data thefts, and cyber attacks on critical information systems.
Mr. Carroll is also an adjunct professor with George Washington University, teaching two classes, Cyber Crime/Internet Investigations, and Interview and Interrogation, in the Masters of Forensic Science program. Mr. Carroll is also a course author and instructor with the SANS Institute where he teaches Digital Forensics.
Prior to joining the Department of Justice, Mr. Carroll was the Special Agent in Charge of the Technical Crimes Unit at the Postal Inspector General's Office, responsible for all computer intrusion investigations within the postal service network infrastructure and for providing all digital forensic analysis in support of criminal investigations and audits. Within the Technical Crimes Unit, Mr. Carroll was also responsible for managing the Technical Surveillance Section whose mission included the deployment, installation, and monitoring of technical surveillance equipment and tracking devices that were used to track people and devices in support of criminal investigations.
Mr. Carroll has also served as the Special Agent in Charge of the Computer Investigations and Operations Branch, Air Force Office of Special Investigations, where he was responsible for coordinating all national level computer intrusions occurring within the United States Air Force. He has extensive field experience applying his training to a broad variety of investigations and operations. As a special agent with the AFOSI, Mr. Carroll worked both general crimes and counterintelligence, and has conducted investigations into a variety of offenses including murder, rape, fraud, bribery, theft, and gangs and narcotics.
Visualization in Malware and Forensics
Danny Quist | Staff member at MIT Lincoln LaboratoryBio: Danny Quist is a staff member at MIT Lincoln Laboratory. He holds a Ph.D. from the New Mexico Institute of Mining and Technology. Previously, Danny founded Offensive computing, an open malware research site. His interests include reverse engineering, software, and hardware exploitation, virtual machines, and automatic executable classification systems. He has presented at Blackhat, the RSA Conference, Defcon, and Shmoocon.
Abstract: Visualization is a field that has broad applicability to many areas of security. It is very well received among customers and management but is very easy to get wrong. This talk will discuss some of the inherent problems visualizing large security data sets. There will be examples of improving the reverse engineering and forensics processes, as well as some examples of negative sides of visualization.
Committees
Organizing Committee
Conference Chair
Vassil Roussev, PhD (University of New Orleans)
Conference Vice Chair
Matthew Geiger (CERT)
Technical Program Chair
Florian Buchholz, PhD (James Madison University)
Technical Program Vice Chair
Brian Levine, PhD (University of Massachusetts)
Local Arrangements
Golden Richard, PhD (University of New Orleans)
Proceedings
Wietse Venema, PhD (IBM)
Keynote
Frank Adelstein, PhD (ATC-NY)
Publicity
Dave Baker (MITRE)
Advertising / Sponsorship
Daryl Pfeif (Digital Forensics Solutions)
Registration
Andreas Schuster (Deutsche Telekom AG)
Finances
Rick Smith (ATC-NY)
Challenge
Eoghan Casey (cmdLabs)
Demo / Posters
Golden Richard, PhD (University of New Orleans)
Workshops
Eoghan Casey (cmdLabs), Frank Adelstein, PhD (ATC-NY)
Outreach Coordinator
Tim Vidas (Carnegie Mellon)
Web
Brian Carrier, PhD (Basis Technology)
Technical Program Committee
Frank Adelstein
ATC-NY
David Baker
MITRE
Robert Beverly
Naval Postgraduate School
Nicole Beebe
University of Texas at San Antonio
Matt Bishop
Univ. of California Davis
Florian Buchholz
James Madison University
Juan Caballero
IMDEA-Software
Brian Carrier
Basis Technology
Jedidiah Crandall
University of New Mexico
William Enck
North Carolina State University
Xinwen Fu
Univ. of Massachusetts Lowell
Simson Garfinkel
Naval Postgraduate School
Paul Giura
AT&T Security Research Center
Pavel Gladyshev
University College Dublin
Xuxian Jiang
North Carolina State University
Rob Joyce
ATC-NY
Jesse Kornblum
Kyrus Tech
Brian Levine
Univ. of Massachusetts Amherst
Marc Liberatore
Univ. of Massachusetts Amherst
Patrick Mcdaniel
Pennsylvania State University
Fabian Monrose
Univ. of North Carolina at Chapel Hill
Timothy Morgan
Virtual Security Research LLC
Bryan Payne
Sandia National Labs
Sean Peisert
Univ. of California Davis
Golden Richard
University of New Orleans
Vassil Roussev
University of New Orleans
Bradley Schatz
Schatz Forensic Pty. Ltd
Micah Sherr
Georgetown University
Clay Shields
Georgetown University
Vrizlynn Thing
Imperial College London
Wietse Venema
IBM Research
Timothy Vidas
Carnegie Mellon University
Yinglian Xie
Microsoft Research
Dongyan Xu
Purdue University
Cory Altheide
Nicole Beebe
University of Texas at San Antonio
Eoghan Casey
Johns Hopkins University
Michael Cohen
Matthew Geiger
Dell SecureWorks
Sundararaman Jeyarama
Cisco
Ping Ji
John Jay College of Criminal Justice/CUNY
Joseph Lewthwaite
Defense Cyber Crime Institute
Michael Losavio
University of Louisville
Gilbert Peterson
Air Force Institute of Technology
Steve Romig
Ohio State University
Andreas Schuster
Deutsche Telekom AG