DFRWS USA 2014 was held in Denver, CO at the Magnolia Hotel August 3-6, 2014.  The conference featured keynotes from Catalin Grigoras and Travis Goodspeed as well as 14 papers.  There were also 5 workshops and 7 presentations.

The Best Paper Award went to “In Lieu of Swap: Analyzing Compressed RAM in Mac OS X and Linux” by Golden G. Richard III and Andrew Case.

The Best Student Paper Award went to “Multidimensional Investigation of Source Port 0 Probing” by Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh and Mourad Debbabi.

The 2nd International Workshop on Digital Forensics Curriculum Standards (DFCS 2014) was co-located with DFRWS and a group gathered to discuss ideas on teaching Digital Forensics at the college level.

The 14th Annual DFRWS Conference was held in cooperation with the Association for Computing Machinery (ACM) and its Special Interest Group on Security, Audit and Control (SIGSAC).

Conference Location:

Magnolia Denver
818 17TH ST
Denver, CO
United States

August 3, 2014 to August 7, 2014


Media Forensics Analysis in Digital Times

Catalin Grigoras |

Abstract: Media Forensics is a discipline within the digital and multimedia evidence (DME) field of forensics. DME includes digital evidence such as computers and mobile phones as well as recorded evidence in the form of digital audio, video, or still images. This confluence comes as a result of the ubiquity of digital technology and the commonality of media used to store digital data. For example, an external hard drive that is collected at a crime scene may contain audio recordings and images relevant to a case while the digital video recorder-based security system in the next room recorded audio and video to a hard disk drive during the events being investigated. Or, a cell phone found on a suspect may have been used to record voice notes, videos and still images all related to a case under investigation. Because these items of evidence coexist in a digital realm that is not tangible as most other forensic Sciences are known to be, the necessities of handling digital evidence must be respected throughout the DME discipline. This paper presents a general framework for media forensics analysis and neutral methodologies to interpret and present the results using multiple robust analysis techniques.

Bio: As Director of the National Center for Media Forensics, Grigoras has the privilege to coordinate the Center.s activity, including education and scientific projects. His research encompasses digital signal processing in forensic multimedia, including digital recording authentication, audio/image analysis, enhancement, and automatic speaker recognition. His research into digital signal processing has resulted in advanced methods to authenticate digital audio/video recordings and semiautomatic systems for forensic speaker recognition. Grigoras was chairman of the European Network of Forensic Science Institutes - Forensic Speech and Audio Analysis Working Group between 2007-2009. He is a member of the Audio Engineering Society Subcommittee on Forensic Audio and the International Association of Forensic Phonetics and Acoustics. He has published numerous forensic audio/video articles and is a co-author of Best Practice Guidelines for ENF Analysis in Forensic Authentication of Digital Evidence (2009).Dr. Grigoras is also co-author of the Encyclopedia of Forensic Science 2nd Ed., Academic Press, chapters on "Audio Enhancement and Authentication" and "Digital Imaging Enhancement and Authentication" (2013).

Some Practical Thoughts Concerning Active Disk Antiforensics

Travis Goodspeed |

Abstract: Imaging a disk before analyzing its contents is usually good forensics practice, but what happens if that disk has been programmed to self-destruct when imaged? This fast-paced lecture describes how a disk can be built to defend itself from forensic imaging, but also some techniques that might be used to defeat anti-forensic features.

Bio: Travis Goodspeed is a reverse engineer from Southern Appalachia. With neighbors from Dartmouth, he crafted the Facedancer board for USB device emulation and device driver fuzzing, as well as the Packet-in-Packet technique for remotely injecting into Layer 1 from Layer 7 on wireless networks. With neighbors from Eurecom, he built a remotely accessible backdoor that hides in the firmware of a hard disk. He rebuilt a naval satellite dish to track LEO satellites, and his iPod will give up only Rick Astley lyrics when imaged.


The 2014 Forensics Challenge was on Mobile Malware Analysis.  The overall goal of this challenge was to raise the state of the art in digital forensic practice by providing an open public venue for a best-of-breed competition. We challenged contestants to demonstrate effective methods and to develop open source tools for analyzing mobile malware.

The winning Practitioner entry was submitted by Darell Tan, Sufatrio, Tong-Wei Chua at the Agency for Science, Technology and Research, Institute for Infocomm Research, Singapore. (i2r.a-star.edu.sg). This effort demonstrates the use of freely available tools to extract and examine Android malware, including APKTool, Androguard, FlowDroid, SuSi, ApkAnalyzer, ApkInspector, Dex2jar, and Procyon.

Researcher & Developer
The winning Researcher & Developer entry was submitted by Dongwoo Kim and Wootak Jung at the Chungnam National University, Information Security Lab. By providing a method and associated code to extract malicious executable code from memory in an Android emulator, this approach addresses the problem that some Android malware is using “encryption, dynamic class loading, anti-tamper and anti-debugging, making it more difficult and time-consuming to reach the main executable code with existing tools and methods.


Organizing Committee

Conference Chair

Wietse Venema, PhD (IBM Research)

Conference Vice Chair

Tim Vidas (Carnegie Mellon University)

Program Chair

Juan Caballero, PhD (IMDEA-Software)

Program Vice Chair

Simson Garfinkel, PhD (Naval Postgraduate School)

Local Arrangements

Rinku Dewri, PhD (University of Denver)


Matthew Geiger (Dell SecureWorks)


Elizabeth Schweinsberg (Google) and Frank Adelstein


Dave Baker (MITRE)


Daryl Pfeif (Digital Forensics Solutions)

Event Management/Production

Daryl Pfeif (Digital Forensics Solutions)


Rick Smith (ATC-NY)


Dave Baker (MITRE) and Andreas Schuster (Deutsche Telekom AG)

Forensic Challenge

Golden Richard III, PhD (Univeristy of New Orleans)


Josiah Dykstra, PhD (University of Maryland Baltimore County)


Florian Buchholz, PhD (James Madison University)

Workshop Chair

Frank Adelstein

Workshop Vice Chair

Elizabeth Schweinsberg (Google)

Outreach Coordinator

Andreas Schuster (Deutsche Telekom AG)

At Large

Eoghan Casey (MITRE)

At Large

Vassil Roussev, PhD (University of New Orleans)

Technical Program Committee

Frank Adelstein

David Baker


Nicole Beebe

The University of Texas at San Antonio

Robert Beverly

Naval Postgraduate School

Frank Breitinger

da/sec - Biometrics and Internet Security Research Group

Florian Buchholz

James Madison University

Juan Caballero

IMDEA Software Institute

Eoghan Casey


Lorenzo Cavallaro

Royal Holloway, University of London

K P Chow

University of Hong Kong

Jedidiah Crandall

University of New Mexico

Rinku Dewri

University of Denver

Brendan Dolan-Gavitt

Georgia Institute of Technology

Josiah Dykstra


Sarah Edwards

Crucial Security

William Enck

North Carolina State University

Barbara Endicott-Popovsky

University of Washington

Simson Garfinkel

Naval Postgraduate School

Matthew Geiger

Dell SecureWorks

Xuxian Jiang

North Carolina State University

Rob Joyce


Andrea Lanzi


Marc Liberatore

University of Massachusetts Amherst

Zhiqiang Lin

University of Texas at Dallas

Stephen McCamant

University of Minnesota

Sean Peisert

Lawrence Berkeley National Laboratory and University of California, Davis

Fernando Perez-Gonzalez

University of Vigo

Golden Richard

University of New Orleans

Vassil Roussev

University of New Orleans

Andreas Schuster

Deutsche Telekom AG

Elizabeth Schweinsberg


Clay Shields

Georgetown University

Asia Slowinska

Vrije Universiteit Amsterdam

Wietse Venema

IBM Research

Timothy Vidas

Carnegie Mellon University

Dongyan Xu

Purdue University

Joel Young

Naval Postgraduate School

Cory Altheide


Ibrahim Baggili

University of New Haven

Michael Cohen


Paul Giura

AT&T Security Research Center

Barbara Guttman


Jesse Kornblum


Jamie Levy

Verizon Terremark

Bryant Ling


Vico Marziale

504ENSICS Labs

Cindy Murphy

Madison Police Department

Gilbert Peterson

US Air Force Institute of Technology

Judson Powers


Steve Romig

The Ohio State University

Bradley Schatz

Queensland University of Technology

Jill Slay


Joe Sylve

University of New Orleans

Alissa Torres

KEYW Corporation


Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.

Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities

Dell - Platinum Sponsor

Secure Works is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyber attacks. Secure Works’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

Learn More

Google - Student Scholarship Sponsor

Google's mission is to organize the world's information and make it universally accessible and useful. Google is pleased to sponsor scholarships for students to attend DFRWS.

Learn More

DFRWS 2014 In-Kind Donation

WetStone Technologies is the award-winning Cyber Security Division of Allen Corporation of America. Since 1998, WetStone has developed software solutions that support investigators and analysts engaged in cyber-crime investigations, digital forensics, and incident response activities. We also provide comprehensive consulting services for the best practices implementation and operation of security solutions from McAfee and other industry leaders to protect our customers’ critical information assets.

Learn More