DFRWS USA 2015 was held at the Hilton Philadelphia at Penn’s Landing August 9 – 12. There were 3 invited talks, 6 workshops, 16 papers, and 6 presentations on a range of digital forensics topics from memory analysis to mobile forensics to computational forensics.
The Best Paper Award went to “Rapid Forensic Imaging of Large Disks with Sifting Collectors” by Jonathan Grier and Golden Richard.
The focus of the 2015 DFRWS Forensic Challenge was on development of GPU memory analysis tools, targeting GPU-based malware.
Conference Location:
Hilton Philadelphia at Penn's Landing Philadelphia, PA United States
August 9, 2015 to August 12, 2015
Keynotes
Luke Dembosky | Department of Justice National Security DivisionLuke Dembosky is Deputy Assistant Attorney General at the Department of Justice National Security Division (NSD), where he manages NSD's newly created portfolio covering protection of national assets, including efforts to combat economic espionage, proliferation, and cyber-based national security threats, as well as its work on the Committee on Foreign Investment in the United States. Before joining NSD, Dembosky served as Deputy Chief for Litigation at the Criminal Division's Computer Crime and Intellectual Property Section. He previously served as the DOJ representative at the U.S. Embassy in Moscow, Russia, where he represented DOJ to Russia on matters of transnational crime, including cybercrime and intellectual property crimes, and worked with Russian law enforcement and other government officials to build cooperation between the two countries. Prior to working in Moscow, Dembosky was based in Pittsburgh as a member of DOJ's Computer Hacking and Intellectual Property (CHIP) network of federal prosecutors. He has been involved in some of the largest and most groundbreaking cyber-crime prosecutions and disruptions in U.S. history, including the GameOver Zeus botnet disruption, coordination of the Silk Road takedown, and U.S. v. Max Ray Butler. Prior to entering government service, Dembosky worked in civil practice at a Philadelphia law firm and clerked for Judge Richard L. Nygaard of the U.S. Court of Appeals for the Third Circuit.
Changing the Malware Economy
Jason Updike | IntelAbstract: The malware economy provides attackers with the resources needed to buy and sell their wares. We will examine a simple representation of the malware economy in terms of a supply pyramid and discuss how we manipulate the pyramid to cause the greatest effect. New technologies in the detection of code reuse in malware and reducing the trusted compute boundary to hardware will be introduced with respect to their effect on the malware economy. We will discuss attacks in terms of risk, cost, and returns and how to use technology to increase risk/cost while reducing returns to change the economics of the malware marketplace.
Bio: Jason Upchurch is a security research scientist and Principal Investigator for Intel Security Group, Intel Corporation. He is the lead researcher at the Center of Innovation, Anti-Malware Laboratory at the United States Air Force Academy. Prior to joining Intel at the Air Force Academy, Jason was a Sr. Lead Engineer at General Dynamics and was the subject matter expert for malicious software and reverse engineering. While with General Dynamics he had the honor of serving as the section chief of the DCFL Intrusions Section and technical manager for the GD assets in the NCIJTF/AG and DCISE at the DoD Cyber Crime Center (DC3). He is currently pursuing his PhD in Engineering - Security at the University of Colorado at Colorado Springs.
Participation
Ricky Connell (Yahoo): “What keeps me up at night? – “Unsolved” problems in Incident Response”
Abstract: With all of the talk about scale, cloud, and big data, does this change the way that we need to think about digital forensics? Many standard models fall apart when you are working with a limited amount of computing, financial and even personnel resources and the potential, or actual, large intrusion. What choices get made in deciding where to focus resources, and how does that affect outcomes? How do you determine completeness for an incident or investigation? This talk will provide a perspective on forensic analysis in the context of potential intrusions of large environments, especially relating it to how forensics fits into the incident response cycle.
Bio: Ricky Connell is the Director of Incident Response of Yahoo. He leads an international team that responds to all Security Incidents and Investigations at some of the world’s busiest Internet destinations. The team’s responsibilities encompass everything from internally discovered issues to bug bounty reports through HackerOne, running through the incident response cycle, and working with all parts of Yahoo to analyze and remediate issues. Previously Ricky was at Symantec, Verisign, and Stanford University as an individual contributor in security teams and also managing security and operations teams.
Associate Technical Program Committee
Topics of Interest
- Memory analysis and snapshot acquisition
- Storage forensics, including file system and Flash
- “Big data” approaches to forensic, including collection, data mining, and large scale visualization
- Incident response and live analysis
- Virtualized environment forensics, with specific attention to the cloud and virtual machine introspection
- Malware and targeted attacks: analysis, attribution
- Network and distributed system forensics
- Event reconstruction methods and tools
- Mobile and embedded device forensics
- Digital evidence storage and preservation
- Data recovery and reconstruction
- Multimedia analysis
- Database forensics
- Tool testing and development
- Digital evidence and the law
- Case studies and trend reports
- Data hiding and discovery
- Anti-forensics and anti-anti-forensics
- Interpersonal communications and social network analysis
- Non-traditional forensic scenarios and approaches (e.g. vehicles, control systems, and SCADA)
The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to: usa-papers (at) dfrws (dot) Org
Click Here For Proposal RequirementsCommittees
Organizing Committee
Conference Chair
Tim Vidas (Carnegie Mellon University)
Conference Vice Chair
Vassil Roussev (University of New Orleans)
Program Chair
Simson Garfinkel (NIST)
Program Vice Chair
Nicole Beebe (UTSA)
Proceedings
Elizabeth Schweinsberg (Google)
Keynote
Matthew Geiger (SecureWorks)
Publicity
Dave Baker
Advertisement/Sponsorship
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
Event Management/Production
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
Finances
Rick Smith (ATC-NY)
Registration
Timothy Leschke (Johns Hopkins University)
Forensic Challenge
Golden Richard (University of New Orleans)
Web
Josiah Dykstra (National Security Agency)
Demo/Posters
Alex Nelson (NIST)
Workshop Chair
Wietse Venema (Google)
Workshop Vice Chair
Frank Adelstein (GammaTech)
Technical Program Committee
Frank Adelstein
GrammaTech
Cory Altheide
Ibrahim Baggili
University of New Haven
David Baker
DFRWS
Nicole Beebe, Ph.D.
UTSA
Frank Breitinger
University of New Haven
Florian Buchholz
James Madison University
Eoghan Casey, Ph.D.
University of Lausanne
Robert Beverly
Naval Postgraduate School
Lorenzo Cavallaro
Royal Holloway
Kim-Kwang Choo
University of South Australia
Greg Conti
USMA
Jedidiah Crandall
University of New Mexico
Rinku Dewri
University of Denver
Brendan Dolan-Gavitt
Georgia Institute of Technology
Josiah Dykstra
National Security Agency
William Enck
North Carolina State University
Greg Freemyer
Dave Dampier
Mississippi State University
Simson Garfinkel
NIST
Matthew Geiger
Dell SecureWorks
Xuxian Jiang
North Carolina State University
Rob Joyce
ATC-NY
Jesse Kornblum
Andrea Lanzi
Eurocom Institute
Christopher Lee
UNC
Brian Levine
University of Massachusetts Amherst
Marc Liberatore
University of Massachusetts Amherst
Zhiqiang Lin
University of Texas at Dallas
Stephen McCamant
University of Minnesota
Alex Nelson
NIST
Fernando Perez-Gonzalez
Universidad de Vigo
Gilbert Peterson
US Air Force Institute of Technology
Daryl Pfeif
Digital Forensics Solutions and DFRWS
Mark Pollitt
Daytona
Golden Richard
University of New Orleans
Vassil Roussev
University of New Orleans
Bradley Schatz
Schatz Forensic
Elizabeth Schweinsberg
Clay Shields
Georgetown University
Asia Slowinska
Vrije Universiteit Amsterdam
Joe Sylve
504ENSICS Labs
Wietse Venema
Timothy Vidas
Carnegie Mellon University
Dongyan Xu
Purdue University
Sponsors
Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.
Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities
Dell - Platinum Sponsor
Secure Works is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyber attacks. Secure Works’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.
Learn MoreGoogle - Student Scholarship Sponsor
Google's mission is to organize the world's information and make it universally accessible and useful. Google is pleased to sponsor scholarships for students to attend DFRWS.
Learn More