DFRWS USA 2015 was held at the Hilton Philadelphia at Penn’s Landing August 9 – 12.  There were 3 invited talks, 6 workshops, 16 papers, and 6 presentations on a range of digital forensics topics from memory analysis to mobile forensics to computational forensics.

The Best Paper Award went to “Rapid Forensic Imaging of Large Disks with Sifting Collectors” by Jonathan Grier and Golden Richard.

The focus of the 2015 DFRWS Forensic Challenge was on development of GPU memory analysis tools, targeting GPU-based malware.

Conference Location:

Hilton Philadelphia at Penn's Landing Philadelphia, PA United States

August 9, 2015 to August 12, 2015

Keynotes

Luke Dembosky | Department of Justice National Security Division

Luke Dembosky is Deputy Assistant Attorney General at the Department of Justice National Security Division (NSD), where he manages NSD's newly created portfolio covering protection of national assets, including efforts to combat economic espionage, proliferation, and cyber-based national security threats, as well as its work on the Committee on Foreign Investment in the United States. Before joining NSD, Dembosky served as Deputy Chief for Litigation at the Criminal Division's Computer Crime and Intellectual Property Section. He previously served as the DOJ representative at the U.S. Embassy in Moscow, Russia, where he represented DOJ to Russia on matters of transnational crime, including cybercrime and intellectual property crimes, and worked with Russian law enforcement and other government officials to build cooperation between the two countries. Prior to working in Moscow, Dembosky was based in Pittsburgh as a member of DOJ's Computer Hacking and Intellectual Property (CHIP) network of federal prosecutors. He has been involved in some of the largest and most groundbreaking cyber-crime prosecutions and disruptions in U.S. history, including the GameOver Zeus botnet disruption, coordination of the Silk Road takedown, and U.S. v. Max Ray Butler. Prior to entering government service, Dembosky worked in civil practice at a Philadelphia law firm and clerked for Judge Richard L. Nygaard of the U.S. Court of Appeals for the Third Circuit.

Changing the Malware Economy

Jason Updike | Intel

Abstract: The malware economy provides attackers with the resources needed to buy and sell their wares. We will examine a simple representation of the malware economy in terms of a supply pyramid and discuss how we manipulate the pyramid to cause the greatest effect. New technologies in the detection of code reuse in malware and reducing the trusted compute boundary to hardware will be introduced with respect to their effect on the malware economy. We will discuss attacks in terms of risk, cost, and returns and how to use technology to increase risk/cost while reducing returns to change the economics of the malware marketplace.

Bio: Jason Upchurch is a security research scientist and Principal Investigator for Intel Security Group, Intel Corporation. He is the lead researcher at the Center of Innovation, Anti-Malware Laboratory at the United States Air Force Academy. Prior to joining Intel at the Air Force Academy, Jason was a Sr. Lead Engineer at General Dynamics and was the subject matter expert for malicious software and reverse engineering. While with General Dynamics he had the honor of serving as the section chief of the DCFL Intrusions Section and technical manager for the GD assets in the NCIJTF/AG and DCISE at the DoD Cyber Crime Center (DC3). He is currently pursuing his PhD in Engineering - Security at the University of Colorado at Colorado Springs.

Participation

Ricky Connell (Yahoo): “What keeps me up at night? – “Unsolved” problems in Incident Response”

Abstract: With all of the talk about scale, cloud, and big data, does this change the way that we need to think about digital forensics? Many standard models fall apart when you are working with a limited amount of computing, financial and even personnel resources and the potential, or actual, large intrusion. What choices get made in deciding where to focus resources, and how does that affect outcomes? How do you determine completeness for an incident or investigation? This talk will provide a perspective on forensic analysis in the context of potential intrusions of large environments, especially relating it to how forensics fits into the incident response cycle.

Bio: Ricky Connell is the Director of Incident Response of Yahoo. He leads an international team that responds to all Security Incidents and Investigations at some of the world’s busiest Internet destinations. The team’s responsibilities encompass everything from internally discovered issues to bug bounty reports through HackerOne, running through the incident response cycle, and working with all parts of Yahoo to analyze and remediate issues. Previously Ricky was at Symantec, Verisign, and Stanford University as an individual contributor in security teams and also managing security and operations teams.

Associate Technical Program Committee

Irfan Ahmed (University of New Orleans)
Stefan Axelsson (Norwegian University of Science and Technology)
Masooda Bashir (Illinois)
Ralf Brown (CMU)
Michael Cohen (Google)
Dave Dampier (Mississippi State University)
Sarah Edwards (SANS Institute)
Paul Giura (AT&T Security Research Center)
Sanjay Goel (Univeristy of Alband)
Barbara Guttman (NIST)
Jamie Levy (Volatility)
Bryant Ling (FBI)
David Loveall (FBI)
Vico Marziale (BlackBag Technologies)
Cindy Murphy (Madison Police Department)
Judson Powers (ATC-NY)
Tu-Thach Quach (Sandia National Laboratories)
Steve Romig (Ohio State University)
Neil Rowe (Naval Postgraduate School)
Andreas Schuster (BFK edv-consulting GmbH)
Kathryn Seigfried-Spellar (Purdue University)
Jill Slay (La Trobe University)
Liang Zhenkai (National University of Singapore)
Ezhil Kalaimannan (UWF)

Topics of Interest

  • Memory analysis and snapshot acquisition
  • Storage forensics, including file system and Flash
  • “Big data” approaches to forensic, including collection, data mining, and large scale visualization
  • Incident response and live analysis
  • Virtualized environment forensics, with specific attention to the cloud and virtual machine introspection
  • Malware and targeted attacks: analysis, attribution
  • Network and distributed system forensics
  • Event reconstruction methods and tools
  • Mobile and embedded device forensics
  • Digital evidence storage and preservation
  • Data recovery and reconstruction
  • Multimedia analysis
  • Database forensics
  • Tool testing and development
  • Digital evidence and the law
  • Case studies and trend reports
  • Data hiding and discovery
  • Anti-forensics and anti-anti-forensics
  • Interpersonal communications and social network analysis
  • Non-traditional forensic scenarios and approaches (e.g. vehicles, control systems, and SCADA)

The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to: usa-papers (at) dfrws (dot) Org

Click Here For Proposal Requirements

Committees

Organizing Committee

Conference Chair

Tim Vidas (Carnegie Mellon University)

Conference Vice Chair

Vassil Roussev (University of New Orleans)

Program Chair

Simson Garfinkel (NIST)

Program Vice Chair

Nicole Beebe (UTSA)

Proceedings

Elizabeth Schweinsberg (Google)

Keynote

Matthew Geiger (SecureWorks)

Publicity

Dave Baker

Advertisement/Sponsorship

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Event Management/Production

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Finances

Rick Smith (ATC-NY)

Registration

Timothy Leschke (Johns Hopkins University)

Forensic Challenge

Golden Richard (University of New Orleans)

Web

Josiah Dykstra (National Security Agency)

Demo/Posters

Alex Nelson (NIST)

Workshop Chair

Wietse Venema (Google)

Workshop Vice Chair

Frank Adelstein (GammaTech)

Technical Program Committee

Frank Adelstein

GrammaTech

Cory Altheide

Google

Ibrahim Baggili

University of New Haven

David Baker

DFRWS

Nicole Beebe, Ph.D.

UTSA

Frank Breitinger

University of New Haven

Florian Buchholz

James Madison University

Eoghan Casey, Ph.D.

University of Lausanne

Robert Beverly

Naval Postgraduate School

Lorenzo Cavallaro

Royal Holloway

Kim-Kwang Choo

University of South Australia

Greg Conti

USMA

Jedidiah Crandall

University of New Mexico

Rinku Dewri

University of Denver

Brendan Dolan-Gavitt

Georgia Institute of Technology

Josiah Dykstra

National Security Agency

William Enck

North Carolina State University

Greg Freemyer

Dave Dampier

Mississippi State University

Simson Garfinkel

NIST

Matthew Geiger

Dell SecureWorks

Xuxian Jiang

North Carolina State University

Rob Joyce

ATC-NY

Jesse Kornblum

Facebook

Andrea Lanzi

Eurocom Institute

Christopher Lee

UNC

Brian Levine

University of Massachusetts Amherst

Marc Liberatore

University of Massachusetts Amherst

Zhiqiang Lin

University of Texas at Dallas

Stephen McCamant

University of Minnesota

Alex Nelson

NIST

Fernando Perez-Gonzalez

Universidad de Vigo

Gilbert Peterson

US Air Force Institute of Technology

Daryl Pfeif

Digital Forensics Solutions and DFRWS

Mark Pollitt

Daytona

Golden Richard

University of New Orleans

Vassil Roussev

University of New Orleans

Bradley Schatz

Schatz Forensic

Elizabeth Schweinsberg

Google

Clay Shields

Georgetown University

Asia Slowinska

Vrije Universiteit Amsterdam

Joe Sylve

504ENSICS Labs

Wietse Venema

Google

Timothy Vidas

Carnegie Mellon University

Dongyan Xu

Purdue University

Sponsors

Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.

Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities

Dell - Platinum Sponsor

Secure Works is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyber attacks. Secure Works’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.

Learn More

Google - Student Scholarship Sponsor

Google's mission is to organize the world's information and make it universally accessible and useful. Google is pleased to sponsor scholarships for students to attend DFRWS.

Learn More