Tuesday, March 21, 2017
HeiligenbergMainauReichenauUberlingen
9:00Forensic Artifacts in Windows 10 Workshop
Roman Locher (Arina AG)		Workshop
Martin Westman (MSAB)
10:30Break / Networking
11:00Chip Off Workshop
Sasha Sheremetov (Rusolut)		Building Forensics Tools in Go Workshop (Part 1)
Joe Sylve, Ph.D. (BlackBag Technologies)Vico Marziale, Ph.D. (BlackBag Technologies)
12:30Lunch
13:00Chip Off Workshop
Sasha Sheremetov (Rusolut)		Introduction to Digital Forensic Prolog Workshop
Pavel Gladyshev, Ph.D. (University College Dublin)		Hands-on Introduction to MattockFS Workshop
Rob Meijer		Building Forensics Tools in Go Workshop (Part 2)
Joe Sylve, Ph.D. (BlackBag Technologies)Vico Marziale, Ph.D. (BlackBag Technologies)
18:00Reception
Wednesday, March 22, 2017
Heiligenberg
8:45Announcements
9:00Keynote Address
Freddy Dezure
CERT-EU
10:00Break / Networking
10:30Session I : Memory Analysis
Chair: Pavel Gladyshev, Ph.D. (University College Dublin)
Improving the Reliability of Chip-Off Forensic Analysis of NAND Flash Memory Devices
Aya Fukami, Saugata Ghose, Yixin Luo, Yu Cai, and Onur Mutlu
Bit-Errors as a Source of Forensic Information in NAND Flash Memory
Jan Peter van Zandwijk
Picking Up the Trash: Exploiting Generational GC for Memory Analysis
Adam Pridgen, Simson Garfinkel, Ph.D. (NIST), and Dan Wallach
12:00Lunch
13:00Keynote Address
Patrick Lodder
SWIFT
14:00Break / Networking
14:30Session II : Training & Processes
Chair: Eoghan Casey, Ph.D. (University of Lausanne)
EviPlant: An Efficient Digital Forensic Challenge Creation, Manipulation and Distribution Solution
Mark Scanlon, Ph.D. (University College Dublin), Xiaoyu Du, and David Lillis (University College Dublin)
Do Digital Investigators Have To Program? A Controlled Experiment in Digital Investigation
Felix Freiling (Friedrich-Alexander-University) and Christian Zoubek
17:00Reception
17:45Castle Tour
19:30Keynote Address
Peter van Koppen
VU University Amsterdam
Thursday, March 23, 2017
Heiligenberg
9:00Keynote Address
Martin Lühning
Baden-Württemberg State Bureau of Investigation
10:00Break / Networking
10:30Session III: Network Forensics
Chair: Bruce Nikkel, Ph.D. (Bern University of Applied Sciences)
Evidence Gathering for Network Security and Forensics
Dinil Mon Divakaranm Kar Wai Fok, Ido Nevat, and Vrizlynn Thing
Behavioral Service Graphs: A Formal Data-Driven Approach for Prompt Investigation of Enterprise and Internet-Wide Infections
Elias Bou-Harb (National Cyber Forensics and Training Alliance / Concordia University) and Mark Scanlon, Ph.D. (University College Dublin)
Network Forensic Investigation in OpenFlow Networks with ForCon
Daniel Spiekermann, Jorg Keller, and Tobias Eggendorfer
12:00Lunch
13:00Session IV: Storage and File Systems
Chair: Bruce Nikkel, Ph.D. (Bern University of Applied Sciences)
Force Open: Lightweight Black Box File Repair
Karl Wust, Petar Tsankov, Sasa Radomirovic, Mohammad Torabi Dashti
AFEIC: Advanced Forensic Ext4 Inode Carving
Andreas Dewald and Sabine Seufert
Selective Deletion of Non-Relevant Data
Christian Zoubek and Konstantin Sack
14:30Poster Pitch / Lightning Talk
15:30Break / Networking
16:00Session V: Cloud and Data Exfiltration
Chair: Mark Scanlon, Ph.D. (University College Dublin)
Forensic Analysis of Deduplicated File Systems
Dario Lanterna and Antonio Barili
Characterizing Loss of Forensic Information due to Abstraction Layers
Felix Freiling (Friedrich-Alexander-University), Thomas Glanzmann, and Hans Reiser
17:00Conference Wrap-Up
18:00Planning Session EU 2018