Sunday, July 14, 2019
Workshop 1Workshop 2
13:00 to 15:00Introducing a New Method for Chip-Off Success: Vapor Phase Workshop by Steve Watson (VTO Labs) and David Rathbone (VTO Labs)KAPE: What’s all the buzz about? Workshop by Mark Hallman (SANS Institute)
15:00 to 15:15Break: Refreshments in the Foyer
15:15 to 17:15Behind the scenes of memory extraction Workshop by Joe FitzPatrickIntroduction to Ghidra Malware Analysis Workshop by Erika Noerenberg (Carbon Black)
Monday, July 15, 2019
Columbia Falls Ballroom
8:45 to 9:00Opening Remarks
9:00 to 10:15Keynote Address
Sarah Edwards, SANS Institute
10:15 to 10:30Break: Refreshments in the Foyer
10:30 to 11:30Session I: Memory Forensics
Chair: Andrew White (Dell Secureworks)
Windows Memory Forensics: Detecting (un)intentionally hidden injected Code by examining Page Table Entries by Frank Block (ERNW Research GmbH) and Andreas Dewald (ERNW Research GmbH) Best Paper
Inception: Virtual Space in Memory Space in Real Space -- Memory Forensics of Immersive Virtual Reality with the HTC Vive by Peter Casey (University of New Haven), Rebecca Lindsay-Decusati (University of New Haven), Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven)
11:30 to 12:50Lunch with Birds of a Feather
12:50 to 13:00Works in Progress
Share a new idea or project in 5 minutes or less! Sign up on site.
13:00 to 15:00Session II: Files and Filesystem Forensics
Chair: Alex Nelson, Ph.D. (NIST)
Syntactical File Carving and Automated Generation of Reproducible Datasets by Jan-Niclas Hilgert (Fraunhofer FKIE), Martin Lambertz (Fraunhofer FKIE), Mariia Rybalka (Fraunhofer FKIE), and Roman Schell (Fraunhofer FKIE)
bring2lite: A structural Concept and Tool for Forensic Data Analysis and Recovery of Deleted SQLite Records by Christian Meng (da/sec Biometrics and Internet Security Research Group, Hochschule Darmstadt) and Harald Baier (da/sec Biometrics and Internet Security Research Group, Hochschule Darmstadt)
DB3F & DF-Toolkit: The Database Forensic File Format and the Database Forensic Toolkit by James Wagner (DePaul University), Alexander Rasin (DePaul University), Karen Heart (DePaul University), Rebecca Jacob (DePaul University), and Jonathan Grier (Grier Forensics)
Using NTFS Cluster Allocation Behavior to Find the Location of User Data by Martin Karresand (Norwegian University of Science and Technology), Stefan Axelsson (Norwegian University of Science and Technology), and Geir Olav Dyrkolbotn (NTNU)
15:00 to 15:30Break: Refreshments in the Foyer
15:30 to 17:00Presentations: Access & Accessibility
Chair: Jessica Hyde (George Mason University / Magnet Forensics )
Extreme Damaged Devices by
Steve Watson (VTO Labs)
Forensic Jailbreaking of iOS devices by Bradley Schatz, Ph.D. (Schatz Forensic)
Introducing Digital Forensics Science in a Virtual Learning Environment by Eoghan Casey, Ph.D. (University of Lausanne), Daryl Pfeif (Digital Forensics Solutions and DFRWS), and Cassy Soden
CASE the Cyber-investigation Analysis Standard Expression by Vik Harichandran (MITRE), Cory Hall (MITRE), Andrew Sovern, Deborah Nichols, Navaneeth Subramanian, and Trevor Bobka
19:00 to 21:30Reception on the Portland Spirit
Join us for a 2.5 hour evening welcome reception, river cruise and dinner.
Tuesday, July 16, 2019
Columbia Falls Ballroom
8:55 to 9:00Opening Remarks
9:00 to 10:15Keynote Address
Jonathan Levin
CTO, Technologeeks
10:15 to 10:30Break: Refreshments in the Foyer
10:30 to 12:00Presentations: Artefacts & Interpretation
Chair: Erika Noerenberg (Carbon Black)
Android Auto & Google Assistant – How Google Encourages Hands-Free Motoring by Joshua Hickman
School Cyber Risk & Challenges for Community Oriented Policing, Crime Prevention, and Investigations by
Nicholas Dubois
An Incomplete Tour of the Forensic Implications of the Windows 10 Activity Timeline by Vico Marziale, Ph.D. (BlackBag Technologies)
Memory forensics as Triage Analysis by Aaron Sparling
12:00 to 13:20Lunch and Posters
13:20 to 13:30Works in Progress
13:30 to 15:30Session III: IoT Forensics
Chair: Frank Adelstein, Ph.D. (NFA Digital)
Forensic analysis of the Nintendo 3DS NAND by Gus Pessolano (Norwich University), Huw Read (Norwich University), Iain Sutherland (Noroff University College), and Konstantinos Xynos (Noroff University College)
Forensic analysis of water damaged mobile devices by Aya Fukami and Kazuhiro Nishimura
Digital Forensic Practices and Methodologies for AI Speaker Ecosystems by Wooyeon Jo (Ajou University), Yeonghun Shin (Ajou University), Hyungchan Kim (Ajou University), Dongkyun Yoo (Ajou University), Donghyun Kim (KITRI BoB), Cheulhoon Kang (Supreme Prosecutor's Office, Republic of Korea), Jongmin Jin (Supreme Prosecutor's Office, Republic of Korea), Junghoon Oh (Supreme Prosecutor's Office, Republic of Korea), Bitna Na (Ajou University), and Taeshik Shon (Ajou University)
Leveraging Electromagnetic Side-Channel Analysis for the Investigation of IoT Devices by Asanka Sayakkara (University College Dublin), Nhien An Le Khac (University College Dublin), and Mark Scanlon, Ph.D. (University College Dublin)
15:30 to 15:50Break: Refreshments in the Foyer
15:50 to 16:00Awards
Join us for the announcement of the Best Paper Award
16:00 to 17:10Presentations: Cognition, Introspection, & Perception
Chair: Matthew Geiger (Qintel)
Detection of Lateral Movement Across Valid Accounts by Using Human Behavior in the Physical Environment by Tomohiko Yano
Not Your Father’s Forensics: Concept Searching for Data Forensic Investigations: Uncover what keywords miss by Warren G. and Robert Kruse
Forensic String Search Tool Quirks or What I Learned Testing String Search Tools by James Lyle
17:10 to 17:30DFRWS Forensic Challenge Presentation
The winners of the 2019 Forensic Challenge will present their submission.
18:00 to 19:30Banquet
The Banquet will be held on-site in the Willamette Falls / University Grill Lounge & Restaurant. Join us for dinner and camaraderie.
19:30 to 22:00Forensics Rodeo
The DFRWS Rodeo is a team based event where participants group together to solve forensically themed challenges in order to score points. The Rodeo is open to all attendees of the conference, regardless of ability level, and is designed to be a lighthearted social event where participants can meet new people and learn new skills. Stick around after the banquet to participate and try to win some prizes! To learn more about the rodeo, try out previous challenges or read challenge write-ups, go to
Wednesday, July 17, 2019
Columbia Falls Ballroom
9:25 to 9:30Opening Remarks
9:30 to 11:30Session IV: Special Topics in Forensics
Chair: Wietse Venema, Ph.D. (Google)
HookTracer: A System for Automated and Accessible API Hooks Analysis by Golden Richard III, Ph.D. (Louisiana State University), Andrew Case (Volexity), Aisha Ali-Gombe, Mingxuan Sun, Ryan Maggio, Md Firoz-Ul-Amin, and Mohammad Jalalzai
FbHash: A New Similarity Hashing Scheme for Digital Forensics by Donghoon Chang, Mohona Ghosh, Somitra Sanadhya, Monika Singh, and Douglas White (NIST)
A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) by Laura Sanchez (University of New Haven), Cinthya Grajeda Mendez (University of New Haven), Ibrahim Baggili (University of New Haven), and Cory Hall (MITRE)
AFF4-L: A scalable open logical evidence container by Bradley Schatz, Ph.D. (Schatz Forensic)
11:30 to 11:50Closing Remarks
11:50 to 13:00Lunch on Wednesday
Workshop 1Workshop 2
13:00 to 17:00The Cyber-investigation Analysis Standard Expression (CASE) Workshop by Cory Hall (MITRE)Investigating LOLBins & Scripts Workshop by Alissa Torres
18:00 to 20:00Wrap Party @ Ground Kontrol