| Sunday, August 3, 2014 | ||
|---|---|---|
| 11:30 AM | Registration Opens | |
| Workshop Track 1 | Workshop Track 2 | |
| 1:00 PM | GRR Tutorial Part 1 | RE(:) go |
| 3:00 PM | GRR Tutorial Part 2 | SQLite Analysis (Note: this session runs 3:00pm-5:00pm) |
| 5:30 PM | Registration closes | |
| Monday, August 4, 2014 | ||
| 9:00 AM | Opening Remarks - Wietse Venema | |
| 9:15 AM | Keynote Address Catalin Grigoras (University of Colorado at Denver) |
|
| 10:15 AM | Break | |
| 10:30 AM | SESSION 1: Memory Chair: Josiah Dykstra |
|
| "In Lieu of Swap: Analyzing Compressed RAM in Mac OS X and Linux" by Golden G. Richard III and Andrew Case -- Best Paper | ||
| "Image-Based Kernel Fingerprinting" by Vassil Roussev, Irfan Ahmed and Thomas Sires | ||
| "Testing the Forensic Soundness of Forensic Examination Environments on Bootable Media" by Ahmed Abdel Latif Mohamed, Andrew Marrington, Farkhund Iqbal and Ibrahim Baggili | ||
| 12:00 PM | Lunch on your own | |
| 2:00 PM | SESSION 2: Files Chair: Elizabeth Schweinsberg |
|
| "Design Tradeoffs for Developing Fragmented Video Carving Tools" by Eoghan Casey and Rikkert Zoun | ||
| "Extracting Hidden Messages in Steganographic Images" by Tu-Thach Quach | ||
| 3:00 PM | Break | |
| 3:30 PM | PRESENTATIONS I Chair: Vassil Roussev |
|
| "The National Software Reference Library" by Douglas White (NIST) | ||
| "These Logs Were Made for Talking" by Matt Bromiley (505Forensics) | ||
| "Information Assurance in a distributed forensic cluster - FCluster and FClusterfs" by Nick Pringle and Mikhaila Burgess (University of South Wales) | ||
| "Enabling Digital Forensics Practices in Libraries, Archives and Museums: The BitCurator Experience" by Christopher A. Lee and Kam Woods (University of North Carolina, Chapel Hill) | ||
| 4:30 PM | Five-Minute Teasersfor Tool Demos and poster session | |
| 5:00 PM | Welcome Reception(Poster and Demo session) | |
| Tuesday, August 5, 2014 | ||
| 8:00 AM | Registration/Breakfast | |
| 9:00 AM | Administrative Remarks | |
| 9:05 AM | Keynote Address Travis Goodspeed |
|
| 10:00 AM | Break | |
| 10:30 AM | SESSION 3: Non-traditional devices Chair: Golden Richard |
|
| "Cooperative mode: Comparative storage metadata verification applied to the Xbox 360" by Alex Nelson, Erik Steggall and Darrell Long | ||
| "Preliminary forensic analysis of the Xbox One" by Jason Moore, Ibrahim Baggili, Andrew Marrington and Armindo Rodrigues | ||
| "Digital Investigations for IPv6-Based Wireless Sensor Networks" by Vijay Kumar, George Oikonomou, Theo Tryfonas, Dan Page and Iain Phillips | ||
| 12:00 PM | Lunch on your own | |
| 2:00 PM | SESSION 4: Formalisms Chair: Frank Adelstein |
|
| "Developing a New Digital Forensics Curriculum" by Anthony Lang, Masooda Bashir, Roy Campbell and Lizanne Destefano | ||
| "VMI-PL: A Monitoring Language for Virtual Platforms Using Virtual Machine Introspection" by Florian Westphal, Stefan Axelsson, Christian Neuhaus and Andreas Polze | ||
| "A Complete Formalized Knowledge Representation Model for Advanced Digital Forensics Timeline Analysis" by Yoan Chabot, Aurelie Bertaux, Christophe Nicolle and Tahar Kechadi | ||
| 3:15 PM | Break | |
| 3:30 PM | PRESENTATIONS II Chair: Simson Garfinkel |
|
| "The Regional Computer Forensics Lab System" by Sean K. O'Brien (FBI) | ||
| "Memory Forensics with Hyper-V Virtual Machines" by Wyatt Roersm (NVINT) | ||
| "The application of reverse engineering techniques against the Arduino microcontroller to acquire uploaded applications" by Steve Watson (Intel) | ||
| 4:45 PM | DFRWS 2014 Forensic Challenge presentations and prizes | |
| 6:00 PM | Banquet Best Paper Award |
|
| 7:30 PM | Forensic Rodeo Champions:idontworkatgoogle: Andreas Moser, Eric Mak and Johannes Stuettgen. |
|
| Wednesday, August 6, 2014 | ||
| 8:00 AM | Registration/Breakfast | |
| 9:00 AM | SESSION 5: Data acquisition & mining Chair: Wietse Venema |
|
| "A forensically robust method for acquisition of iCloud data" by Kurt Oestreicher | ||
| "Multidimensional Investigation of Source Port 0 Probing" by Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh and Mourad Debbabi -- Best Student Paper | ||
| "Ranking algorithms for digital forensic string search hits" by Nicole Beebe and Lishu Liu | ||
| 11:00 AM | Short Presentations & Works in Progress (5 minutes each) |
|
| 11:15 AM | Closing Comments | |
| 11:30 AM | Lunch on your own | |
| Workshop Track 1 | Workshop Track 2 | |
| 1:00 PM | Timeline Analysis | Memory Forensics, beginner level |
| 6:30 PM | Dinner & DFRWS 2015 / 2016 Planning Session (Not Included in Registration Fee) |
|
| Thursday, August 7, 2014 | ||
| 9:00 AM | Digital Forensics Curriculum Standards 2nd Workshop (8 hours) | |