| Sunday, August 9, 2015 | |||
|---|---|---|---|
| Workshop Track 1 | Workshop Track 2 | ||
| 1:00-3:00pm | GRR Rapid Response, Part 1 | Creating forensic tools in Go | |
| 3:00-5:00pm | GRR Rapid Reponse, Part 2 | Vehicle Forensics | |
| 5:30 PM | Registration closes | ||
| Monday, August 10, 2015 | |||
| 9:00 AM | Opening Remarks | ||
| 9:15 AM | Keynote Address Luke Dembosky, Deputy Assistant Attorney General, Department of Justice National Security Division | ||
| 10:15 AM | Break | ||
| 10:30 AM | SESSION 1: Malware Analysis Session Chair: Vassil Roussev | ||
| "The Impact of GPU-Assisted Malware on Memory Forensics: A Case Study" by Davide Balzarotti, Roberto Di Pietro and Antonio Villani | |||
| "Advancing Mac OS X Rootkit Detection" by Andrew Case and Golden Richard | |||
| "Graph-Theoretic Characterization of Cyber-threat Infrastructures" by Amine Boukhtouta, Djedjiga Mouheb, Mourad Debbabi, Omar Alfandi, Farkhund Iqbal and May El Barachi | |||
| 12:00 PM | Lunch on your own | ||
| 1:40 PM | Forensic Challenge Presentations and Prizes | ||
| 2:00 PM | SESSION 2: Acquisition and E-Discovery Session Chair: Wietse Venema | ||
| "Rapid Forensic Imaging of Large Disks with Sifting Collectors" by Jonathan Grier and Golden Richard -- Best Paper Award | |||
| "Extending the AFF4 container format for scalable acquisition and live analysis" by Bradley Schatz | |||
| "LINCS: Towards Building a Trustworthy Litigation Hold Enabled Cloud Storage System" by Shams Zawoad, Ragib Hasan and John Grimes | |||
| 3:30 PM | Break | ||
| 4:00 PM | PRESENTATIONS I Session Chair: Elizabeth Schweinsberg | ||
| "Inferring Past Activity from Partial Digital Artifacts" by James Jones, Tahir Khan, Kathryn Laskey, Alexander Nelson, Mary Laamanen and Douglas White | |||
| "Visualizing the Version-Controlled Filesystem" by Jon Stewart and Zack Weger | |||
| "Finding your naughty BITS" by Matthew Geiger | |||
| 5:00 PM | One-Minute Teasers for Tool Demos and Poster Session | ||
| 5:20 PM | 2016 DFRWS Challenge by Michael McCarrin, Brian Greunke, and Robert Beverly (pres) | ||
| 5:30 PM | Welcome Reception(Poster and Demo Session) | ||
| Tuesday, August 11, 2015 | |||
| 9:00 AM | Administrative Remarks | ||
| 9:05 AM | Keynote Address Jason Upchurch, Intel | ||
| 10:00 AM | Break | ||
| 10:25 AM | SESSION 3: Android & Network Forensics Session Chair: Frank Adelstein | ||
| "New acquisition method based on firmware update protocols for Android smartphones" by Seung Jei Yang, Jung Ho Choi, Ki Bom Kim and Tae Joo Chang | |||
| "Network and device forensic analysis of Android social-messaging applications" by Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Frank Breitinger and Jason Moore | |||
| "Detecting very large sets of referenced files at 40/100 GbE, especially MP4 files" by Adrien Larbanet, Jonas Lerebours and Jean Pierre David | |||
| 11:55 AM | Lunch on your own | ||
| 1:25 PM | Invited talk Ricky Connell, Director of Incident Response, Yahoo! | ||
| 2:15 PM | SESSION 4: Computational Forensics Session Chair: Josiah Dykstra | ||
| "Hash-Based Carving: Searching media for complete files and file fragments with sector hashing and hashdb" by Simson Garfinkel and Michael McCarrin | |||
| "Database Forensic Analysis through Internal Structure Carving" by James Wagner, Alexander Rasin and Jonathan Grier | |||
| "E-mail Authorship Attribution using Customized Associative Classification" by Michael Schmid, Farkhund Iqbal and Benjamin Fung | |||
| 3:45 PM | Break | ||
| 4:10 PM | PRESENTATIONS II Session Chair: Alex Nelson | ||
| "Federated Testing: Shared Test Materials from the CFTT Program at NIST" by Ben Livelsberger and James Lyle | |||
| "The Chain of Custody: A big misconception?" by Tobias Eggendorfer | |||
| "Video Authentication Using File Structure and Metadata" by Jake Hall | |||
| 6:00 PM | Banquet | ||
| 7:30 PM | Forensic Rodeo | ||
| Wednesday, August 12, 2015 | |||
| 8:00 AM | Registration / Breakfast | ||
| 9:00 AM | SESSION 5: Archival and Reverse Engineering Session Chair: Golden Richard | ||
| "Privacy Preserving Email-Forensics" by Frederik Armknecht, Andreas Dewald and Michael Gruhn | |||
| "Archival Science, Digital Forensics, and New Media Art" by Dianne Dietrich and Frank Adelstein | |||
| "BinComp: A Practical Approach to Compiler Provenance Attribution" by Saed Alrabaee, Paria Shirani, Mourad Debbabi, Ashkan Rahimian and Lingyu Wang | |||
| "Automatic Classification of Object Code Using Machine Learning" by John Clemens | |||
| 11:00 AM | Works in Progress | ||
| 11:15 AM | Closing Comments | ||
| 11:30 AM | Lunch on your own | ||
| Workshop Track 1 | Workshop Track 2 | Workshop Track 3 | |
| 1:00-5:00pm | Reverse Engineering with Rekall | Bitcurator: Redacting and providing access to data from disk images | Python scripting in Autopsy |
| 6:00 PM | DFRWS 2016 Planning Session aboard the Moshulu, "the world's oldest and largest square rigged sailing vessel still afloat" | ||
| Thursday, August 13, 2015 | |||
| 9:00 AM | Digital Forensics Curriculum Standards 3rd Workshop (6 hours) | ||