| SUNDAY | ||
|---|---|---|
| Workshop Track 1 | Workshop Track 2 | |
| 13:00 to 15:00 | Coding Digital Forensics Tools in Go (part 1) Lodovico Marziale (BlackBag Technologies) Joe Sylve (BlackBag Technologies) | Rapid, Agentless, and Scalable Forensics and Incident Response Using WARDEN Adam Meily (Assured Information Security) |
| 15:00 to 17:00 | Coding Digital Forensics Tools in Go (part 2) Lodovico Marziale (BlackBag Technologies) Joe Sylve (BlackBag Technologies) | |
| MONDAY | Main Hall | |
| 9:00 | Opening Remarks | |
| 9:15 | Keynote Address Erin Kenneally -- Department of Homeland Security | |
| 10:15 | Break | |
| 10:30 | Session 1: Memory & Executable Analysis Chair: Vassil Roussev, Ph.D. (University of New Orleans) | |
| Detecting Objective-C Malware Through Memory Forensics Andrew Case Golden Richard III, Ph.D. (University of New Orleans) | ||
| BinGold: Towards Robust Binary Analysis by Extracting the Semantics of Binary Code as Semantic Flow Graphs (SFGs) Saed Alrabaee Lingyu Wang Mourad Debbabi | ||
| Robust Bootstrapping Memory Analysis against Anti-forensics Kyoungho Lee Hyunuk Hwang Kibom Kim Bongnam Noh | ||
| 12:00 | Lunch on your own | |
| 14:00 | Session 2: Mobile & Thin Clients Chair: Frank Adelstein, Ph.D. (Cayuga Networks) | |
| Fingerprinting Android Packaging: Generating DNAs for Malware Detection by ElMouatez Billah Karbab Mourad Debbabi Djedjiga Mouheb | ||
| Rapid differential forensic imaging of mobile devices by Mark Guido, Justin Grover, and Jonathan Buttner | ||
| dbling: Identifying Extensions Installed on Encrypted Web Thin Clients by Mike Mabey, Adam Doupe, Ziming Zhao, Gail-Joon Ahn | ||
| 15:30 | Break | |
| 16:00 | Presentations I | |
| Practical Analyzing the Relation of Wallet Addresses in Bitcoin by Hiroki Kuzuno and Christian Karam | ||
| A practical approach to analyze smartphone backup data as a digital evidence by Jaehyeok Han and Sangjin Lee | ||
| Digital Forensics as a Service: an update by Harm van Beek | ||
| 17:00 to 17:15 | One-Minute Teasers for Tool Demos and poster Sessions (sign-up on-site) | |
| 18:00 to 18:30 | Poster and Demo Sessions (off-site) | |
| 18:30 to 20:00 | Welcome Reception (off-site) Location: http://www.livingcomputermuseum.org/ A shuttle bus to and from the conference hotel will be provided from 5-9 | |
| TUESDAY | Main Hall | |
| 9:00 | Administrative Remarks | |
| 9:15 | Keynote Address Troy Larson -- Microsoft | |
| 10:00 | Break | |
| 10:30 | Session 3: Anti-Forensics Chair: Golden Richard III, Ph.D. (University of New Orleans) | |
| Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy by Kevin Conlan, Ibrahim Baggili (University of New Haven),and Frank Breitinger (University of New Haven) | ||
| Time is on my side: Steganography in filesystem metadata by Sebastian Neuner, Artemios Voyiatzis, Martin Schmiedecker (SBA Research), Stefan Brunthaler, Stefan Katzenbeisser, and Edgar Weippl | ||
| Deleting collected digital evidence by exploiting a widely adopted hardware write blocker by Christopher Meffert, Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven) | ||
| 12:00 | Lunch on your own | |
| 14:00 | Session 4: Data Recovery Chair: Matthew Geiger (Dell SecureWorks) | |
| Database Image Content Explorer: Carving Data That Does Not Officially Exist by James Wagner, Alexander Rasin, and Jonathan Grier | ||
| Recovery of Heavily Fragmented JPEG Files by Yanbin Tang, Junbin Fang, K.P. Chow (University of Hong Kong), Siu Ming, Jun Xu, Bo Feng, Qiong Li, and Qi Han | ||
| Recovery method of deleted records and tables from ESE Database by Kim Jeonghyeon Park Aran Lee Sangjin | ||
| 15:30 | Break | |
| 16:00 | Presentations II | |
| Forensic investigations in SDN networks Izzat Alsmadi Samer Khamaiseh Data Sets Available from the National Software Reference Library by Douglas White | ||
| Data Sets Available from the National Software Reference Library by Douglas White | ||
| 16:45 to 17:15 | Forensic Challenge Presentation and Prizes | |
| 18:00 to 19:30 | Banquet | |
| 19:30 to 22:00 | Forensic Rodeo | |
| WEDNESDAY | Main Hall | |
| 9:30 | Session 5: Artifact Identification and Search Chair: Elizabeth Schweinsberg (Google) | |
| CuFA: a more formal definition for digital forensic artifacts by Vikram Harichandran, Daniel Walnycky, Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven) | ||
| InVEST: Intelligent Visual Email Search and Triage by Jay Koven, Enrico Bertini, Luke Dubois, and Nasir Memon | ||
| PeekaTorrent: Leveraging P2P Hash Values for Digital Forensics by Sebastian Neuner, Martin Schmiedecker (SBA Research), and Edgar Weippl | ||
| 11:00 | Works in Progress | |
| 11:15 | Closing Comments | |
| 11:30 | Lunch on your own | |
| Workshop 1 | Workshop 2 | |
| 13:30 to 15:30 | Hands-On With Open Source Similarity Digests Jon Oliver | Using GRR and Rekall for Scalable Memory Analysis (part 1) Michael Cohen (Google) |
| 15:30 to 17:30 | IED Forensics: Hunting the IED Engineer Larry Leibrock | Using GRR and Rekall for Scalable Memory Analysis (part 2) Michael Cohen (Google) |