Sunday, August 6, 2017
Salon F - 6th FloorSalon G - 6th Floor
13:00to17:00A Light Introduction to Linux Malware Analysis Workshop
Adam Pridgen
SMS Recovery From NAND Memory of Erased eMMC Chip Workshop
Sasha Sheremetov (Rusolut)
Monday, August 7, 2017
Salon G - 6th Floor
9:00Welcome / Announcements
9:15Keynote Address
Kara Nance
Virginia Tech
10:15Break / Networking
10:30Session I - Papers: Artefacts & Interpretation 1
Chair: Frank Adelstein, Ph.D. (NFA Digital)
DROP (DRone Open source Parser) Your Drone - Forensic Analysis of the DJI Phantom III
Devon Clark, Christopher Meffert (University of New Haven), Ibrahim Baggili (University of New Haven), and Frank Breitinger (University of New Haven)
Digital Forensic Approaches for Amazon Alexa Ecosystem
Hyunji Chung, Jungheum Park, and Sangjin Lee
Leveraging the SRTP protocol for Over-The-Network Memory Acquisition of a GE Fanuc Series 90-30
Denton George, Filip Karpisek, Frank Breitinger (University of New Haven), and Ibrahim Baggili (University of New Haven)
12:00Lunch (On Your Own)
14:00Session II - Papers: Scale
Chair: Alex Nelson, Ph.D. (NIST)
SCARF: A Container-Based Approach to Cloud-Scale Digital Forensic Processing
Christopher Stelly (University of New Orleans) and Vassil Roussev, Ph.D. (University of New Orleans)
Insights Gained From Constructing a Large Scale Dynamic Analysis Platform
Cody Miller, Dae Glendowne, Henry Cook, Demarcus Thomas, Patrick Pape, and Chris Lanclos
15:00Break / Networking
15:30Session III - Presentations 1
Chair: Elizabeth Schweinsberg (Facebook)
Virtualization-Based Security: A Forensics Perspective
Jason Hale
Use of Generalized Hough Transform on Interpretation of Memory Dumps
Paulo Roberto Nunes de Souza (University College Dublin) and Pavel Gladyshev, Ph.D. (University College Dublin)
Advancing the AFF4 to the Challenges of Volatile Memory and Single Hashes
Bradley Schatz, Ph.D. (Schatz Forensic)
16:30Teasers For Tool Demos / Poster Sessions (Sign Up On-Site)
18:00Welcome Reception (w/Demos, Posters)
19:30Rodeo
Tuesday, August 8, 2017
Salon G - 6th Floor
9:00Welcome / Announcements
9:05Keynote Address
Brian Hay
10:05Break / Networking
10:30Session IV -Papers: Artefacts & Interpretation 2
Chair: Golden Richard III, Ph.D. (Louisiana State University)
Extending The Sleuth Kit and its Underlying Model for Pooled Storage File System Forensic Analysis
Jan-Niclas Hilgert, Martin Lambertz, and Daniel Plohmann
SCADA Network Forensics of the PCCC Protocol
Saranyan Senthivel, Irfan Ahmed (University of New Orleans), and Vassil Roussev, Ph.D. (University of New Orleans)
Linux Memory Forensics: Dissecting the User Space Process Heap
Frank Block and Andreas Dewald
12:00Lunch (On Your Own)
14:00Session V - Papers: Methodology & Validation
Chair: Tim Vidas, Ph.D. (Carnegie Mellon University)
Gaslight: A Comprehensive Fuzzing Architecture for Memory Forensics Frameworks
Andrew Case (Volexity), Arghya Das, Seung-Jong Park, Ram Ramanujam, Golden Richard III, Ph.D. (Louisiana State University)
Availability of Datasets for Digital Forensics - and What is Missing
Cinthya Grajeda Mendez, Frank Breitinger (University of New Haven), and Ibrahim Baggili (University of New Haven)
15:00Break / Networking
15:30Session VI - Presentations 2
Chair: Josiah Dykstra, Ph.D. (National Security Agency)
Finding Digital Evidence in Mobile Devices
Hans Henseler, Ph.D. (University of Applied Sciences Leiden) and Vince Noort
Memory Based Dynamic Malware Analysis
Endre Bangerter (Bern University of Applied Sciences) and Jonas Wagner
Deleted File Persistence on Digital Media
Jim Jones and Tahir Khan
17:25Boat Ride Banquet
Ride To Austin Paddleboat (Boat Stages behind LCRA Jack Miller Building at
Wednesday, August 9, 2017
Salon F - 6th FloorSalon G - 6th Floor
9:00Session VII - Papers: Analytic Techniques
Chair: Vassil Roussev, Ph.D. (University of New Orleans)
Analyzing User-Event Data Using Score-based Likelihood Ratios with Marked Point Processes
Christopher Galbraith and Padhraic Smyth
Time-of-Recording Estimation for Audio Recordings
Lilei Zheng, Ying Zhang, Chien Eao Lee, and Vrizlynn Thing
Carving Database Storage to Detect and Trace Security Breaches
James Wagner (DePaul University), Alexander Rasin (DePaul University), Boris Glavic, Karen Heart, Jacob Furst, Lucas Bressan, and Jonathan Grier (Grier Forensics)
10:30Break / Networking
10:45Session VIII - Presentations 3
Chair: Matthew Geiger (Qintel)
Pull It Together: Enabling Interoperability of Digital Forensic Systems Using a Standard Representation and Supporting API
Sean Barnum and Ryan Griffith (DC3)
AFIDS: Another Forensic Image Data Set
Mark Guido (The MITRE Corporation), Michael McCarrin, David Baker (DFRWS), Vik Harichandran, and Sam Brothers
Browser Artifacts of Google Drive and Gmail
Elizabeth Schweinsberg (Facebook)
11:45Works In Progress (Signup OnSite)
12:00Closing Comments
12:15Lunch (On Your Own)
13:30Modern Password Cracking Systems Workshop
Sudhir Aggarwal and Shiva Houshmand
Rekall Everywhere - DFIR in the Cloud Workshop
Michael Cohen (Google)
18:00DFRWS 2018 Planning Session