Sunday, July 15, 2018
Grand Ballroom BGrand Ballroom C
13:00 to 15:00Getting Saucy with APFS! - The State of Apple’s New File System
Sarah Edwards (SANS Institute)
Linux Memory Forensics
Hal Pomeranz (Deer Run Associates)
15:00 to 17:00Examining Recent Advances in Chip-Off for Mobile Device Forensics
Steve Watson (VTO Labs)
Monday, July 16, 2018
Grand Ballroom (B&C)
9:00Opening Remarks
9:15Keynote Address
Prof. Eugene Spafford
Purdue University
10:15Break
10:30Session 1 - Analysis
Chair: Golden Richard III, Ph.D. (Louisiana State University)
Memory Forensics and the Windows Subsystem for Linux
Nathan Lewis, Andrew Case (Volexity), Aisha Ali-Gombe, and Golden Richard III, Ph.D. (Louisiana State University)

Best Student Paper Award USA 2018
Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification
Manish Bhatt (University of New Orleans) and Irfan Ahmed (University of New Orleans)
Forensic Analysis of Multiple Device BTRFS Configurations Using The Sleuth Kit
Jan-Niclas Hilgert, Martin Lambertz, and Shujian Yang

Best Paper Award at USA 2018
12:00Lunch On Your Own
14:00Session 2 - Artifacts
Chair: Wietse Venema, Ph.D. (Google)
Reconstructing Streamed Video Content: A Case Study on YouTube and Facebook Live Stream Content in the Chrome Web Browser Cache
Graeme Horsman
Welcome pwn: Almond Smart Home Hub Forensics
Akshay Awasthi, Huw Read, Iain Sutherland, and Konstantinos Xynos
Experience Constructing the Artifact Genome Project (AGP): Managing the Domain's Knowledge One Artifact at a Time
Cinthya Grajeda Mendez, Laura Sanchez, Ibrahim Baggili (University of New Haven), Devon Clark, and Frank Breitinger (University of Liechtenstein)
15:30Break
16:00Presentations 1
Chair: Frank Adelstein, Ph.D. (NFA Digital)
IoT 4n6: The Growing Impact of IoT on Digital Forensics
Jessica Hyde (George Mason University / Magnet Forensics )
Was the 2016 Election Hacked? Your Forensic Expertise is Needed!
Suzanne Mello-Stark
16:30 to 16:45One Minute Teasers for Poster Sessions / Tool Demos
(sign-up on-site)
18:00Welcome Reception & Poster / Demos
Held offsite at Skyline at Waterplace
Tuesday, July 17, 2018
Grand Ballroom (B&C)
9:00Administrative Remarks
9:05Keynote Address
Captain John C Alfred
Rhode Island State Police
9:55Best Awards
10:00Break
10:15Session 3 – Mobile
Chair: Alex Nelson, Ph.D. (NIST)
Automated Forensic Analysis of Mobile Applications on Android Devices
Xiaodong Lin, Ph.D. (Wilfrid Laurier University), Ting Chen, Tong Zhu, Kun Yang, and Fengguo Wei
DroidKex: Fast Extraction of Ephemeral TLS Keys from the Memory of Android Apps
Benjamin Taubmann, Omar Al Abduljaleel, and Hans Reiser
Digital Forensic Investigation of Two-Way Radio Communication Equipment and Services
Arie Kouwen, Mark Scanlon, Ph.D. (University College Dublin), Kim-Kwang Raymond Choo, and Nhien An Le Khac (University College Dublin)
12:00Lunch On Your Own
14:00Session 4 – Techniques
Chair: Vassil Roussev, Ph.D. (University of New Orleans)
Analyzing the DarkNetMarkets Subreddit for Evolutions of Tools and Trends Using LDA Topic Modeling
Kyle Porter
Who Watches the Watcher? Detecting Hypervisor Introspection from Unprivileged Guests
Tomasz Tuzel, Mark Bridgman, and Joshua Zepf
15:00Break
15:30Presentations 2
Chair: Elizabeth Schweinsberg (Facebook)
Turbinia: Automation of Forensic Processing in the Cloud
Thomas Chopiteaand Aaron Peterson
Drone Forensics Program
Steve Watson (VTO Labs)
16:30 to 17:00Forensic Challenge and Prizes
18:00Banquet
19:30Forensic Rodeo
Wednesday, July 18, 2018
Grand Ballroom CGrand Ballroom B
9:00Session 5 – Malware
Chair: Joe Sylve, Ph.D. (BlackBag Technologies)
Multinomial Malware Classification Via Low-level Features
Sergii Banin and Geir Olav Dyrkolbotn (NTNU)
Deep Learning at the Shallow End: Malware Classification for Non-Domain Experts
Quan Le, Oisin Boydell, and Mark Scanlon, Ph.D. (University College Dublin)
CGC Monitor: A Vetting System for the DARPA Cyber Grand Challenge
Michael Thompson and Timothy Vidas
10:30Break
10:45Presentations 3
Chair: Bradley Schatz, Ph.D. (Schatz Forensic)
Using Santa to Augment Forensic Investigations
James Nettesheim and Gary Brown
Damaged Device Forensics
Steve Watson (VTO Labs)
Adding APFS Support to The Sleuthkit Framework
Joe Sylve, Ph.D. (BlackBag Technologies)
11:45Works in Progress (sign-up on-site)
Chair:
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
12:00Closing Comments
12:20Lunch On Your Own
13:30 to 17:30Plaso: The Missing Manual
Mark Hallman (SANS Institute)
Android Forensics and Reverse Engineering
Trevor Haigh (University of New Haven)Frank Breitinger (University of Liechtenstein)
18:00DFRWS 2019 Planning Session