Please note: All times below are in Eastern Daylight Time. Current EDT Time:

Register now!

Monday, July 20, 2020

11:00 to 11:15Opening Remarks
11:15 to 12:00Keynote Address
Lesley Carhart, a Principal Threat Analyst at Dragos, Inc.
12:00 to 12:30Break
12:30 to 13:45Session I: Memory Forensics
Chair: Joe Sylve (BlackBag Technologies)
Hiding Process Memory via Anti-Forensic Techniques
Frank Block (Friedrich-Alexander Universität Erlangen-Nürnberg (FAU) and ERNW Research GmbH), Ralph Palutke (Friedrich-Alexander Universität Erlangen-Nürnberg), Patrick Reichenberger (Friedrich-Alexander Universität Erlangen-Nürnberg (FAU)), and Dominik Stripeika (Friedrich-Alexander Universität Erlangen-Nürnberg (FAU))
Memory Analysis of macOS Page Queues
Andrew Case (Volatility Foundation), Modhuparna Manna (Louisiana State University), Ryan Maggio (Louisiana State University), and Golden Richard (Louisiana State University)
Memory FORESHADOW: Memory FOREnSics of HArDware cryptOcurrency Wallets – A Tool and Visualization Framework
Tyler Thomas (University of New Haven (UNHcFREG)), Mathew Piscitelli (UNHcFREG), Ilya Shavrov (UNHcFREG), and Ibrahim Baggili (UNHcFREG)
13:45 to 14:15Break
14:15 to 15:15Birds of a Feather Breakout Sessions
15:15 to 15:30Break
15:30 to 16:30Presentations I: Validation
Chair: Matthew Geiger (Qintel)
The Potential of Digital Traces in Providing Evidence at Activity Level
Dr. J. Henseler (University of Applied Sciences Leiden) and Prof.dr. C.J. de Poot (Amsterdam University of Applied Sciences, the Police Academy, and VU University of Amsterdam)
Revisiting the Linear Hash
Joe Sylve
I Care, But Where Do I Start? Sharing Knowledge in Digital Forensics
Josh Hickman
16:30Forensic Rodeo Opens

Tuesday, July 21, 2020

11:00 to 11:15Opening Remarks
11:15 to 12:00Keynote Address
Mari DeGrazia, Associate Managing Director at Kroll Cyber Risk
12:00 to 12:30Break
12:30 to 13:45Session II: File System Forensics
Chair: Wietse Venema (Google)
Generic Metadata Time Carving
Rune Nordvik (Norwegian University of Science and Technology (NTNU); Norwegian Police University College), Kyle Porter (NTNU), Fergus Toolan (Norwegian Police University College), Stefan Axelsson (NTNU and Halmstad University), and Katrin Franke (NTNU)
Unifying Metadata-Based Storage Reconstruction and Carving with LAYR
Janine Schneider (Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU)), Hans-Peter Deifel (FAU), Stefan Milius (FAU), and Felix Freiling (FAU)
An Empirical Study of the NTFS Cluster Allocation Behavior Over Time
Martin Karresand (Norwegian University of Science and Technology (NTNU); Swedish Defence Research Agency (FOI)), Stefan Axelsson (NTNU and Norwegian Defence Cyber Academy (NDCA)), and Geir Olav Dyrkolbotn (Halmstad University)
13:45 to 14:15Break
14:15 to 14:45Lightning Talks
14:45 to 15:00Break
15:00 to 16:45Pub Quiz including Best Paper Award

Wednesday, July 22, 2020

11:00 to 12:00Presentations II: Development
Chair: Alex Nelson (NIST)
Integrating GRR Rapid Response with Graylog Extended Log Format
Jacob Brown
Forensic Readiness Framework for 3D Printing Process: A Case Study of Ultimaker 3
Muhammad Haris Rais (Virginia Commonwealth University), Ye Li (Bradley University), and Irfan Ahmed (Virginia Commonwealth University)
iLEAPP & ALEAPP: Parse and validate mobile forensic artifacts with Python
Alexis Brignoni
12:00 to 12:30Break
12:30 to 13:45Session III: Knowledge Aggregation
Chair: Frank Adelstein (NFA Digital)
Is My Digital Forensics Professor Better in Virtual Reality (VR)? – Exploring Learning in VR Versus the Physical World
Courtney Hassenfeldt (University of New Haven (UNHcFREG)), Jillian Jacques (UNHcFREG), and Ibrahim Baggili (UNHcFREG)
Statistical Methods for the Forensic Analysis of Geolocated Event Data
Christopher Galbraith (Department of Statistics, University of California, Irvine), Padhraic Smyth (Department of Computer Science, University of California, Irvine), and Hal S. Stern (Department of Statistics, University of California, Irvine)
VIDE - Vault App Identification and Extraction System for iOS Devices
Gokila Dorai (Augusta University), Sudhir Aggarwal (Florida State University), Neet Patel (Florida State University), and Charisa Powell (Florida State University)
13:45 to 14:15Break
14:15 to 15:15Birds of a Feather Breakout Sessions
15:15 to 15:30Break
15:30 to 16:10Presentations III: Analysis
Chair: Dave Loveall (FBI)
Putting a User Behind an iOS Device
Heather Mahalik
Investigating Windows Subsystem for Linux (WSL) Endpoints
Asif Matadar
16:10Reception

Thursday, July 23, 2020

11:00 to 12:15Session IV: Acquisition and Decoding
Chair: Golden G. Richard III (LSU)
Facilitating Electromagnetic Side-Channel Analysis for IoT Investigation: Evaluating the EMvidence Framework
Asanka Sayakkara (University College Dublin), Nhien An Le Khac (University College Dublin), and Mark Scanlon (University College Dublin)
Control Logic Forensics Framework using Built-in Decompiler of Engineering Software in Industrial Control Systems
Syed Ali Qasim (Virginia Commonwealth University), Jared Smith (Oak Ridge National Laboratory), and Irfan Ahmed (Virginia Commonwealth University)
Certificate Injection-based Encrypted Traffic Forensics in AI Speaker Ecosystem
Yeonghun Shin (Ajou University), Hyungchan Kim (Ajou University), Sungbum Kim (Ajou University), Dongkyun Yoo (Ajou University), Wooyeon Jo (Ajou University), and Taeshik Shon (Ajou University)
12:15 to 12:30Break
12:30 to 13:00Lightning Talks
13:00 to 13:30Closing Remarks
13:30 to 14:15Rodeo Results
14:15 to 14:30Break
14:30 to 18:30WORKSHOP: Performing Linux Forensic Analysis and Why You Should Care
Ali H. Hadi, Ph.D., Champlain College
WORKSHOP: How Security Ninjas whisper the Sigma sounds
Roberto Martinez (Kaspersky, GReAT Mexico) and Ido Naor (Kaspersky, GReAT Israel)

Friday, July 24, 2020