Please note: All times below are in Central Daylight Time.
For clarity, the current time in Baton Rouge, LA is:
Please find our tentative program items below the table. Schedules are still work in progress.
Schedule of Events
| Times are in Central Daylight Time (CDT) | |||
|---|---|---|---|
| Monday, July 8 | Day 1 | ||
| Women in Forensic Computing Workshop | A workshop for women starting their careers in forensic computing. There will be talks, a training, a panel, all from DFIR experts, and plenty of opportunity to meet and network with your peers. Spots are limited, and the schedule and event information will be emailed to participants the week prior. To register, please fill out this form: https://forms.gle/h3rGUT5Wk8faJtai7. For any questions, please contact raphaela@dfrws.org | ||
| Tuesday, July 9 | Day 2 | ||
| 08:00 | Registration opens | ||
| Parallel session | |||
| 08:30 | WORKSHOP 1: Third-Party App Analysis Methodologies in Mobile Forensics by Jessica Hyde | WORKSHOP 2: Modern Memory Forensics with Volatility 3 by Andrew Case, Christopher Bowen and Lauren Pace | WORKSHOP 3: Threat Simulations - a Hands-on Investigation by Ali Hadi and Mariam Khader |
| 12:30 | Lunch (1 hour) | ||
| 13:30 | WORKSHOP 4: Footsteps in the dark: Feeling our way to IoT device takeover via NVRAM forensics by Anthony Andreoli, Anis Lounis, Mourad Debbabi and Aiman Hanna | WORKSHOP 5: Internal Investigation by Ali Hadi and Mariam Khader | |
| 17:30 | End of Day | ||
| 18:00 | LSU Stadium Tour and Welcome Reception | ||
| Wednesday, July 10 | Day 3 | ||
| 08:30 | Registration opens | ||
| 09:00 | Welcome remarks | ||
| 09:15 | Session Chair: Aisha Ali-Gombe, Louisiana State University Keynote: Digital Forensics and Incident Response for Critical Infrastructure by Chris Sistrunk, Technical Leader, ICS/OT, Mandiant | ||
| 10:30 | Break (30 minutes) | ||
| 11:00 | Paper Session: IoT Forensics (30 minutes per slot) | ||
| Session Chair: Heng Yin, University of California, Riverside | |||
| Enhancing Speaker Identification in Criminal Investigations through Clusterization and Rank-based Scoring by Antonio Artur Moura, Napoleão Nepomuceno and Vasco Furtado | |||
| MARS: The First Line of Defense for IoT Incident Responsee by Karley Waguespack, Kaitlyn Smith, Olame Muliri, Ramyapandian Vijayakanthan and Aisha Ali-Gombe | |||
| Started Off Local, Now We’re in the Cloud: Forensic Examination of the Amazon Echo Show 15 Smart Display by Jona Crasselt and Gaston Pugliese | |||
| 12:30 | Lunch (1 hour and 30 minutes) | ||
| 14:00 | Paper Session: Data Provenance (30 minutes per slot) | ||
| Session Chair: Wietse Venema | |||
| Compiler-provenance identification in obfuscated binaries using vision transformers by Wasif Khan, Saed Alrabaee, Jie Tang and Kim-Kwang Raymond Choo | |||
| Applying Digital Stratigraphy to the Problem of Recycled Storage Media by Janine Schneider, Maximilian Eichhorn, Lisa Marie Dreier and Christopher Hargreaves | |||
| 15:00 | Break (30 minutes) | ||
| 15:30 | Presentation Session (20 minutes per slot) | ||
| Session Chair: Frank Adelstein, Hexordia | |||
| Mission Impossible: International Waters by Joseph Jaubert | |||
| Digital Forensics Framework for Resolving Multi-Tenancy in Cloud Computing by Deepti Gupta and Yansi Keim | |||
| Enhancing Ransomware Detection with ETW and Machine Learning by Omar Awajan and Ali Hadi | |||
| 16:30 | Panel Chair: Greg Trahan, Louisiana State University Panel - Digital Evidence Management by Louisiana Police | ||
| 17:30 | Forensic Rodeo Prep Session | ||
| 18:45 | Poster / Networking | ||
| Thursday, July 11 | Day 4 | ||
| 09:00 | Administrative remarks | ||
| 09:15 | Session Chair: Irfan Ahmed, Virginia Commonwealth University Keynote: The View from the Edge: Detecting and Responding to Cyber Attacks Against Controllers in Critical Infrastructure by Dr. Tommy Morris, Director, Center for Cybersecurity Research and Education, Eminent Scholar and Professor, Electrical and Computer Engineering, The University of Alabama in Huntsville | ||
| 10:30 | Break (30 minutes) | ||
| 11:00 | Paper Session: Memory Forensics 1 (30 minutes per slot) | ||
| Session Chair: Taesic Kim, Texas A&M University-Kingsville | |||
| On Enhancing Memory Forensics with FAME: Framework for Advanced Monitoring and Execution by Taha Gharaibeh, Ibrahim Baggili and Anas Mahmoud | |||
| A Step in a New Direction: NVIDIA GPU Kernel Driver Memory Forensics by Christopher Bowen, Andrew Case, Golden Richard III and Ibrahim Baggili | |||
| volGPT: Evaluation on triaging ransomware process in memory forensics with Large Language Model by Dong Bin Oh, Donghyun Kim, Donghyun Kim and Huy Kang Kim | |||
| 12:30 | Lunch + Birds of a Feather (1 hour and 30 minutes) | ||
| 14:00 | Paper Session: Event Reconstruction (30 minutes per slot) | ||
| Session Chair: Sankardas Roy, Bowling Green State University | |||
| Beyond Timestamps: Integrating Implicit Timing Information into Digital Forensic Timelines by Lisa Marie Dreier, Céline Vanini, Frank Breitinger, Christopher Hargreaves and Felix Freiling | |||
| Time anchors: A formalization of concepts for establishing clock accuracy during event reconstruction by Céline Vanini, Chris Hargreaves, Harm van Beek and Frank Breitinger | |||
| Hit and Run: Forensic Vehicle Event Reconstruction Through Driver-Based Cloud Data From Progressive’s Snapshot Application by Abdur Rahman Onik, Abdulla Asad, Trevor T Spinosa and Ibrahim Baggili | |||
| 15:30 | Break (30 minutes) | ||
| 16:00 | Panel Chair: Pavel Gladyshev, University College Dublin Panel - Formal Methods in Digital Forensics | ||
| 17:15 | Board of Directors update | ||
| 17:30 | Lighting Talks | ||
| 18:30 | The Gala Dinner - Awards Banquet and Forensics Rodeo (Huey Long Fieldhouse) | ||
| Friday, July 12 | Day 5 | ||
| 09:00 | Paper Session: Memory Forensics 2 (30 minutes per slot) | ||
| Session Chair: Andrew Case, Volexity | |||
| In the Time Loop: Data Remanence in Main Memory of Virtual Machines by Ella Savchenko, Jenny Ottmann and Felix Freiling | |||
| TLS Key Material Identification and Extraction in Memory: Current State and Future Challenges by Daniel Baier, Alexander Basse, Jan-Niclas Hilgert and Martin Lambertz | |||
| Decrypting IndexedDB in Private Mode of Gecko-based Browsers by Dohun Kim, Jungheum Park and Sangjin Lee | |||
| 10:30 | Break (30 minutes) | ||
| 11:00 | Presentation Session (20 minutes per slot) | ||
| Session Chair: Andrew Webb, Louisiana State University | |||
| A 20-year retrospective review of baccalaureate programs in Computer Forensics in the U.S. by Jigang Liu | |||
| Crime-Intent Sentiment Detection on Twitter Data Using Machine Learning by Biodoumoye Bokolo | |||
| 11:40 | Closing remarks | ||
| 11:45 | Board Bus for Expedition and Planning Lunch at Middendorfs (https://middendorfsrestaurant.com/) | ||
| 13:00 - 14:30 | The Planning Lunch is open to anyone who wants to actively participate in DFRWS. We will discuss strategies for continuously improving DFRWS and plan for the USA 2025 event (25th Anniversary) and beyond. (Pay On your Own) | ||
| 14:45 | Board Boat - Cajun Pride Swamp Tour (https://www.cajunprideswamptours.com/) | ||
| 16:25 | Board Bus for direct return to Baton Rouge or drop off to (New Orleans / MSY airport) | ||
| 16:45 | 1st DFRWS Expedition Bus Stops at New Orleans Airport (MSY) before returning to LSU | ||
| 17:25 - 17:55 | Buses return to Baton Rouge | ||
| 18:00 | DFRWS Expedition ends | ||
| 19:00 | Unofficial GetTogether (on your own) | ||