Please note: All times below are in Central Daylight Time.
For clarity, the current time in Baton Rouge, LA is:
Please find our tentative program items below the table. Schedules are still work in progress.
Schedule of Events
| Times are in Central Daylight Time (CDT) | |||
|---|---|---|---|
| Monday, July 8 | Day 1 | ||
| Women in Forensic Computing Workshop: LSU Center for Computation and Technology (CCT) LSU Digital Media Center 888 S. Stadium Drive Baton Rouge LA 70808 | A workshop for women starting their careers in forensic computing. There will be talks, a training, a panel, all from DFIR experts, and plenty of opportunity to meet and network with your peers. Spots are limited, and the schedule and event information will be emailed to participants the week prior. To register, please fill out this form: https://forms.gle/h3rGUT5Wk8faJtai7. For any questions, please contact raphaela@dfrws.org | ||
| Tuesday, July 9 | Day 2 | ||
| Patrick F. Taylor Hall - LSU College of Engineering 3304 S. Quad Drive, Baton Rouge, LA and 70803 | |||
| 08:00 | Registration opens | ||
| Parallel session | |||
| 08:30 | WORKSHOP 1: Third-Party App Analysis Methodologies in Mobile Forensics by Jessica Hyde PFT Room 1256 | WORKSHOP 2: Modern Memory Forensics with Volatility 3 by Andrew Case, Christopher Bowen and Lauren Pace PFT Room 1245 | WORKSHOP 3: Threat Simulations - a Hands-on Investigation by Ali Hadi and Mariam Khader PFT Room 1259 |
| 12:30 | Lunch (1 hour) Capstone Gallery, Patrick F. Taylor Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | ||
| 13:30 | WORKSHOP 4: Footsteps in the dark: Feeling our way to IoT device takeover via NVRAM forensics by Anthony Andreoli, Anis Lounis, Mourad Debbabi and Aiman Hanna PFT Room 1245 | WORKSHOP 5: Internal Investigation by Ali Hadi and Mariam Khader PFT Room 1259 | |
| 17:30 | End of Day | ||
| 18:00 | LSU Stadium Tour LSU Tiger Stadium, Nicholson Drive, LSU Campus Baton Rouge, LA 70803 | Meeting point and Trolley Transportation - RM 1202, Patrick F. Taylor Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | |
| 19:00 | Welcome Reception in the Barnes Ogden Art & Design Complex, Louisiana State University, Campus, Baton Rouge, LA 70803 | ||
| Wednesday, July 10 | Day 3 | ||
| RM 1202, Patrick F. Taylor (PFT) Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | |||
| 08:30 | Registration opens | ||
| 09:00 | Welcome remarks | ||
| 09:15 | Session Chair: Aisha Ali-Gombe, Louisiana State University Keynote: Digital Forensics and Incident Response for Critical Infrastructure by Chris Sistrunk, Technical Leader, ICS/OT, Mandiant | ||
| 10:30 | Break (30 minutes) | ||
| 11:00 | Paper Session: IoT Forensics (30 minutes per slot) | ||
| Session Chair: Heng Yin, University of California, Riverside | |||
| Enhancing Speaker Identification in Criminal Investigations through Clusterization and Rank-based Scoring by Antonio Artur Moura, Napoleão Nepomuceno and Vasco Furtado | |||
| MARS: The First Line of Defense for IoT Incident Response by Karley Waguespack, Kaitlyn Smith, Olame Muliri, Ramyapandian Vijayakanthan and Aisha Ali-Gombe | |||
| Started Off Local, Now We’re in the Cloud: Forensic Examination of the Amazon Echo Show 15 Smart Display by Jona Crasselt and Gaston Pugliese | |||
| 12:30 | Lunch (1 hour and 30 minutes) Capstone Gallery, Patrick F. Taylor Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | ||
| 14:00 | Paper Session: Data Provenance (30 minutes per slot) | ||
| Session Chair: Wietse Venema | |||
| Compiler-provenance identification in obfuscated binaries using vision transformers by Wasif Khan, Saed Alrabaee, Jie Tang and Kim-Kwang Raymond Choo | |||
| Applying Digital Stratigraphy to the Problem of Recycled Storage Media by Janine Schneider, Maximilian Eichhorn, Lisa Marie Dreier and Christopher Hargreaves | |||
| 15:00 | Break (30 minutes) | ||
| 15:30 | Presentation Session (20 minutes per slot) | ||
| Session Chair: Frank Adelstein, Hexordia | |||
| Mission Impossible: International Waters by Joseph Jaubert | |||
| Digital Forensics Framework for Resolving Multi-Tenancy in Cloud Computing by Deepti Gupta and Yansi Keim | |||
| Enhancing Ransomware Detection with ETW and Machine Learning by Omar Awajan and Ali Hadi | |||
| 16:30 | Panel Chair: Ibrahim Baggili Panel - Digital Evidence Management by Louisiana Police Panelists: Technical Support Officer Rand y Hidalgo - LA Police Technical Support Officer Malcolm Brown - LA Police Lt. William Moragne - LA Police Stephen Villere - Cellebrite Cory Hall - Project Vic | ||
| 17:30 | Forensic Rodeo Prep Session | ||
| 18:45 | Poster / Networking - Cambre Atrium - Patrick F. Taylor Hall | ||
| Thursday, July 11 | Day 4 | ||
| RM 1202, Patrick F. Taylor (PFT) Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | |||
| 09:00 | Administrative remarks | ||
| 09:15 | Session Chair: Irfan Ahmed, Virginia Commonwealth University Keynote: The View from the Edge: Detecting and Responding to Cyber Attacks Against Controllers in Critical Infrastructure by Dr. Tommy Morris, Director, Center for Cybersecurity Research and Education, Eminent Scholar and Professor, Electrical and Computer Engineering, The University of Alabama in Huntsville | ||
| 10:30 | Break (30 minutes) | ||
| 11:00 | Paper Session: Memory Forensics 1 (30 minutes per slot) | ||
| Session Chair: Taesic Kim, Texas A&M University-Kingsville | |||
| On Enhancing Memory Forensics with FAME: Framework for Advanced Monitoring and Execution by Taha Gharaibeh, Ibrahim Baggili and Anas Mahmoud | |||
| A Step in a New Direction: NVIDIA GPU Kernel Driver Memory Forensics by Christopher Bowen, Andrew Case, Golden Richard III and Ibrahim Baggili | |||
| volGPT: Evaluation on triaging ransomware process in memory forensics with Large Language Model by Dong Bin Oh, Donghyun Kim, Donghyun Kim and Huy Kang Kim | |||
| 12:30 | Lunch + Birds of a Feather (1 hour and 30 minutes) | ||
| 14:00 | Paper Session: Event Reconstruction (30 minutes per slot) | ||
| Session Chair: Sankardas Roy, Bowling Green State University | |||
| Beyond Timestamps: Integrating Implicit Timing Information into Digital Forensic Timelines by Lisa Marie Dreier, Céline Vanini, Frank Breitinger, Christopher Hargreaves and Felix Freiling | |||
| Time anchors: A formalization of concepts for establishing clock accuracy during event reconstruction by Céline Vanini, Chris Hargreaves, Harm van Beek and Frank Breitinger | |||
| Hit and Run: Forensic Vehicle Event Reconstruction Through Driver-Based Cloud Data From Progressive’s Snapshot Application by Abdur Rahman Onik, Abdulla Asad, Trevor T Spinosa and Ibrahim Baggili | |||
| 15:30 | Break (30 minutes) | ||
| 16:00 | Panel Chair: Pavel Gladyshev, University College Dublin Panel - Formal Methods in Digital Forensics | Panel Members 1. Dr. Alexander Nelson, National Institute of Standards and Technology, U.S.A. Dr. Alex Nelson is a Computer Scientist at NIST. Dr. Nelson has a dual B.A./B.S. in Mathematics and Computer Science from The Evergreen State College, and a M.S. and Ph.D. in Computer Science from the University of California, Santa Cruz. Dr. Nelson's research emphasizes foundational measurability of digital forensic processes. Since 2017, Dr. Nelson served as the inaugural CASE Ontology Committee Chair, currently serves as the UCO Ontology Committee Chair, and has had substantial input and experience in the CDO Adoption Committee. Dr. Nelson is a coauthor on multiple CASE publications, and has established many policies to enable the CDO ontologies' release processes and resource development. 2. Dr. Harm van Beek, Netherlands Forensic Institute, The Netherlands Harm van Beek is an experienced Senior Digital-Forensic Scientist at the Netherlands Forensic Institute (NFI). His work consists of performing examinations in criminal cases and conducting scientific research in the digital forensic field. Harm is cofounder of the forensic investigation, innovation and knowledge sharing platform Hansken. He was technical director of CASE, an international standard for sharing cyber-investigation traces (2019-2020). Harm obtained his PhD in formal methods (computer science, 2005) at the Eindhoven University of Technology. Before joining the NFI, he was cofounder and CTO of ISAAC, a company dedicated to developing middleware and software for the Internet. 3. Dr. Jan Gruber, Friedrich-Alexander University Erlangen-Nürnberg, Germany. Jan Gruber is a postdoctoral researcher in the "forensic computing group" at the IT security infrastructures lab of FAU Erlangen-Nürnberg, Germany. His research and teaching focus on digital forensics and cybercriminalistics---fields in which he gathered practical experience before joining academia. His primary interest currently revolves around the foundational qualities of digital traces and their effective use in digital investigations. He obtained his doctorate in spring 2024 and holds an M.Sc. in the subject of "Digital Forensics" (2021) as well as another one in the subject of "Computer Science & Media" (2016). 4. Dr. Pavel Gladyshev, University College Dublin, Ireland Dr. Pavel Gladyshev is an Associate Professor at the School of Computer Science of University College Dublin (Ireland), where he started cybercrime investigation training courses for law enforcement in 1998. Later, he established the MSc program in Forensic Computing and Cybercrime Investigation in 2007. More recently, in 2021/2022, he led the development of the INTERPOL online Digital Forensics training Programme. Dr Gladyshev has worked as a digital forensic consultant, carrying out work for the Irish private sector and the police since 2005. As a researcher, Dr Gladyshev pioneered formal methods in digital forensics by proposing the first formalisation of event reconstruction problems in the early 2000s. Dr Gladyshev is a vice-chair of the board of directors of DFRWS.org. | |
| 17:15 | Board of Directors update | ||
| 17:30 | Lighting Talks | ||
| 18:30 | The Gala Dinner - Awards Banquet and Forensics Rodeo - Huey P Long Fieldhouse - LSU Campus - 50 Fieldhouse Drive Meeting point and Trolley Transportation - RM 1202, Patrick F. Taylor Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | ||
| Friday, July 12 | Day 5 | ||
| RM 1202, Patrick F. Taylor (PFT) Building, Louisiana State University, Campus, Baton Rouge, LA 70803 | |||
| 09:00 | Paper Session: Memory Forensics 2 (30 minutes per slot) | ||
| Session Chair: Andrew Case, Volexity | |||
| In the Time Loop: Data Remanence in Main Memory of Virtual Machines by Ella Savchenko, Jenny Ottmann and Felix Freiling | |||
| TLS Key Material Identification and Extraction in Memory: Current State and Future Challenges by Daniel Baier, Alexander Basse, Jan-Niclas Hilgert and Martin Lambertz | |||
| Decrypting IndexedDB in Private Mode of Gecko-based Browsers by Dohun Kim, Jungheum Park and Sangjin Lee | |||
| 10:30 | Break (30 minutes) | ||
| 11:00 | Presentation Session (20 minutes per slot) | ||
| Session Chair: Andrew Webb, Louisiana State University | |||
| A 20-year retrospective review of baccalaureate programs in Computer Forensics in the U.S. by Jigang Liu | |||
| Crime-Intent Sentiment Detection on Twitter Data Using Machine Learning by Biodoumoye Bokolo | |||
| 11:40 | Closing remarks | ||
| 11:45 | Board Bus for Expedition and Planning Lunch at Middendorfs (https://middendorfsrestaurant.com/) | ||
| 13:00 - 14:30 | The Planning Lunch is open to anyone who wants to actively participate in DFRWS. We will discuss strategies for continuously improving DFRWS and plan for the USA 2025 event (25th Anniversary) and beyond. (Pay On your Own) | ||
| 14:45 | Board Boat - Cajun Pride Swamp Tour (https://www.cajunprideswamptours.com/) | ||
| 16:25 | Board Bus for direct return to Baton Rouge or drop off to (New Orleans / MSY airport) | ||
| 16:45 | 1st DFRWS Expedition Bus Stops at New Orleans Airport (MSY) before returning to LSU | ||
| 17:25 - 17:55 | Buses return to Baton Rouge | ||
| 18:00 | DFRWS Expedition ends | ||
| 19:00 | Unofficial GetTogether (on your own) | ||