Shortcuts – Jump to:
Sat | Sun | Mon | Tue | Wed | Thu
Accepted Workshops | Accepted Papers | Accepted Presentations| Accepted MM Track
Main Page
Sign up for the conference: Registration
For clarity, the current time in Arlington, VA is:
Please note: This is the preliminary program, which is subject to change.
Saturday, July 25, 2026
Workshop Day 1
| Time | Event | Workshop Track 1 |
|---|---|---|
| Workshop Room 1 | ||
| 08:45 to 09:00 | Registration (location TBD) |
|
| 09:00 to 12:30 | Workshop Session 1 – Part I | Applied
Digital Forensics Techniques Workshop for Crimes Against Children Investigators and Forensics
Examiners Cory Hall, Martin Westman |
| 12:30 to 13:30 | Lunch (location TBD) |
|
| 13:30 to 16:30 | Workshop Session 1 – Part II | |
Sunday, July 26, 2026
Workshop Day 2
| Time | Event | Workshop Track 1 |
|---|---|---|
| Workshop Room 1 | ||
| 08:45 to 09:00 | Registration (location TBD) |
|
| 09:00 to 12:30 | Workshop Session 1 – Part III | Applied
Digital Forensics Techniques Workshop for Crimes Against Children Investigators and Forensics
Examiners Cory Hall, Martin Westman |
| 12:30 to 13:30 | Lunch (location TBD) |
|
| 13:30 to 16:30 | Workshop Session 1 – Part IV | |
Monday, July 27, 2026
Workshop Day 3
| Time | Event | Workshop Track 1 | Workshop Track 2 |
|---|---|---|---|
| Workshop Room 1 | Workshop Room 2 | ||
| 08:00 to 09:00 | Registration (location TBD) |
||
| 09:00 to 10:45 | Workshop Session 2 – Part I (1:45h) | Root-Cause Analysis of IoT Vulnerabilities Anthony Andreoli, Mourad Debbabi, Aiman Hanna |
Sysdiagnose and Unified Logs 101 Jessica Hyde, Elizabeth McPherson |
| 10:45 to 11:00 | Coffee Break | ||
| 11:00 to 12:45 | Workshop Session 2 – Part II (1:45h) | ||
| 12:45 to 13:45 | Lunch (location TBD) |
||
| 13:45 to 15:30 | Workshop Session 3 – Part I (1:45h) | Built To Fall: How Unmanned System’s Protocol Vulnerabilities become Anti-Forensic enablers Evangelos Mantas |
Chain of Infection Detection: A Hands-On Workshop on Cross-Domain Forensic Artefact Correlation Gaurav Gogia, Priyanka Singh, Parag Rughani |
| 15:30 to 15:45 | Coffee Break | ||
| 15:45 to 17:30 | Workshop Session 3 – Part II (1:45h) | ||
| 17:45 | Welcome Reception WOOD & IRON (adjacent to the conference venue) https://www.woodandirongameday.com/ |
||
Tuesday, July 28, 2026
Conference Day 1
| Time | Event | Main Conference Room |
|---|---|---|
| 08:00 to 09:00 | Registration | |
| 09:00 to 09:30 | Welcome Address | |
| 09:30 to 10:30 | Keynote (1h) | TBD |
| 10:30 to 11:15 | Coffee Break with Networking | |
| 11:15 to 12:30 | Paper Session I: Benchmarking, reproducibility and datasets | |
| paper (25m) | The
Enemy of Reproducibility is Opacity: What’s Inside the Elliptic Bitcoin Dataset (and Why It Is
Wrong) Miroslav Šafář, Jan Pluskal, Vladimír Veselý and Ondřej Ryšavý |
|
| paper (25m) | Plug
and Fake: On automatic forensic dataset generation of USB traces Dennis Wolf, Lena Voigt and Harald Baier |
|
| paper (25m) | SoK: What
does it Mean to Benchmark Database Forensics? Ben Lenard, Alexander Rasin and James Wagner |
|
| 12:30 to 14:00 | Lunch (location TBD) |
Birds of a Feather (online) |
| 14:00 to 15:20 | Paper Session II: LLMs, automation and modern tooling | |
| paper (25m) | Rusting
Volatility: Accelerating Memory Forensics through LLM-Assisted Cross-Language Migration Taha Gharaibeh and Ibrahim Baggili |
|
| paper (25m) | Do
you dare to try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE Michael Külper, Martin Lambertz and Mariia Rybalka |
|
| paper (25m) | Advancing
Reliable Synthetic Video Detection: Insights from the SAFE Challenge Kirill Trapeznikov, Gabriel Mancino-Ball, Jonathan Li, Paul Cummer, Jai Aslam, Michael Davinroy, Peter Bautista, Laura Cassani, Danial Samadi Vahdati, Tai Nguyen, Matthew C. Stamm and Jill Chrisman |
|
| 15:20 to 16:00 | Coffee Break with Networking | |
| 16:00 to 17:15 | Paper Session III: Memory acquisition and analysis | |
| paper (25m) | I
Guess it is Correct – A Survey about Acquiring and Analyzing Main Memory Lisa Rzepka, Benedikt Mader, Zinaida Benenson and Harald Baier |
|
| paper (25m) | Memory
Forensics Techniques for Automated Detection and Analysis of Go Malware Hala Ali, Andrew Case and Irfan Ahmed |
|
| paper (25m) | With
or Without Logs: Reconstructing Model Context Abdus Satter, Makei Salmon, Lara Muhanna, Trevor Spinosa, Taha Gharaibeh and Ibrahim Baggili |
|
| 17:15 to 17:30 | Lightning Talks I | |
| 17:30 to 17:40 | Closing Words | |
| 17:40 to 19:00 | Time on your own | |
| 19:00 to 23:00 | Banquet, DFRWS Awards Ceremony & Digital Forensics Rodeo (location TBD) |
|
Wednesday, July 29, 2026
Conference Day 2
| Time | Event | Main Conference Room |
|---|---|---|
| 08:00 to 09:00 | Registration | |
| 09:00 to 10:00 | Keynote (1h) | TBD |
| 10:00 to 10:30 | Presentation Session I | |
| presentation (15m) | Watching the Watchers: Forensic Analysis of Body-Worn Camera BLE Artifacts Clare Duffy and Josue Rocha |
|
| presentation (15m) | Detecting organized sex exploitation networks through analysis of online ads Clara Page and Timothy Bollé |
|
| 10:30 to 11:15 | Coffee Break with Networking | |
| 11:15 to 12:30 | Session IV: Anti-forensics, evasion and forensic readiness | |
| paper (25m) | SoK:
Anti-Forensics Evolution, Platform Coverage, and Mobile Residual Evidence Uju Okoye, Roohana Karim, Abdur Rahman Onik and Ibrahim Baggili |
|
| paper (25m) | Mind
the Slack? Reassessing the Relevance of File Slack in Modern Forensic Investigations Jan-Niclas Hilgert and Anton Schwietert |
|
| paper (25m) | Digital
Forensic Readiness of Regulated Medical Devices: An Empirical Study of the GE Venue Ultrasound
System Muhammad Shaharyar Yaqub, Wooyeon Jo, Tameer Nadeem, Erdem Topsakal and Irfan Ahmed |
|
| 12:30 to 14:00 | Lunch (location TBD) |
Birds of a Feather (online) |
| 14:00 to 15:30 | Paper Session V: Forensic readiness of emerging systems and devices | |
| paper (25m) | Forensic
Analysis of Container Snapshot Chains for Post-Event Reconstruction Radostin Stoyanov, Lorena Goldoni, Adrian Reber, Christopher Hargreaves and Rodrigo Bruno |
|
| paper (25m) | From
Dockets to Docker: Engineering Realistic Forensic Scenarios for Onion Service
Investigations Pascal Tippe, Daniel Spiekermann and Adrian Tippe |
|
| Presentation Session II | ||
| presentation (15m) | Digital Forensics Artifact Catalog Doug White and Austin Snelick |
|
| Short Presentations of Posters (2m per poster) |
||
| 15:30 to 16:15 | Coffee Break with Networking | |
| 16:15 to 17:15 | Panel Discussion | |
| TBA | ||
| 17:15 to 17:30 | Lightning Talks II | |
| 17:30 to 17:40 | Closing Words | |
| 17:40 to 19:30 | Time on your own | |
| 19:30 | Networking Event | |
Thursday, July 30, 2026
Conference Day 3 & DFRWS Expedition
| Time | Event | Main Conference Room |
|---|---|---|
| 09:30 to 10:45 | Paper Session VI: Video, surveillance and synthetic media | |
| paper (25m) | Forensic
Analysis of Video Data Deletion and Recovery in Honeywell Surveillance File System Jinhee Yoon and Sungjae Hwang |
|
| paper (25m) | Every
Frame You Take: A Taxonomy and Reproducible Testing Framework for Digital Surveillance
Cameras Maximilian Eichhorn, Felix Gabel and Felix Freiling |
|
| paper (25m) | Seeing
the Evidence: A Forensic Framework for Analyzing Ray-Ban Meta AI Smart Glasses Shishir Panta, Ruba Alsmadi and Ibrahim Baggili |
|
| 12:30 to 13:30 | Planning Lunch & Future DFRWS talk | |
| 14:00 to 17:00 | Expedition Drug Enforcement Agency Museum https://museum.dea.gov/ |
|
| 19:00 | Wrap Party (TBA) | |
Accepted Workshops
- Built To Fall: How Unmanned System’s Protocol Vulnerabilities become Anti-Forensic enablers
Evangelos Mantas - Sysdiagnose and Unified Logs 101
Jessica Hyde, Elizabeth McPherson - Root-Cause Analysis of IoT Vulnerabilities
Anthony Andreoli, Mourad Debbabi, Aiman Hanna - Chain of Infection Detection: A Hands-On Workshop on Cross-Domain Forensic Artifact Correlation
Gaurav Gogia, Priyanka Singh, Parag Rughani - Applied Digital Forensics Techniques Workshop for Crimes Against Children Investigators and Forensics Examiners
Cory Hall, Martin Westman
Accepted Papers
- Forensic Analysis of Container Snapshot Chains for Post-Event Reconstruction
Radostin Stoyanov, Lorena Goldoni, Adrian Reber, Christopher Hargreaves and Rodrigo Bruno - Do you dare to try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE
Michael Külper, Martin Lambertz and Mariia Rybalka - Forensic analysis of video data deletion and recovery in Honeywell surveillance file system
Jinhee Yoon and Sungjae Hwang - Every Frame You Take: A Taxonomy and Reproducible Testing Framework for Digital Surveillance Cameras
Maximilian Eichhorn, Felix Gabel and Felix Freiling - Memory Forensics Techniques for Automated Detection and Analysis of Go Malware
Hala Ali, Andrew Case and Irfan Ahmed - I Guess it is Correct – A Survey about Acquiring and Analyzing Main Memory
Lisa Rzepka, Benedikt Mader, Zinaida Benenson and Harald Baier - Digital Forensic Readiness of Regulated Medical Devices: An Empirical Study of the GE Venue Ultrasound System
Muhammad Shaharyar Yaqub, Wooyeon Jo, Tameer Nadeem, Erdem Topsakal and Irfan Ahmed - Plug and Fake: On automatic forensic dataset generation of USB traces
Dennis Wolf, Lena Voigt and Harald Baier - Mind the Slack? Reassessing the Relevance of File Slack in Modern Forensic Investigations
Jan-Niclas Hilgert and Anton Schwietert - The Enemy of Reproducibility is Opacity: What’s Inside the Elliptic Bitcoin Dataset (and Why It Is Wrong)
Miroslav Šafář, Jan Pluskal, Vladimír Veselý and Ondřej Ryšavý - From Dockets to Docker: Engineering Realistic Forensic Scenarios for Onion Service Investigations
Pascal Tippe, Daniel Spiekermann and Adrian Tippe - SoK: What does it Mean to Benchmark Database Forensics?
Ben Lenard, Alexander Rasin and James Wagner - SoK: Anti-Forensics Evolution, Platform Coverage, and Mobile Residual Evidence
Uju Okoye, Roohana Karim, Abdur Rahman Onik and Ibrahim Baggili - Seeing the Evidence: A Forensic Framework for Analyzing Ray-Ban Meta AI Smart Glasses
Shishir Panta, Ruba Alsmadi and Ibrahim Baggili - Rusting Volatility: Accelerating Memory Forensics through LLM-Assisted Cross-Language Migration
Taha Gharaibeh and Ibrahim Baggili - With or Without Logs: Reconstructing Model Context Protocol Activity from Volatile Memory
Abdus Satter, Makei Salmon, Lara Muhanna, Trevor Spinosa, Taha Gharaibeh and Ibrahim Baggili
Accepted Presentations
- Watching the Watchers: Forensic Analysis of Body-Worn Camera BLE Artifacts
Clare Duffy and Josue Rocha - Detecting organized sex exploitation networks through analysis of online ads
Clara Page and Timothy Bollé - Digital Forensics Artifact Catalog
Doug White and Austin Snelick - GATOR: A Graph-Assisted Telemetry Observation and Response Pipeline for Detecting Malware in Windows Environments
Jonathan Adkins
Accepted Multimedia Tracks
- Advancing Reliable Synthetic Video Detection: Insights from the SAFE Challenge
Kirill Trapeznikov, Gabriel Mancino-Ball, Jonathan Li, Paul Cummer, Jai Aslam, Michael Davinroy, Peter Bautista, Laura Cassani, Danial Samadi Vahdati, Tai Nguyen, Matthew C. Stamm and Jill Chrisman