DFRWS 2004 Call for Papers

 

The Air Force Research Laboratory's Digital Forensic Research Workshop (DFRWS) invites interested researchers, practitioners and enthusiasts to submit their written work for review and possible presentation at this year's event to be held in Baltimore, MD on August 11^th -13^th  2004.

 

This year?s workshop and group sessions will be focused on the themes outlined below. However, all submitted work will be considered regardless of how directly it addresses these themes. Also, since some of the research ideas we receive may be abstract or conceptual in nature we ask that, if possible, authors take some time and suggest practical uses or benefits that may be derived from their work.

 

 

Theme I: A Framework for Digital Forensics

 

Problem:

 

 Digital Forensics needs a descriptive framework that describes major fundamental investigative areas and the technologies and processes associated with each

 

This field or discipline we are calling Digital Forensics ultimately exists to aid in the identification and possibly the prevention of wrongdoing by discovering and clearly presenting evidence obtained from digital sources. Directly or indirectly, investigators employing methods, technologies, and tools in this new discipline follow some prescribed set of steps or procedures.  The path can stem from merely being informed of a possible event as a crime or an anomaly, through processing data and exhibits toward some sort of decision or outcome in courts or law or in command decision-making in a commercial, military or CIP (Critical Infrastructure Protection) operational environment. As the investigation progresses, examiners and analysts employ an assortment of protocols and technologies to assist. As of today, there is no clear, agreed upon categorization for these mappings.  Having this would allow specialization or technological concentrations so that continuous, focused discovery and enhancement would occur.

 

Goals:

 

Begin to build a ?workable? Framework for Digital Forensics adopted through consensus by academics, professionals and enthusiasts involved in our community.

 

The results of our efforts at DFRWS will be made available to the widest audience possible for review, debate and involvement. We realize we need the widest possible consensus.   

 

Since the initial workshop, DFRWS 2001, an outline (contained in the Roadmap Document) of one potential approach to defining a set of categories has been proposed. Since then there has been a significant debate about the operational features and limitations of this investigative framework.  Consideration of multiple perspectives (and the added dimension of Time in our second theme area) will start the formation of a more applicable set of connected steps in a Digital Forensic Framework. Each step will be clearly defined and associated with existing technologies and tool sets that may have forensic applications. As a by-product, the ?matrix? that will be produced will also pinpoint shortfalls and limitations in capabilities and technologies addressing certain stages. This will help to set and focus a yearly research agenda toward addressing those areas.

 

 

For Your Consideration:

 

The DFRWS invites you to submit ideas about how best to organize processes related to Digital Forensics and the identification, analysis and presentation of digital evidence. The DFRWS 01 (mentioned above) suggestion is only one example and is arguably incomplete, as well as possessing flaws that limit its scalability to multiple application domains such as e-commerce, real-time CIP threat assessment and military operations.

 

In addition to possible consideration of or borrowing from existing traditional forensic disciplines, we are looking for unique approaches, new perspectives, and innovations that expose and address those attributes that make Digital Forensics unique as an aid to investigations of wrongdoing.

 

The intent is to devote a full day?s dialog and discussion on this topic in order to make significant headway toward addressing this important foundation area. Doing so will begin to lay the groundwork that the entire Digital Forensic domain is built on now and into the near future.

 

 

Theme II : ?In-Time? Forensics: Research, Process and Application

 

Problem:

 

Response time as a criteria is a critical and essential component that differentiates what forensic technologies can be applied across the spectrum of users in digital forensics

 

As a logical extension to the Framework Theme above the 2004 DFRWS presents an opportunity to discuss potential solutions that enable us to review data collection and processing approaches in terms of responsive ?In Time? applications. ?In- Time? refers to the development of approaches that factors time along with evidence importance into the overall data collection/correlation/analysis decision process. This view affords consideration of forensic science and its applications to the widest spectrum of investigative domains all who must consider overall response time but all who use vastly different criteria with respect to time. It also focuses on time as a critical systems/architectural issue versus just measuring time based on current process or technology capabilities.

 

As the worldwide collaborative paradigm for Homeland Security is being realized, investigative domains must find the most effective common ground for successful collection, assessment, communications and decision-making. Once separate processes serving law enforcement, military, national intelligence and private sector operations must now join forces to this end. They must search for a mechanism to share technology, data, factual knowledge, and information to combat growing, increasingly sophisticated global threats. Forensically sound, validated facts delivered ?In-Time? forms the nexus for this collaboration.

 

Goal:

 

Explore, debate and document the time requirements associated with different domains and perspectives that use or are considering the use of forensic tools and technologies.

 

Explore approaches to mapping the time criteria to the candidate Framework for Digital Forensics (from Theme I).

 

The forensic combination of factual evidence and its associated statistical confidence is at the heart of all investigations. What differs most clearly across investigative domains (military, national intelligence, law enforcement, and business) is the amount of time those involved may wait to analyze and deliver that evidence. A wide variety of factors drives this difference including, legal guidelines, mission criticality, prosecutorial time constraints, required transaction rates, and system availability just to name a few.  Although these differing perspectives, and the fact that they exist, were discussed and documented in the first DFRWS (2001), implementation details are still being sought.

 

In many respects, the general data collection issue has been satisfactorily addressed. Large quantities of unclassified information from a wide variety of personnel stores, communication sensors, and various other databases are widely available. A significant portion of the challenges that remain pose much harder problems.  The technical areas of data fusion, correlation, reasoning, visualization, and otherwise detailed forensic analysis pose a serious technical hurdle for us. Integration of these developed technologies employing systems / security engineering and architectural approaches that meet the varying needs of varying investigative domains may be an even harder task.  Coupled with the ultimate goal to securely communicate or share the reasoned findings, we see that much work is left before we can hope to jointly confront global threats effectively.

 

For Your Consideration:

 

If you are engaged in research that may pose solutions to this collaborative dilemma, or if you believe you have a solution or concept that have the potential to address any of the following points, we invite you to share your ideas with our community of digital forensic professionals.  Keep in mind that this list is not exhaustive and we will consider any submitted work as long as the topic is related to ?digital forensics?, which means that the work relates to deriving fact from data and information obtained from digital sources.

 

Suggested Challenge Areas:

[Research ? Process ? Application]

 

• System Impact of Time Based Evidence Development
• Design Ramifications of Time on Subsystems and Decision Processes
• Significant attributes for focused large scale data reduction
• Forensic criteria in ridging disparate data sources
• Normalization and standardization of shared forensic input data
• Visualization of datasets ? New views on an old problem
• Automated Time-Line analysis using multiple data types
• Forensic applications of Statistical and behavioral profiling for Users, Systems and Networks
• Protection and integrity assurance in open communications
• High confidence methods to associate individual user to electronic artifacts
• Linguistic and stylistic analysis of multi-lingual electronic data
• Determining means, motive and opportunity from analysis ? reasoned and inferred
• Forensic applications of machine translation
• Improved collection performance with high density media types
• First responders evidence kits
• Wireless domain impact on system-wide forensic investigations

 

We at AFRL look forward to seeing the work being performed and also seeing many of you in Baltimore for an opportunity to educate, network and have fun. Please check back often for updates in activities and agenda items.

 

See you all in Baltimore this Summer (in the Northern Hemisphere that is..)