DFRWS 2007 Agenda

The DFRWS 2007 Agenda below summarizes the program of discussion and research.

Sunday, August 12, 2007

5:00pm Registration and Welcome Reception
Sponsored by Stroz Friedberg, LLC

Monday, August 13, 2007

8:00am Registration and Breakfast
9:00am Opening Remarks
9:10am Keynote Address
Digital Forensics, Covert Monitoring, and Active Methods
Greg Hoglund (HBGary, Inc)
10:00am Break
Sponsored by CERT
10:15am SESSION 1: Physical Devices
Chair: Golden Richard
  • Forensic Memory Analysis: From Stack and Code to Execution History. Ali Reza Arasteh and Mourad Debbabi. (paper | slides)
  • BodySnatcher: Towards Reliable Volatile Memory Acquisition by Software. Bradley Schatz. (paper | slides)
  • The VAD Tree: A Process-Eye View of Physical Memory. Brendan F Dolan-Gavitt. (paper | slides)
11:45am Lunch and Breakout Discussions
Breakout Topic: The Two Sides of Anti-Forensics
Sponsored by Taylor & Francis
1:15pm SESSION 2: Search Techniques
Chair: Frank Adelstein
  • Multi-Resolution Similarity Hashing.Vassil Roussev, Golden G. Richard III, and Lodovico Marziale. (paper | slides)
  • Digital Forensic Text String Searching: Improving Information Retrieval Effectiveness by Thematically Clustering Search Results. Nicole Lang Beebe and Jan Clark. (paper | slides)
  • Specifying Digital Forensics: A Forensics Policy Approach. Carol Taylor, Barbara Endicott-Popovsky, and Deborah Frincke. (paper | slides)
2:45pm Break
Sponsored by CERT
3:00pm Presentations of the DFRWS 2007 File Carving Challenge Submissions
Lead by: Eoghan Casey
4:15pm - 5:30pm Tool Demo & Poster Session
Chair: Wietse Venema

Tuesday, August 14, 2007

8:00am Breakfast
9:00am Administrative Remarks
9:10am Keynote Address
10 Good Reasons Why You Should Shift Focus to Small Scale Digital Device Forensics (slides)
Ronald van der Knijff (Netherlands Forensic Institute)
10:00am Break
10:15am SESSION 3: Log Files
Chair: Brian Carrier
  • Introducing the Microsoft Vista Log File Format. Andreas Schuster. (paper | slides)
  • Automated Windows Event Log Forensics. Rich Murphey. (paper | slides)
  • Analyzing Multiple Logs for Forensic Evidence. Ali Reza Arasteh, Mourad Debbabi, Assaad Sakha, and Mohamed Saleh. (paper | slides)
11:45am Lunch and Breakout Discussions
Breakout Topic: The Proxy / Anonymizer Problem
Sponsored by Elsevier
1:15pm SESSION 4: Tools
Chair: Eoghan Casey
  • Capture - A Tool for Behavioral Analysis of Applications and Documents. Christian Seifert, Ramon Steenson, Ian Welch, Peter Komisarczuk, and Barbara Endicott-Popovsky. (paper)
  • File Marshal: Automatic Extraction of Peer-to-Peer Data. Frank Adelstein and Rob Joyce. (paper | slides)
  • A Brief Study of Time. Florian Buchholz and Brett Tjaden. (paper | slides)
2:45pm Break
3:00pm SESSION 5: File Extraction / Carving
Chair: Marcus Rogers
  • Massive Threading: Using GPUs to Increase the Performance of Digital Forensics Tools.Lodovico Marziale, Golden G. Richard III, and Vassil Roussev. (paper | slides)
  • Carving Contiguous and Fragmented Files with Object Validation. Simson L. Garfinkel. (paper)
4:00pm Break
4:15pm Presentations of the DFRWS 2007 Breakout Session Results
Panel Lead: Wietse Venema
5:30pm Banquet
Sponsored by WetStone Technologies. .
7:00pm Forensic Rodeo
Wrangler: Dan Kalil

Wednesday, August 15, 2007

8:00am Breakfast
9:00am SESSION 6: Low Level Digital Evidence
Chair: Matthew Geiger
  • An Efficient Technique for Enhancing Forensic Capabilities of Ext2 File System.Mridul Sankar Barik, Gaurav Gupta, Shubhro Sinha, Alok Mishra, and Chandan Mazumdara. (paper | slides)
  • Issues with Imaging Drives Containing Faulty Sectors. James R. Lyle and Mark Wozar. (paper | slides)
  • Forensic Data Recovery and Examination of Magnetic Swipe Card Cloning Devices. Gerry Masters and Philip Turner (paper | slides)
10:30am Break
10:45am Short Presentations & Works in Progress
Chair: Daryl Pfeif
(5 minutes each)
11:30am Closing Comments
11:45am Lunch & DFRWS 2008 / 2009 Planning Session

©2001-2010 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.