Wednesday, April 24, 2019
Foyer Main Conference Room Workshop Room 1 Workshop Room 2 Workshop Room 3
8:30 to 9:30

Registration

Pick up your badge and printed proceedings.

9:30 to 11:00

Malware Reverse Engineering Workshop Workshop

Geir Olav Dyrkolbotn (NTNU) Sergii Banin

Exchange of cyber-investigation information between organizations and across borders using CASE (with Demo) Workshop

Vik Harichandran Mattia Epifani (ITTIG - CNR) Nikolaos Matskanis Deborah Nichols

Forensic Intelligence Workshop Workshop

Mark Scanlon, Ph.D. (University College Dublin) Dr. Katrin Franke Zeno Geradts (Netherlands Forensic Institute)
11:00 to 11:15

Break Break

11:15 to 12:30

Malware Reverse Engineering Workshop Workshop

Geir Olav Dyrkolbotn (NTNU) Sergii Banin

Exchange of cyber-investigation information between organizations and across borders using CASE (with Demo) Workshop

Vik Harichandran Mattia Epifani (ITTIG - CNR) Nikolaos Matskanis Deborah Nichols

Forensic Intelligence Workshop Workshop

Mark Scanlon, Ph.D. (University College Dublin) Dr. Katrin Franke Zeno Geradts (Netherlands Forensic Institute)
12:30 to 14:00

Lunch

14:00 to 15:30

Women: The future of forensic computing?! Workshop

Felix Freiling (Friedrich-Alexander-University) Dr. Katrin Franke

Probabilistic Reasoning In Digital Forensics Workshop

Pavel Gladyshev, Ph.D. (University College Dublin) Babak Habibnia (University College Dublin)
15:30 to 15:45

Break Break

15:45 to 17:00

Women: The future of forensic computing?! Workshop

Felix Freiling (Friedrich-Alexander-University) Dr. Katrin Franke

Probabilistic Reasoning In Digital Forensics Workshop

Pavel Gladyshev, Ph.D. (University College Dublin) Babak Habibnia (University College Dublin)

Forensic Acquisition of Modern Evidence Workshop

Bradley Schatz, Ph.D. (Schatz Forensic)
17:15 to 17:45
17:45 to 19:00

Welcome Reception

w/ Demos & Posters

Thursday, April 25, 2019
Foyer Main Conference Room Workshop Room 1 Workshop Room 2 Workshop Room 3
8:00 to 9:00

Registration Registration

9:00 to 9:15

Welcome Address Welcome Address

9:15 to 10:15

Keynote Address

10:15 to 10:30

Break

Networking and Posters

10:30 to 12:00

Session I - Apple forensics

Chair: 
Holger Morgenstern (Albstadt-Sigmaringen University)

Forensic Source Identification using JPEG Image Headers: The Case of Smartphones Paper

Patrick Mullan Christian Riess Felix Freiling (Friedrich-Alexander-University)

Shining a Light on Spotlight: Leveraging Apple’s Desktop Search Utility to Recover Deleted File Metadata on macOS Paper

Tajvinder Singh Mark Scanlon, Ph.D. (University College Dublin) Nhien An Le Khac (University College Dublin)

The iPhone Health App from a forensic perspective: can steps and distances registered during walking and running be used as digital evidence? Paper

Jan Peter van Zandwijk Abdul Boztas
12:00 to 13:00

Lunch

13:00 to 14:30

Session II - Malware Analysis

Chair: 
Mattia Epifani (ITTIG - CNR)

Towards Exact and Inexact Approximate Matching of Executable Binaries Paper

Lorenz Liebler Harald Baier (University of Applied Sciences, Darmstadt)

Improving file-level fuzzy hashes for malware variant classification Paper

Ian Shiel Stephen O'Shaughnessy

Characteristics and Detectability of Windows Auto-Start Extensibility Points in Memory Forensics Paper

Daniel Uroz Ricardo Rodriguez
14:30 to 15:00

Break

Networking and Posters

15:00 to 16:30

Session III - Forensic Analysis Techniques

Chair: 
Christopher Hargreaves

On Efficiency of Artifact Lookup Strategies in Digital Forensics Paper

Lorenz Liebler Patrick Schmitt Frank Breitinger (University of New Haven) Harald Baier (University of Applied Sciences, Darmstadt)

Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems Paper

Jusop Choi Jaegwan Yu Sangwon Hyun Hyoungshick Kim

Using the Object ID index as an investigative approach for NTFS file systems Paper

Rune Nordvik Fergus Toolan (Norwegian Police University College) Stefan Axelsson (Norwegian University of Science and Technology)
16:45 to 17:15

Board Bus to FRAM MUSEUM for Banquet and Rodeo

First bus leaves 15 minutes after the last session - LAST BUS LEAVES KRIPOS 45 mins after last session

DFRWS Awards Ceremony, Banquet and Forensics Rodeo takes place at the Fram Museum - https://frammuseum.no/

Rodeo information and challenge download link: https://www.cs1.tf.fau.de/dfrws-eu-2019-forensic-rodeo/

Friday, April 26, 2019
Foyer Main Conference Room Workshop Room 1 Workshop Room 2 Workshop Room 3
8:00 to 9:00

Registration

Pick up your badge and printed proceedings.

9:00 to 9:15
9:15 to 10:15

Presentation Session I

Chair: 
Hans Henseler, Ph.D. (University of Applied Sciences Leiden)

The rise of evil HID devices Presentation

Franck Bitsch Arthur Villeneuve

Apple watch forensics: is it ever possible, and what is the profit? Presentation

Mattia Epifani (ITTIG - CNR) Vladimir Katalov (ElcomSoft)

Chrome Nuts and Bolts: ChromeOS /Chromebook Forensics Presentation

Jessica Hyde (George Mason University / Magnet Forensics ) Jad Saliba
10:15 to 10:30

Break

Networking and Posters

10:30 to 12:00

Session IV - IoT Forensics

Chair: 
Bruce Nikkel, Ph.D. (Bern University of Applied Sciences)

Deleted File Fragment Dating by Analysis of Allocated Neighbors Paper

Ahmed Bahjat Jim Jones

IoT Forensic Challenges and Opportunities for Digital Traces Paper

Francesco Servida Eoghan Casey, Ph.D. (University of Lausanne)

Comprehending the IoT Cyber Threat Landscape: A Data Dimensionality Reduction Technique to Infer and Characterize Internet-scale IoT Probing Campaigns Paper

Morteza Safaei Elias Bou-Harb (National Cyber Forensics and Training Alliance / Concordia University ) Kavita Varma Nataliia Neshenko Dimitris Pados Kim-Kwang Raymond Choo
12:00 to 13:00

Lunch

13:00 to 14:30

Session V - Machine Learning and Digital Stratigraphy

Chair: 
Mark Scanlon, Ph.D. (University College Dublin)

On the Feasibility of Binary Authorship Characterization Paper

Saed Alrabaee (Concordia University)

MalDy: Portable, Data-Driven Malware Detection using Language Processing and Machine Learning Techniques on Behavioral Analyses Reports Paper

ElMouatez Billah Karbab (Concordia University) Mourad Debbabi (Concordia University)

SyncTriage: Using synchronisation artefacts to optimize acquisition order Paper

Christopher Hargreaves Angus Marshall
14:30 to 15:00

Break

Networking and Posters

15:00 to 16:00

Presentation Session II

Chair: 
John Sheppard (Waterford Institute of Technology)

Advancing the Exchange of Cyber-Investigation Information between organizations and across borders using CASE Presentation

Eoghan Casey, Ph.D. (University of Lausanne) Fabrizio Turchi Nikolaos Matskanis

Clearly Conveying the Science behind Automated Correlation Systems Presentation

Timothy Bollé (University of Lausanne) Eoghan Casey, Ph.D. (University of Lausanne)

Digital traces: a model for influencing parameters Presentation

Elénore Ryser (University of Lausanne) David-Olivier Jaquet-Chiffelle (University of Lausanne)
16:00 to 17:00
17:00 to 17:30

Planning Session and Closing Comments

19:00 to 21:00

Wrap Party

Wrap Party with take place at Egon Karl Johan - https://egon.no/restauranter/karl+johan (at own expense)

Address:
Egon,
Karl Johans Gate 37,
0162 Oslo

Add to My Calendar

iCal Feed

Please click the button to subscribe to the iCal feed for this Conference.