Sunday, July 15, 2018
Foyer Area Grand Ballroom B Grand Ballroom C
11:30

Registration Opens

13:00 to 15:00

Linux Memory Forensics Part 1 Workshop

Hal Pomeranz (Deer Run Associates)
15:00 to 17:00

Linux Memory Forensics Part 2 Workshop

Hal Pomeranz (Deer Run Associates)
17:30

Registration Closes

18:00

Dinner On Your Own

Monday, July 16, 2018
Foyer Area Grand Ballroom (B&C)
8:00 to 9:00

Registration / Breakfast

9:00 to 9:15

Opening Remarks

9:15 to 10:15

Keynote Address

10:15 to 10:30

Break

10:30 to 12:00

Session 1 - Analysis

Chair: 
Golden Richard III, Ph.D. (Louisiana State University)

Memory Forensics and the Windows Subsystem for Linux Paper

Nathan Lewis Andrew Case (Volexity) Aisha Ali-Gombe Golden Richard III, Ph.D. (Louisiana State University)

Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification Paper

Manish Bhatt Irfan Ahmed (University of New Orleans)

Forensic Analysis of Multiple Device BTRFS Configurations Using The Sleuth Kit Paper

Jan-Niclas Hilgert Martin Lambertz Shujian Yang
12:00 to 14:00

Lunch On Your Own

14:00 to 15:30

Session 2 - Artifacts

Chair: 
Wietse Venema, Ph.D. (Google)

Reconstructing Streamed Video Content: A Case Study on YouTube and Facebook Live Stream Content in the Chrome Web Browser Cache Paper

Graeme Horsman

Welcome pwn: Almond Smart Home Hub Forensics Paper

Akshay Awasthi Huw Read Iain Sutherland Konstantinos Xynos

Experience Constructing the Artifact Genome Project (AGP): Managing the Domain's Knowledge One Artifact at a Time Paper

Cinthya Grajeda Mendez Laura Sanchez Ibrahim Baggili (University of New Haven) Devon Clark Frank Breitinger (University of New Haven)
15:30 to 16:00

Break

16:00 to 16:30

Presentations 1

Chair: 
Frank Adelstein, Ph.D. (NFA Digital)
16:30 to 16:45

One Minute Teasers for Poster Sessions / Tool Demos

(sign-up on-site)

18:00

Welcome Reception & Poster / Demos

(offsite)

Tuesday, July 17, 2018
Foyer Area Grand Ballroom (B&C)
8:00 to 9:00

Registration / Breakfast

9:00 to 9:05

Administrative Remarks

9:05 to 10:00
10:00 to 10:15

Break

10:15 to 12:00

Session 3 – Mobile

Chair: 
Alex Nelson, Ph.D. (NIST)

Automated Forensic Analysis of Mobile Applications on Android Devices Paper

Xiaodong Lin Ting Chen Tong Zhu Kun Yang Fengguo Wei

DroidKex: Fast Extraction of Ephemeral TLS Keys from the Memory of Android Apps Paper

Benjamin Taubmann Omar Al Abduljaleel Hans Reiser

Digital Forensic Investigation of Two-Way Radio Communication Equipment and Services Paper

Arie Kouwen Mark Scanlon, Ph.D. (University College Dublin) Kim-Kwang Raymond Choo Nhien An Le Khac (University College Dublin)
12:00 to 14:00

Lunch On Your Own

14:00 to 15:00
15:00 to 15:30

Break

15:30 to 16:30

Presentations 2

Chair: 
Elizabeth Schweinsberg (Facebook)

Turbinia: Automation of Forensic Processing in the Cloud Presentation

Thomas Chopitea Aaron Peterson

Drone Forensics Program Presentation

Steve Watson (VTO Labs)
16:30 to 17:00

Forensic Challenge Presentation and Prizes

18:00 to 19:30

Banquet

19:30

Forensic Rodeo

Wednesday, July 18, 2018
Foyer Area Grand Ballroom (B&C) Grand Ballroom B Grand Ballroom C
8:00 to 9:00

Registration / Breakfast

9:00 to 10:30

Session 5 – Malware

Chair: 
Joe Sylve, Ph.D. (BlackBag Technologies)

Multinomial Malware Classification Via Low-level Features Paper

Sergii Banin Geir Olav Dyrkolbotn (NTNU)

Deep Learning at the Shallow End: Malware Classification for Non-Domain Experts Paper

Quan Le Oisin Boydell Mark Scanlon, Ph.D. (University College Dublin)

CGC Monitor: A Vetting System for the DARPA Cyber Grand Challenge Paper

Michael Thompson Timothy Vidas
10:30 to 10:45

Break

10:45 to 11:45

Presentations 3

Chair: 
Bradley Schatz, Ph.D. (Schatz Forensic)

Using Santa to Augment Forensic Investigations Presentation

James Nettesheim Gary Brown

Damaged Device Forensics Presentation

Steve Watson (VTO Labs)

Adding APFS Support to The Sleuthkit Framework Presentation

Joe Sylve, Ph.D. (BlackBag Technologies)
11:45 to 12:00

Works in Progress (sign-up on-site)

Chair: 
Daryl Pfeif (Digital Forensics Solutions and DFRWS)
12:00 to 12:20

Closing Comments

12:20 to 13:30

Lunch On Your Own

13:30 to 15:30

Android Forensics and Reverse Engineering (Part 1) Workshop

Trevor Haigh (University of New Haven) Frank Breitinger (University of New Haven)

Plaso: The Missing Manual (Part 1) Workshop

Mark Hallman (SANS Institute)
15:30 to 17:30

Android Forensics and Reverse Engineering (Part 2) Workshop

Trevor Haigh (University of New Haven) Frank Breitinger (University of New Haven)

Plaso: The Missing Manual (Part 2) Workshop

Mark Hallman (SANS Institute)
18:00

DFRWS 2019 Planning Session

(food/drinks not paid for by DFRWS)

Add to My Calendar

iCal Feed

Please click the button to subscribe to the iCal feed for this Conference.