We returned to Portland, OR and the University Place Hotel for our 19th Annual DFRWS conference July 14-17, help in cooperation with the ACM.

The conference featured 14 peer reviewed papers, 11 presentations, 6 workshops, 2 keynotes, and 1 reception on the Willamette River aboard the Portland Spirit.  We brought back the Birds of a Feather Lunches after a long hiatus, connecting people around AFF4, IoT Hardware Acquisition, Reverse Engineering, and Volatile Memory analysis (plus more!).

The Best Paper Award went to Frank Block and Andreas Dewald for “Windows Memory Forensics: Detecting (un)intentionally hidden injected Code by examining Page Table Entries”.

Conference Location:

University Place Hotel
Portland State University
310 SW Lincoln St
Portland, OR
United States

July 14, 2019 to July 17, 2019

To reserve a room at the DFRWS Attendee Rate please use this link.

Keynotes

Getting Your Forensic Career to Spark Joy

Sarah Edwards | SANS Institute

Sarah is a mobile forensic engineer working in DC metro area specializing in Mac and Mobile Forensics. She has worked with various federal law enforcement agencies and has performed a variety of investigations including computer intrusions, criminal, and counter­ intelligence/terrorism/narcotics. Sarah’s research interests include anything and everything Apple­ related, mobile devices, digital profiling, and Mac and mobile device security. Sarah has presented at many industry security and forensic conferences and is the author/instructor of SANS FOR518 ­ Mac Forensic Analysis and Incident Response.

New filesystems, new DFIR challenges

Jonathan Levin | CTO, Technologeeks

Apple introduced APFS into iOS 10.3 and MacOS 13 as the default, fading HFS+ into obsolescence. The new filesystem also brings powerful new features, which greatly enhance forensics capabilities, while at the same time introducing challenges. Years later, Apple released a much appreciated but partial specification.This talk describes APFS in more detail, from the forensic analyst's perspective. Snapshots, Encryption, and Fusion Drive all have a direct effect on data recovery, and these aspects, in particular, are addressed.Jonathan Levin is the author of the "MacOS and iOS Internals" trilogy and of "Android Internals". He is CTO of Technologeeks, a group of like-minded experts offering kernel, internals, and low-level consulting.

Participation

We invite contributions in five categories: research papers, presentation proposals, panel proposals, workshop proposals, and demo proposals.

RESEARCH PAPERS undergo double-blinded, peer review, and are published by Elsevier in a special issue of Digital Investigation. Papers are due via EasyChair by February 3rd, 2019 23:59 AOE — EXTENDED from January 25, 2019. Read the Submission Criteria for more information.

PRESENTATIONS and WORKSHOPS undergo a light review process to select presentations of maximal interest to DFRWS attendees and filter out sales pitches. Presentations are of 20-minute duration and are delivered alongside academic papers in the main conference. Workshops occur before and after the main conference. These are intended as in-depth and practical learning opportunities for attendees and often include hands-on participation by attendees. Workshop proposals must specify their target length of either 2 or 4 hours. DFRWS will provide one free conference registration for each workshop accepted. PDFs of proposals are due via email by March 19, 2019.

POSTERS and DEMOS are accepted through the first day of the conference, which is when the Poster and Demo session occurs. Poster authors have the option of having an abstract included in the printed proceedings. A PDF of the poster and the proposed abstract must be submitted via email by March 19, 2019.

Student award and student scholarship program

DFRWS continues its outreach to students studying digital forensics. DFRWS and its sponsors will award one scholarship to the Best Student Paper awardee — it will include registration, 4 nights hotel at the conference hotel, and a monetary award of $595. One or more Student Travel Scholarships may be awarded to include registration and 4 nights at the conference hotel, depending on sponsorship funding each year. DFRWS will notify the recipient of the Best Student Research Paper award on or before the conference registration deadline. Other awards (e.g. industry-sponsored awards for research in specific topic areas) may be awarded after the registration deadline and are fully contingent on scholarship sponsorship by industry each year. Refer to the Student Scholarships page for additional information on eligibility requirements, selection criteria, and award schedule and administration.

Topics of Interest

  • Memory analysis and snapshot acquisition
  • Storage forensics, including solid state
  • “Big data” forensics, related to the collection, analysis, and visualization
  • Incident response and live analysis
  • Forensics of cloud and virtualized environments
  • Malware and targeted attacks (analysis and attribution)
  • Network and distributed system forensics
  • Event reconstruction methods and tools
  • Mobile and embedded device forensics
  • Digital evidence storage and preservation
  • Data recovery and reconstruction
  • Multimedia analysis
  • Database forensics
  • Tool testing and development
  • Digital evidence and the law
  • Case studies and trend reports
  • Data hiding and discovery
  • Anti-forensics and anti-anti-forensics
  • Interpersonal communications and social network analysis
  • Non-traditional forensic scenarios and approaches (e.g. vehicles, Internet of Things, industrial control systems, and SCADA)
  • Archival preservation & reconstruction

 

The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to usa-papers@dfrws.org

Click Here For Proposal Requirements

Deadlines

DateEvent
May 15, 2019 Hotel Rate Ends
March 31, 2019 Early Registration Ends
July 1, 2019 Late (aka Onsite) Registration Begins

Committees

Organizing Committee

Conference Chair

Bradley Schatz, Ph.D. (Schatz Forensic)

Conference Vice Chair

Josiah Dykstra, Ph.D. (National Security Agency)

Program Chair

Tim Vidas, Ph.D. (Carnegie Mellon University)

Program Vice Chair

Xiaodong Lin, Ph.D. (Wilfrid Laurier University)

Proceedings

Alex Nelson, Ph.D. (NIST)

Presentations

Jessica Hyde (George Mason University / Magnet Forensics )

Workshop Chair

Joe Sylve, Ph.D. (BlackBag Technologies)

Workshop Vice Chair

Mark Guido (The MITRE Corporation)

Event Management/Production

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Keynotes

Matthew Geiger (Qintel)

Posters & Demos Chair

Cory Hall (MITRE)

Forensic Rodeo Chair

Andrew White (Dell Secureworks)

Forensic Rodeo Vice Chair

Erika Noerenberg (Carbon Black)

Challenge

Eoghan Casey, Ph.D. (University of Lausanne)

Local Host

Aaron Sparling

Registration

Nicole Beebe, Ph.D. (UTSA)

Advertisement/Sponsorship

Daryl Pfeif (Digital Forensics Solutions and DFRWS)

Web Chair

Elizabeth Schweinsberg (Facebook)

Social Media

Scar de Courcier (Forensic Focus)

At Large Member

Wietse Venema, Ph.D. (Google)

At Large Member

David Baker (DFRWS)

At Large Member

Golden Richard III, Ph.D. (Louisiana State University)

At Large Member

Frank Adelstein, Ph.D. (NFA Digital)

Technical Program Committee

Tim Vidas, Ph.D.

Carnegie Mellon University

Xiaodong Lin, Ph.D.

Wilfrid Laurier University

Frank Adelstein

NFA Digital

Stefan Axelsson

Norwegian University of Science and Technology

Ibrahim Baggili

University of New Haven

David Baker

DFRWS

Manish Bhatt

University of New Orleans

Frank Breitinger

University of New Haven

Florian Buchholz

James Madison University

Michael Cohen

Google

Ali Dehghantanha

University of Guelph

Rinku Dewri

University of Denver

Josiah Dykstra, Ph.D.

National Security Agency

Simson Garfinkel, Ph.D.

U.S. Census Bureau

Matthew Geiger

Qintel

Paul Giura

AT&T Security Research Center

Mark Guido

The MITRE Corporation

Joshua James

Digital Forensic Investigation Research Laboratory, Hallym University

Andrea Lanzi

Universita` degli studi di Milano

Timothy Leschke, Ph.D.

Johns Hopkins University

David Lillis

University College Dublin

Zhiqiang Lin

The Ohio State University

David Loveall

FBI

Holger Morgenstern

Albstadt-Sigmaringen University

Alex Nelson, Ph.D.

NIST

Erika Noerenberg

Carbon Black

Fernando Perez-Gonzalez

Universidad de Vigo

Gilbert Peterson

US Air Force Institute of Technology

Tu-Thach Quach

Sandia National Laboratories

Mark Scanlon, Ph.D.

University College Dublin

Bradley Schatz, Ph.D.

Schatz Forensic

Elizabeth Schweinsberg

Facebook

Jill Slay

La Trobe University

Christopher Stelly

University of New Orleans

Joe Sylve, Ph.D.

BlackBag Technologies

Wietse Venema, Ph.D.

Google

Andrew White

Dell Secureworks

Junyuan Zeng

The University of Texas at Dallas

Ziming Zhao

Arizona State University

Registration

DFRWS USA 2019 registration includes access to all presentations, a copy of the printed proceedings, breakfasts, a welcome reception, and entrance to the famous rodeo challenge. Additionally, registered attendees may attend a banquet (including presentation of best paper awards).

Group discounts are available. If you have a group larger than four, please contact usa-registration@dfrws.org.

If you are a student in a Ph.D., Masters, or Bachelors degree program, you may qualify for a student grant covering part or all of your registration fee and/or travel expenses. While travel grants are normally reserved for students presenting original research papers at the conference, all applications will be reviewed.  The decisions will be made by the organizing committee on a case-by-case basis considering your circumstances, provided evidence, objectives of the conference, and the available/remaining funds.  For more information, please contact usa-scholarship@dfrws.org.

Sponsors

Sponsors help DFRWS to produce quality events and foster community. Click a logo to learn more about the sponsor.

Information about sponsorship opportunities is available at: http://www.dfrws.org/sponsorship-opportunities

Student Scholarship

Founded in 2004, Facebook's mission is to give people the power to build community and bring the world closer together. People use Facebook to stay connected with friends and family, to discover what's going on in the world, and to share and express what matters to them.

Learn More

Google

Google is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, search engine, cloud computing, software, and hardware. It is considered one of the Big Four technology companies, alongside Amazon, Apple and Facebook.

Learn More

Qintel

Qintel is the industry leader for cyber threat intelligence and investigations. Founded in 2009, Qintel provides its partners unique insight into cyber threats and adversarial behavior. Qintel's capabilities are driven by proprietary technologies and unparalleled access to data sources across the globe. These resources are leveraged by a staff of veteran researchers and technologists who have decades of experience analyzing and pursuing cyber threats that span the spectrum of online activity.

Learn More