Wednesday, March 21, 2018
Room BargelloRoom FranciabigioRoom Pitti
9:30Image and Video Forensics: Enhancement and AnalysisWorkshop
Sebastiano Battiato (University of Catania)Martino Jerian (Amped Software)
Where Did That Incriminating Evidence Come From?Workshop
Martin Westman (MSAB)
iOS Physical Acquisition Workflow: From Jailbreaking to ExtractionWorkshop
Oleg Afonin (Elcomsoft)Vladimir Katalov (ElcomSoft)
12:30Lunch (on site)
14:00Image and Video Forensics: Fundamentals on Image Source Identification and Authenticity VerificationWorkshop
Roberto Caldelli (MICC at University of Florence)Irene Amerini (MICC at University of Florence)
CASE Technical Implementation WorkshopWorkshop
Eoghan Casey, Ph.D. (University of Lausanne)Ryan Griffith (DC3)Harm van Beek (Netherlands Forensic Institute)Erwin van Eijk (Netherlands Forensic Institute)Jared Stroud (MITRE)
Advanced Acquisition & Analysis with the AFF4Workshop
Bradley Schatz, Ph.D. (Schatz Forensic)
17:00Welcome Reception (w/ Concert & Demos)
Thursday, March 22, 2018
Pontevecchio Hall
9:00Welcome / Announcements
Florence Vice-Mayor Dr. Cristina Giachi will extend greetings
9:15Keynote Address
Eugenio Albamonte
10:15Break / Networking / Posters
10:30Session I - Knowledge and Education
Chair: Mariangela Biasiotti (Italian National Research Council)
Educating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts
Hans Henseler, Ph.D. (University of Applied Sciences Leiden) and Sophie Van Loenhout
A Comparative Study on Data Protection Legislations and Government Standards to Implement Digital Forensic Readiness as Legal Requirement
Sungmi Park (KITRI BoB), Nikolay Akatyev (Horangi Cyber Security), Donghyun Kim (KITRI BoB), Jisoo Hwang (KITRI BoB), Woonseon Yoo (KITRI BoB), Hyunwoo Shin (KITRI BoB), Changhee Han (KITRI BoB), Kim Jong Hyun (Douzone Forensic Center), and Yunsik Jake Jang (Hallym University)
Nugget: A Digital Forensics Language
Christopher Stelly (University of New Orleans) and Vassil Roussev, Ph.D. (University of New Orleans)
12:00Lunch (on site)
13:00Session II - Evidence Analysis
Chair: Mattia Epifani (ITTIG - CNR)
Building Stack Traces From Memory Dump of Windows x64
Yuto Otsuki (NTT), Yuhei Kawakoya (NTT), Makoto Iwamura (NTT), Jun Miyoshi (NTT), and Kazuhiko Ohkubo (NTT)
Forensics Acquisition - Analysis and Circumvention of Samsung Secure Boot Enforced Common Criteria Mode
Gunnar Alendal (NTNU), Geir Olav Dyrkolbotn (NTNU), and Stefan Axelsson (Norwegian University of Science and Technology)
OpenForensics: A Digital Forensics GPU Pattern Matching Approach for the 21st Century
Ethan Bayne (Abertay University), Ian Ferguson (Abertay University), and Adam Sampson (Abertay University)
14:30Break / Networking / Posters
15:00Session III - Digital Evidence
Chair: Bruce Nikkel, Ph.D. (Bern University of Applied Sciences)
A Standardized Corpus for SQLite Database Forensics
Sven Schmitt (Friedrich-Alexander-University), Felix Freiling (Friedrich-Alexander-University), and Sebastian Nemetz (Friedrich-Alexander-University)
The Reliability of Clocks as Digital Evidence Under Low Voltage Conditions
Jens-Petter Sandvik (Norwegian University of Technology and Science) and André Årnes (Norwegian University of Technology and Science)
Using Computed Similarity of Distinctive Digital Traces to Evaluate Non-obvious Links and Repetitions in Cyber-investigations
Timothy Bollé (University of Lausanne), and Eoghan Casey, Ph.D. (University of Lausanne)
16:30Lightning Talks
Chair: Daryl Pfeif (Digital Forensics Solutions and DFRWS)
18:30DFRWS Banquet / Awards Ceremony (@ VILLA CORA)
The year's Banquet is sponsored byITTIG
21:30Forensics Rodeo
This year's rodeo was developed by Mattia Epifani
(REALITY NET System Solutions Snc)
All participants are encouraged to participate in the Forensics Rodeo - A friendly, but fierce, capture the flag style forensics competition. Be Prepared - Bring your laptop and favorite forensics tools to win prizes and glory!
Friday, March 23, 2018
Pontevecchio Hall
9:00Keynote Address
Dr. Katrin Franke
10:00Break / Networking / Posters
10:30Session IV - Automation
Chair: Mark Scanlon, Ph.D. (University College Dublin)
MalDozer: Automatic Framework for Android Malware Chasing Using Deep Learning
ElMouatez Billah Karbab (Concordia University), Mourad Debbabi (Concordia University), Abdelouahid Derhab (King Saud University), and Djedjiga Mouheb (University of Sharjah)
Forensic Framework to Identify Local vs Synced Artifacts
Jacques Boucher and Nhien An Le Khac (University College Dublin)
Data-Driven Approach for Automatic Telephony Threat Analysis and Campaign Detection
Houssem Eddine Bordjiba (Concordia University), ElMouatez Billah Karbab (Concordia University), and Mourad Debbabi (Concordia University)
12:00Lunch (on site)
13:00Session V - Anti-Forensics
Chair: Hans Henseler, Ph.D. (University of Applied Sciences Leiden)
Controlled Experiments in Digital Evidence Tampering
Felix Freiling (Friedrich-Alexander-University) and Leonhard Hösch (Friedrich-Alexander-University)
Anti-Forensics in ext4: On Secrecy and Usability of Timestamp-Based Data Hiding
Thomas Göbel (University of Applied Sciences, Darmstadt) and Harald Baier (University of Applied Sciences, Darmstadt
Styx: Countering Robust Memory Acquisition
Ralph Palutke (Friedrich-Alexander-University) and Felix Freiling (Friedrich-Alexander-University)
14:30Break / Networking / Posters
Chair: Babak Habibnia (University College Dublin)
Obtaining Critical Real-Time Evidence From the Cloud
Vladimir Katalov (ElcomSoft)
Decision-Theoretic File Carver for Triage Situations
Pavel Gladyshev, Ph.D. (University College Dublin)
Forensicating the Apple TV
Mattia Epifani (ITTIG - CNR) and Claudia Meda (REALITY NET System Solutions Snc)
16:00Closing Comments