Program of the 2019 DFRWS EU
Wednesday, April 24, 2019 | Workshops and Welcome Reception | ||
---|---|---|---|
Workshop Room 1 | Workshop Room 2 | Workshop Room 3 | |
8:30 to 9:30 | Registration | ||
9:30 to 12:30 | CASE Workshop by Cory Hall (MITRE) | Probabilistic Reasoning In Digital Forensics by Pavel Gladyshev, Ph.D. (University College Dublin) and Babak Habibnia (University College Dublin) | WhatsApp Forensics: Advanced Methods of Extraction and Decryption by Tanya Pankova (Oxygen Sponsored Workshop) |
12:30 to 14:00 | Lunch (on site) | ||
14:00 to 17:00 | Forensic Intelligence Workshop Mark Scanlon, Ph.D. (University College Dublin), Dr. Katrin Franke, and Zeno Geradts (Netherlands Forensic Institute) | Malware Reverse Engineering Workshop by Geir Olav Dyrkolbotn (NTNU), Sergii Banin | Forensic Acquisition of Modern Evidence by Bradley Schatz, Ph.D. (Schatz Forensic) |
17:00 to 19:00 | Welcome Reception (w/ Demos) | ||
Thursday, April 25, 2019 | Conference Talks Day 1 | ||
8:00 to 9:00 | Registration | ||
9:00 to 9:15 | Welcome Address | ||
9:15 to 10:15 | Keynote: Where Are We Headed? Considerations for Digital Forensics of Emerging Technologies by Steve Watson (VTO Labs) | ||
10:15 to 10:30 | Break with Networking and Posters | ||
10:30 to 12:00 | Session I - Apple forensics Chair: Holger Morgenstern | ||
Forensic Source Identification using JPEG Image Headers: The Case of Smartphones by Patrick Mullan, Christian Riess, and Felix Freiling (Friedrich-Alexander-University) | |||
Shining a Light on Spotlight: Leveraging Apple’s Desktop Search Utility to Recover Deleted File Metadata on macOS by Tajvinder Singh, Mark Scanlon, Ph.D. (University College Dublin), Nhien An Le Khac (University College Dublin) | |||
The iPhone Health App from a forensic perspective: can steps and distances registered during walking and running be used as digital evidence? by Jan Peter van Zandwijk and Abdul Boztas | |||
12:00 to 13:00 | Lunch | ||
13:00 to 14:30 | Session II - Malware analysis Chair: Mattia Epifani | ||
Towards Exact and Inexact Approximate Matching of Executable Binaries by Lorenz Liebler and Harald Baier (University of Applied Sciences, Darmstadt) | |||
Improving file-level fuzzy hashes for malware variant classification by Ian Shiel and Stephen O'Shaughnessy | |||
Characteristics and Detectability of Windows Auto-Start Extensibility Points in Memory Forensics by Daniel Uroz and Ricardo Rodriguez | |||
14:30 to 15:00 | Break with Networking and Posters | ||
15:00 to 16:30 | Session III - Forensic Analysis Techniques Chair: Chris Hargreaves | ||
On Efficiency of Artifact Lookup Strategies in Digital Forensics by Lorenz Liebler, Patrick Schmitt, Frank Breitinger (University of New Haven), Harald Baier (University of Applied Sciences, Darmstadt) | |||
Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems by Jusop Choi, Jaegwan Yu, Sangwon Hyun and Hyoungshick Kim | |||
Using the Object ID index as an investigative approach for NTFS file systems by Rune Nordvik, Fergus Toolan (Norwegian Police University College), and Stefan Axelsson (Norwegian University of Science and Technology) | |||
16:30 to 16:50 | COST CA17124 Talk | ||
16:50 to 17:10 | Lightning Talks | ||
6pm+ | Banquet and Rodeo | ||
Friday, April 26, 2019 | Conference Talks Day 2 | ||
8:00 to 9:00 | Registration | ||
9:00 to 10:00 | Keynote: Thomas Walmann (ØKOKRIM) | ||
10:00 to 10:10 | Digital Investigation Journal Talk by Bruce | ||
10:10 to 10:30 | Break with Networking and Posters | ||
10:30 to 12:00 | Session IV - IoT Forensics Chair: Babak Habibnia | ||
IoT Forensic Challenges and Opportunities for Digital Traces by Francesco Servida and Eoghan Casey, Ph.D. (University of Lausanne) | |||
Comprehending the IoT Cyber Threat Landscape: A Data Dimensionality Reduction Technique to Infer and Characterize Internet-scale IoT Probing Campaigns by Morteza Safaei, Elias Bou-Harb (National Cyber Forensics and Training Alliance / Concordia University ), Kavita Varma, Nataliia Neshenko, Dimitris Pados, and Kim-Kwang Raymond Choo | |||
SyncTriage: Using synchronisation artefacts to optimize acquisition order by Christopher Hargreaves and Angus Marshall | |||
12:00 to 13:00 | Lunch | ||
13:00 to 14:30 | Session V - Machine Learning and Digital Stratigraphy Chair: Mark Scanlon | ||
On the Feasibility of Binary Authorship Characterization by Saed Alrabaee (Concordia University) | |||
MalDy: Portable, Data-Driven Malware Detection using Language Processing and Machine Learning Techniques on Behavioral Analyses Reports by ElMouatez Billah Karbab (Concordia University) and Mourad Debbabi (Concordia University) | |||
Deleted File Fragment Dating by Analysis of Allocated Neighbors by Ahmed Bahjat and Jim Jones | |||
14:30 to 15:00 | Break with Networking and Posters | ||
15:00 to 17:00 | Presentation Session (6 x 20 Minute Presentations) Chair: Daryl Pfeif | ||
The rise of evil HID devices by Franck Bitsch and Arthur Villeneuve | |||
Apple watch forensics: is it ever possible, and what is the profit? by Mattia Epifani (ITTIG - CNR), Vladimir Katalov (ElcomSoft) | |||
Chrome Nuts and Bolts: ChromeOS /Chromebook Forensics by Jessica Hyde (George Mason University / Magnet Forensics) and Jad Saliba | |||
Advancing the Exchange of Cyber-Investigation Information between organizations and across borders using CASE by Eoghan Casey, Ph.D. (University of Lausanne), Fabrizio Turchi, Nikolaos Matskanis | |||
Clearly Conveying the Science behind Automated Correlation Systems by Timothy Bolle (University of Lausanne) and Eoghan Casey, Ph.D. (University of Lausanne) | |||
Digital traces: a model for influencing parameters by Elenore Ryser (University of Lausanne) and David-Olivier Jaquet-Chiffelle (University of Lausanne) | |||
17:00 to 17:15 | Closing Comments | ||
19:00 | Planning Session |