Program of the 2019 DFRWS EU

Wednesday, April 24, 2019Workshops and Welcome Reception
Workshop Room 1Workshop Room 2Workshop Room 3
8:30 to 9:30Registration
9:30 to 12:30CASE Workshop
by Cory Hall (MITRE)
Probabilistic Reasoning In Digital Forensics
by Pavel Gladyshev, Ph.D. (University College Dublin) and Babak Habibnia (University College Dublin)
WhatsApp Forensics: Advanced Methods of Extraction and Decryption
by Tanya Pankova (Oxygen Sponsored Workshop)
12:30 to 14:00Lunch (on site)
14:00 to 17:00Forensic Intelligence Workshop
Mark Scanlon, Ph.D. (University College Dublin), Dr. Katrin Franke, and Zeno Geradts (Netherlands Forensic Institute)
Malware Reverse Engineering Workshop
by Geir Olav Dyrkolbotn (NTNU), Sergii Banin
Forensic Acquisition of Modern Evidence
by Bradley Schatz, Ph.D. (Schatz Forensic)
17:00 to 19:00Welcome Reception (w/ Demos)
Thursday, April 25, 2019Conference Talks Day 1
8:00 to 9:00Registration
9:00 to 9:15Welcome Address
9:15 to 10:15Keynote: Where Are We Headed? Considerations for Digital Forensics of Emerging Technologies
by Steve Watson (VTO Labs)
10:15 to 10:30Break with Networking and Posters
10:30 to 12:00Session I - Apple forensics
Chair: Holger Morgenstern
Forensic Source Identification using JPEG Image Headers: The Case of Smartphones
by Patrick Mullan, Christian Riess, and Felix Freiling (Friedrich-Alexander-University)
Shining a Light on Spotlight: Leveraging Apple’s Desktop Search Utility to Recover Deleted File Metadata on macOS
by Tajvinder Singh, Mark Scanlon, Ph.D. (University College Dublin), Nhien An Le Khac (University College Dublin)
The iPhone Health App from a forensic perspective: can steps and distances registered during walking and running be used as digital evidence?
by Jan Peter van Zandwijk and Abdul Boztas
12:00 to 13:00Lunch
13:00 to 14:30Session II - Malware analysis
Chair: Mattia Epifani
Towards Exact and Inexact Approximate Matching of Executable Binaries
by Lorenz Liebler and Harald Baier (University of Applied Sciences, Darmstadt)
Improving file-level fuzzy hashes for malware variant classification
by Ian Shiel and Stephen O'Shaughnessy
Characteristics and Detectability of Windows Auto-Start Extensibility Points in Memory Forensics
by Daniel Uroz and Ricardo Rodriguez
14:30 to 15:00Break with Networking and Posters
15:00 to 16:30Session III - Forensic Analysis Techniques
Chair: Chris Hargreaves
On Efficiency of Artifact Lookup Strategies in Digital Forensics
by Lorenz Liebler, Patrick Schmitt, Frank Breitinger (University of New Haven), Harald Baier (University of Applied Sciences, Darmstadt)
Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems
by Jusop Choi, Jaegwan Yu, Sangwon Hyun and Hyoungshick Kim
Using the Object ID index as an investigative approach for NTFS file systems
by Rune Nordvik, Fergus Toolan (Norwegian Police University College), and Stefan Axelsson (Norwegian University of Science and Technology)
16:30 to 16:50COST CA17124 Talk
16:50 to 17:10Lightning Talks
6pm+Banquet and Rodeo
Friday, April 26, 2019Conference Talks Day 2
8:00 to 9:00Registration
9:00 to 10:00Keynote: Thomas Walmann (ØKOKRIM)
10:00 to 10:10Digital Investigation Journal Talk by Bruce
10:10 to 10:30Break with Networking and Posters
10:30 to 12:00Session IV - IoT Forensics
Chair: Babak Habibnia
IoT Forensic Challenges and Opportunities for Digital Traces
by Francesco Servida and Eoghan Casey, Ph.D. (University of Lausanne)
Comprehending the IoT Cyber Threat Landscape: A Data Dimensionality Reduction Technique to Infer and Characterize Internet-scale IoT Probing Campaigns
by Morteza Safaei, Elias Bou-Harb (National Cyber Forensics and Training Alliance / Concordia University ), Kavita Varma, Nataliia Neshenko, Dimitris Pados, and Kim-Kwang Raymond Choo
SyncTriage: Using synchronisation artefacts to optimize acquisition order
by Christopher Hargreaves and Angus Marshall
12:00 to 13:00Lunch
13:00 to 14:30Session V - Machine Learning and Digital Stratigraphy
Chair: Mark Scanlon
On the Feasibility of Binary Authorship Characterization
by Saed Alrabaee (Concordia University)
MalDy: Portable, Data-Driven Malware Detection using Language Processing and Machine Learning Techniques on Behavioral Analyses Reports
by ElMouatez Billah Karbab (Concordia University) and Mourad Debbabi (Concordia University)
Deleted File Fragment Dating by Analysis of Allocated Neighbors
by Ahmed Bahjat and Jim Jones
14:30 to 15:00Break with Networking and Posters
15:00 to 17:00Presentation Session (6 x 20 Minute Presentations)
Chair: Daryl Pfeif
The rise of evil HID devices
by Franck Bitsch and Arthur Villeneuve
Apple watch forensics: is it ever possible, and what is the profit?
by Mattia Epifani (ITTIG - CNR), Vladimir Katalov (ElcomSoft)
Chrome Nuts and Bolts: ChromeOS /Chromebook Forensics
by Jessica Hyde (George Mason University / Magnet Forensics) and Jad Saliba
Advancing the Exchange of Cyber-Investigation Information between organizations and across borders using CASE
by Eoghan Casey, Ph.D. (University of Lausanne), Fabrizio Turchi, Nikolaos Matskanis
Clearly Conveying the Science behind Automated Correlation Systems
by Timothy Bolle (University of Lausanne) and Eoghan Casey, Ph.D. (University of Lausanne)
Digital traces: a model for influencing parameters
by Elenore Ryser (University of Lausanne) and David-Olivier Jaquet-Chiffelle (University of Lausanne)
17:00 to 17:15Closing Comments
19:00Planning Session