On Monday 23rd of March 2015, Forensic Focus will be attending DFRWS EU – the European Digital Forensic Research Workshop – at University College Dublin, Ireland. If there are any topics you would particularly like us to cover in-depth, or if there are any speakers you think we should interview, please let us know in the comments.
DFRWS has been running in the USA since 2001 and expanded to Europe in 2013. Organised by some of the most prominent names in digital forensics, including Eoghan Casey, Frank Adelstein and Vassil Roussev, it has grown over the years from a small workshop group to a full conference with a double blind review and printed proceedings.
This year’s European conference runs from the 23rd – 26th of March, and Forensic Focus will be taking notes throughout the workshops and interviewing key figures.
For the first day, the conference is split into two workshop tracks, each focusing on a different area of digital forensics. Below is a brief overview of the workshops available, and of the talks and events throughout the remainder of the week.
GRR Incident Response Framework
Andreas Moser from Google will provide an introduction to the GRR environment for people who have never previously used it. Tasks will include reading files and registry keys and grabbing artifacts directly from live memory.
Digital Forensics Framework
Frederic Baguelin and Solal Jacob of ArxSys will demonstrate how to use DFF in forensic analyses of hard disks, memory snapshots or virtual machines. The workshop will include an overview of the graphical interface; a look at importing files and extracting information; and searching, filtering and reporting on data.
Digital Memory Forensic Interactive Workshop
Michael Cohen and Johannes Stüettgen from Google will use open source tools to detect malware and advanced system threats. Participants will be encouraged to try the techniques themselves, using both sample images and their own machines. The workshop will also cover extracting binaries from memory, memory management techniques and hooking.
Common Criteria for Digital Forensics Experts
Hans Henseler and Sophie Loenhout will present a draft version of common criteria for digital forensics experts involved in court cases in the Netherlands. This workshop is specifically aimed at expert witnesses and looks to work towards harmonising forensic computer science standards around the world.
First European Workshop on Data Analytics for Information Security and Forensics
This workshop will present a forum for digital forensics professionals to discuss innovative solutions to some of the main challenges faced in cybercrime investigations. Topics covered will include the wide-ranging sources of data available, the proprietary nature of digital forensic tools and their limitations, and how national data protection legislation can impede the investigative process.
Tuesday’s programme comprises of a series of talks about digital forensics, including a keynote address by Chris Ashton, the Director of Spectrum Engineering at Inmarsat. Ashton will discuss the lessons we can learn from the flightpath reconstruction analysis performed by Inmarsat when searching for flight MH370, an international passenger flight which went missing on the 8th of March 2014.
The first session following the keynote on Tuesday will look at network forensics, with topics including traffic aggregation and visualisation for network forensics, and the detection, analysis and investigation of spam campaigns.
Throughout the rest of the day a number of topics will be covered, including disk and mobile forensics, forensic tool validation, Tor forensics and malware analysis. There will also be presentations on malware triage and Android vulnerabilities.
The day will begin with a keynote address from Troels Oerting, the former head of European Cyber Crime (EC3) at Europol, followed by a session on forensic investigation of smart TVs and the Sony Playstation 4.
The remainder of Wednesday will be devoted to a session on handling digital evidence, and paper presentations from research groups covering topics such as handling the exchange of digital evidence across Europe, searching extracted data, and data scrutiny in fraud cases.
The entire day on Thursday will consist of the First European Workshop on Data Analytics for Information Security and Forensics (E-DAIS). This will include discussions of current research challenges in large-scale forensic investigations; the technical problems of big data analysis for INFOSEC; and the privacy problems surrounding big data analysis for information security and forensics.
Attendees will then break into groups, where they will be encouraged to discuss text translation and mining, the legal aspects of cross-jurisdictional data collection and analysis, and approaches to strengthening human rights protection in big data analytics.
Forensic Focus will be in attendance for all four days of the conference, and you can see the full programme here. If there are any topics you would particularly like us to cover in-depth, or if there are any speakers you think we should interview, please let us know in the comments or email [email protected] with suggestions.