Call For Papers: DFRWS EU 2018

The call for papers for DFRWS EU 2018 has been extended to the 9th of October.

DFRWS invites contributions in five categories:

• Research papers
• Practitioner / industry researcher presentations
• Hands-on workshops / tutorials
• Panel discussions
• Demos and posters

RESEARCH PAPERS undergo double-blinded peer review, and the proceedings are published by Elsevier as a special issue of the Journal of Digital Investigation.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

PRESENTATIONS, POSTERS, and DEMOS require a brief proposal, not a paper. These proposals undergo a light review process to select presentations of maximal interest to DFRWS attendees, and to filter out sales pitches. Presentation proposals must specify their target length from the following options: 20 minutes, 120 minutes (2 hours), 240 minutes (4 hours), or full day. Note, longer presentations and hands-on tutorials are referred to as ‘workshops’ described below.WORKSHOPS / TUTORIALS can be several hours or full day, and typically include hands-on participation by attendees, allowing for an in-depth, detailed exploration of tools and techniques of interest to DFRWS attendees. Workshops can cover state-of-the-art research projects, useful tips and techniques for standard tools, or most anything that DFRWS attendees would consider beneficial. While commercial tools can be used, these workshops or tutorials should NOT be thinly-veiled commercial advertisements.

PANEL PROPOSALS: These should be one to three pages and clearly describe the topic, its relevance, and a list of potential panelists and their biographies. Panels will be evaluated based on the topic relevance and diversity of the panelists.

DFRWS will provide one free conference registration for each accepted workshop / tutorial.

Topics of Interest

DFRWS welcomes new perspectives that push the envelope of what is currently possible in digital forensics. Potential topics to be addressed by submissions include, but are not limited to:

• Machine learning and data mining for digital evidence extraction/query
• Social networking analysis and OSINT (Open Source Intelligence)
• Malware and targeted attacks (analysis and attribution)
• Forensics analysis and visualization of Big Data
• Non-traditional forensic scenarios / contexts
• Network and distributed system forensics
• Mobile and embedded device forensics
• Cloud and virtualized environments
• Vehicle forensics (e.g., drones, cars)
• SCADA / industrial control systems
• Convert channels (e.g. TOR, VPN)
• Implanted medical devices
• Smart power grids
• Smart buildings
• Virtual currency
• Digital forensic preparedness / readiness
• Digital investigation case management
• Digital evidence sharing and exchange
• Digital forensic triage / survey
• Digital forensic tool validation
• Event reconstruction methods and tools
• Digital evidence and the law
• Case studies and trend reports
• Anti-forensics and anti-anti-forensics

Important Deadlines

• Papers / Presentations / Panel Proposals: Submission Deadline Monday, October 9, 2017
• Workshop / Tutorials / Proposals: Submission Deadline Monday, October 23, 2017
• Papers / Presentations/Panel Proposals: Notification Monday, December 18, 2017
• Demo / Poster Proposals: Submission Deadline Monday, January 22, 2018
• Final Paper Draft and Presenter Registration: Monday, January 29, 2018

Find out more and submit your paper at DFRWS.org.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...