EuroForensics 2011: Forensic Sciences Conference and Exhibition

EuroForensics 2011 is the most extensive forensic sciences event in Turkey, as well as the greater Euro-Asian Region. Our event will be held in Istanbul Harbiye Military Museum and Culture Center between 24 and 26 March, 2011. Some of the fields which will be discussed in the conference: Digital Forensics, Computer Forensics, Network Forensics, Mobile Phone Forensics, Password Recovery, Cryptology, Audio & Video Forensics, Lawful Interception, Intelligence Gathering, Information Security, Data Recovery, E-Discovery, Biometric Solutions, Crime Scene Investigation, Latent Prints, Ballistics, DNA Analysis etc.50 exhibitor companies and 2500 visitors from 25 countries are expected to attend EuroForensics 2011 Conference and Exhibition so our event is a platform where digital forensics, forensic accounting, medical forensics and information security solutions and products and professionals of these fields come together.

Ministry of Justice National Council of Forensic Medicine of Turkey (ENFSI Member), Turkish Prime Ministry-TIKA (Turkish International Cooperation and Development Agency), Tubitak BILGEM UEKAE (The Scientific and Technological Research Council of Turkey), BCCT (British Chamber of Commerce of Turkey), BKM (Interbank Card Center of Turkey) and SABIYAP (Medical IT Managers Association of Turkey) are among the lead sponsors of EuroForensics 2011.

Some of the Exhibitor Companies: Accessdata, Guidance Software, Digital Intelligence, Loquendo, Micro Systemation, Cellebrite, DFlabs, IHS Telekom / Symantec, MD5 Ltd, Mh Service, Elcomsoft, Passware, Aware, SAS Turkey, Attestor, Belkasoft, BlueBear, Consolite Forensics, Pricewaterhouse Coopers, Cozumpark, Ulkem Elektronik, ChemImage Corporation, Fish Digital Forensics, Foster Freeman, Forensic People, Genomed, Applied BioSystems, Incekaralar, Molecular Machines & Industries, Olympus, L1 Intentity Solutions AG, Projectina, IPA Defense, Regula, Erisci Elk., STD/CEDAR, Tübitak BILGEM UEKAE , TMD Security, Isaca Istanbul, Kronik Elk., K9 Academy, Verisis, Videntifier Forensic, Verion Technology, Swiss FTS, SoftPro GmbH, Tekkon Teknoloji ve Kontrol Ltd., Labino, Metronet, Promer Ltd.

Workshops:
-Video Forensic Workshop
-Audio Forensic Workshop
-Mobile Phone Forensic Workshop
-Encase Forensic Workshop
-Encase Enterprise Workshop

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

For more information about the conference program, keynote speakers, exhibitor companies and registration please kindly, visit www.euroforensics.com

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...