dfrws Archives - Forensic Focus

Call for Participation: Women in Forensic Computing (WinFC) Digital Forensics Workshop and Bootcamp

16th December 2022

The Women in Forensic Computing (WinFC) Digital Forensics Workshop and Bootcamp will be held in in cooperation with DFRWS EU 2023 March 20, 2023 in Bonn, Germany and online (hybrid) This bootcamp/workshop will be held physically and virtually on Monday,… Read more

HTCIA, DFRWS-APAC, and the DFIR Events Industry: A Critique

14th November 2022

Simon: You see, I was thinking about this preamble, and I’ve been listening, no, no, no, no, you can’t laugh. This is recording, I want this to go live. Christa: All right. Desi: This is the preamble. Christa: I’m going… Read more

Event Recap: DFRWS-USA Virtual 2022

27th September 2022

The Digital Forensics Research Workshop was back in virtual format for its USA edition running Monday, July 11th through Thursday, July 14th. Six sessions on memory forensics, similarity hashing, application forensics, live and static system analysis, multimedia forensics, and miscellaneous… Read more

University of Adelaide’s Dr. Matthew Sorell on Evidentiary Health Data at DFRWS-APAC 2022

13th September 202212th September 2022

Christa Miller: Welcome back to the Forensic Focus Podcast. I’m Christa Miller and this week Desi, Si and I are welcoming Dr. Matthew Sorell; senior lecturer at the University of Adelaide School of Electrical and Electronic Engineering in Australia. The… Read more

BlockQuery: Toward Forensically Sound Cryptocurrency Investigation

1st September 2022

Tiffanie: Hi, my name is Tiffanie Edwards, and I’m gonna be presenting the paper “BlockQuery: Toward Forensically Sound Cryptocurrency Investigation”. So this is a little bit of background on the authors of this paper. Tyler Thomas is a primary author.… Read more

A Live Digital Forensics Approach for Quantum Mechanical Computers

30th August 2022

A gray striped cat sits amid a pile of multicolored dominoes as if contemplating how to reconstruct them

Dayton Closser: Well, good evening, everyone. Thank you very much for coming to this speech today. It’s great to be back after the COVID pandemic. It’s great to see everyone in person. I’ve immensely enjoyed speaking with all of you.… Read more

Identifying Document Similarity Using a fast Estimation of the Levenshtein Distance

25th August 2022

Frank: Warm welcome also from my side. This is a presentation or some work that I did together with Peter. He reached out to me. He is in the States and he reached out and said, “hey, I saw online… Read more

Prudent Design Principles for Digital Tampering Experiments

23rd August 2022

Mark: Okay. Good afternoon. Welcome to the next full paper session. We have three papers for you in this session on forensic methods. So, Janine will start shortly with a paper on evidence tampering, we have a paper on forensic… Read more

Knock, Knock, Log: Threat Analysis, Detection & Mitigation of Covert Channels in Syslog Using Port Scans as Cover

2nd August 2022

In this paper, Kevin Lamshöft describes how researchers performed a threat analysis for a covert Command and Control (C2) channel using port scans as cover and syslog as carrier for data infiltration. Session Chair: So, Kevin is presenting Knock, Knock… Read more

Distant Traces and Their Use in Crime Scene Investigation

28th July 2022

Starting with a physical crime scene – a fire – Manon Fischer describes how IoT devices such as “smart” plugs and thermostats store “distant traces” remotely, and could be used to help reconstruct a fire’s origin, cause, and timeline. Session… Read more

The Wisdom of the Heap: Mesh It up by Weaving Data Structures

26th July 2022

In this short presentation, Trufflepig Forensics’ Aaron Hartel and Christian Müller present some early stage research about the volatility of data in memory as data structures change version to version. Session Chair: We’re now going over to memory forensics and… Read more

Toward Graph-Based Network Traffic Analysis and Incident Investigation

21st July 2022

At DFRWS-EU 2022, Milan Cermak describes the need to create data associations for use during network traffic analysis and incident investigation. The focus is on robust graph data visualization of the kind that’s commonly used in criminal investigation, allowing analysts… Read more

Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems

19th July 2022

Winner of the Best Student Paper Award at DFRWS-EU 2022! Muhammad Haris Rais describes a step-wise approach to analyze the memory of specific PLCs, and subsequently find a generic framework applicable to all PLCs. By following a methodology that focused… Read more

PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems

14th July 202214th July 2022

Winner of the Best Paper Award at DFRWS-EU 2022, Nauman Zubair proposes a new memory acquisition framework to remotely acquire a programmable logic controller (PLC)’s volatile memory while the PLC is controlling a physical process. Session Chair: Welcome Nauman, happy… Read more

Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing

12th July 2022

In this video from DFRWS-EU 2022, Jenny Ottmann revisits the discussion on quality criteria for “forensically sound” acquisition of such storage and proposes a new way to capture the intent to acquire an instantaneous snapshot from a single target system;… Read more

Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application

8th July 2022

In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM. Session Chair: We are now in the topic of memory forensics, and we… Read more