digital forensics research workshop Archives

Call for Participation: Women in Forensic Computing (WinFC) Digital Forensics Workshop and Bootcamp

16th December 2022

The Women in Forensic Computing (WinFC) Digital Forensics Workshop and Bootcamp will be held in in cooperation with DFRWS EU 2023 March 20, 2023 in Bonn, Germany and online (hybrid) This bootcamp/workshop will be held physically and virtually on Monday,… Read more

Event Recap: DFRWS-USA Virtual 2022

27th September 2022

The Digital Forensics Research Workshop was back in virtual format for its USA edition running Monday, July 11th through Thursday, July 14th. Six sessions on memory forensics, similarity hashing, application forensics, live and static system analysis, multimedia forensics, and miscellaneous… Read more

Prudent Design Principles for Digital Tampering Experiments

23rd August 2022

Mark: Okay. Good afternoon. Welcome to the next full paper session. We have three papers for you in this session on forensic methods. So, Janine will start shortly with a paper on evidence tampering, we have a paper on forensic… Read more

Knock, Knock, Log: Threat Analysis, Detection & Mitigation of Covert Channels in Syslog Using Port Scans as Cover

2nd August 2022

In this paper, Kevin Lamshöft describes how researchers performed a threat analysis for a covert Command and Control (C2) channel using port scans as cover and syslog as carrier for data infiltration. Session Chair: So, Kevin is presenting Knock, Knock… Read more

Distant Traces and Their Use in Crime Scene Investigation

28th July 2022

Starting with a physical crime scene – a fire – Manon Fischer describes how IoT devices such as “smart” plugs and thermostats store “distant traces” remotely, and could be used to help reconstruct a fire’s origin, cause, and timeline. Session… Read more

The Wisdom of the Heap: Mesh It up by Weaving Data Structures

26th July 2022

In this short presentation, Trufflepig Forensics’ Aaron Hartel and Christian Müller present some early stage research about the volatility of data in memory as data structures change version to version. Session Chair: We’re now going over to memory forensics and… Read more

Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems

19th July 2022

Winner of the Best Student Paper Award at DFRWS-EU 2022! Muhammad Haris Rais describes a step-wise approach to analyze the memory of specific PLCs, and subsequently find a generic framework applicable to all PLCs. By following a methodology that focused… Read more

PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems

14th July 202214th July 2022

Winner of the Best Paper Award at DFRWS-EU 2022, Nauman Zubair proposes a new memory acquisition framework to remotely acquire a programmable logic controller (PLC)’s volatile memory while the PLC is controlling a physical process. Session Chair: Welcome Nauman, happy… Read more

Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing

12th July 2022

In this video from DFRWS-EU 2022, Jenny Ottmann revisits the discussion on quality criteria for “forensically sound” acquisition of such storage and proposes a new way to capture the intent to acquire an instantaneous snapshot from a single target system;… Read more

Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application

8th July 2022

In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM. Session Chair: We are now in the topic of memory forensics, and we… Read more

Bridging the Gap: Standardizing Representation of Inferences in Diverse Digital Forensic Contexts

6th July 2022

Session Chair: So the next speaker is Timothy. It’s going to be online, so Timothy, are you ready? Timothy: Hi, everyone. So I’m Timothy Bollé, I’m a PhD student at the University of Lausanne. And today I will give a… Read more

What Can You Tell Us About Your Password? A Contextual Approach

30th June 2022

Aikaterini: I’m Aikaterini Kanta. I’m a PhD candidate with University College Dublin, and I’m really glad to be here today. I’m going to talk to you about my PhD research. So, about contextual based decryption. So, the average number of… Read more

Towards a Working Definition and Classification for Automation in Digital Forensics

28th June 2022

Gaëtan Michelet: So good morning, everyone. Today I will present the project we are working on with Frank Breitinger and Graham Horsman. This project is “Towards a working definition and classification for automation in the context of digital forensic”. And… Read more

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

23rd June 2022

Bruce Nikkel: …paper of the session is from Jens-Petter Sandvik and his colleagues at NTNU, and it’s on “Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS.” Jens-Petter: Yeah. Thank you. So, I’m Jens-Petter Sandvik and my co-authors… Read more

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

21st June 2022

Bruce Nikkel: Okay, thanks everyone. I hope you enjoyed the break. Welcome to the first session: session one, with the theme of file system forensics. We have two interesting papers in this session. The first one is a systematic approach… Read more

Global Incident Response: DFRWS-EU Keynote, 2022

14th June 2022

Chris Hargreaves: Without further ado, we can start the formal program and I’ll hand over to Serge Droz – I did my best there – for the first keynote of the week. Thank you. Serge: So, this technology is working.… Read more