[转载]Digital Forensic Research Workshop 2006
原始链接:<a href="http://www.dfrws.org/2006/program.html" target="_blank">[url]http://www.dfrws.org/2006/program.html[/url]</a><br /><br /><table cellpadding="5" width="100%" border="0"><tbody><tr><td class="tbl_date" colspan="2">Sunday, August 13, 2006</td></tr><tr><td valign="top" width="21%">5:00 pm – 7:00</td><td width="79%"><strong>Registration and Welcome Reception</strong> (sponsored by <a href="http://www.strozllc.com/">Stroz Friedberg, LLC</a>)</td></tr><tr><td class="tbl_date" colspan="2"></td></tr><tr><td class="tbl_date" colspan="2">Monday, August 14, 2006</td></tr><tr><td>8:00 – 9:00</td><td>Registration</td></tr><tr><td>9:00 – 9:10</td><td>Opening Remarks </td></tr><tr><td valign="top">9:10 – 10:00</td><td><strong>Keynote Address<br /></strong><em>Challenges in Digital Forensics </em>(<a href="proceedings/Lindsey-pres.pdf">slides</a>)<strong> <br /></strong>Ted Lindsey (FBI)<br />Current Cyber Investigation Challenges (<a href="abstracts.html">abstract</a>) </td></tr><tr><td>10:00 – 10:15</td><td>Break</td></tr><tr><td>10:15 – 11:45 </td><td><strong>SESSION 1: </strong>Physical Devices (Chair: Frank Adelstein)</td></tr><tr><td></td><td><em><a href="proceedings/1-Lyle.pdf">A Strategy for Testing Hardware Write Block Devices</a></em> (<a href="proceedings/1-Lyle-pres.pdf">slides</a>)<br />James Lyle (NIST, USA)</td></tr><tr><td></td><td><p><em><a href="proceedings/2-Schuster.pdf">Searching for Processes and Threads in Microsoft Windows Memory Dumps</a> </em>(<a href="proceedings/2-Schuster-pres.pdf">slides</a>)<em><br /></em>Andreas Schuster (Deutsche Telekom AG, Germany) <br /><strong>Best Paper Award </strong></p></td></tr><tr><td></td><td><em><a href="proceedings/3-Khanna.pdf">A Survey of Forensic Characterization Methods for Physical Devices</a> </em>(<a href="proceedings/3-Khanna-pres.pdf">slides</a>)<em><br /></em>Nitin Khanna, Aravind Mikkilineni, Anthony Martone, Gazi Ali, George Chiu, Jan Allebach, Ed Delp (Purdue University, USA) </td></tr><tr><td>11:45 – 1:15 </td><td>Lunch and Breakout Discussions </td></tr><tr><td valign="top">1:15 – 2:15 </td><td><p><strong>SESSION 2 (PANEL): </strong><em>Working Between Disciplines – Issues in Building the Digital Forensics Bridge From Computer Science to Judicial Science </em>(<a href="proceedings/Rogers_panel-pres.pdf">slides</a>)</p><p>Michael Losavio, Deborah Wilson, Adel Elmaghraby, James Graham, S. Srinivasan, David Elder, Marcus Rogers</p></td></tr><tr><td>2:15 – 2:30</td><td>Break</td></tr><tr><td>2:30 – 4:00</td><td><strong>SESSION 3: </strong>Frameworks (Chair: David Baker)</td></tr><tr><td> </td><td><em><a href="proceedings/4-Ieong.pdf">FORZA – Digital Forensics Investigation Framework That Incorporate Legal Issues</a></em> (<a href="proceedings/4-Ieong-pres.pdf">slides</a>)<br />Ricci Sze-Chung Ieong (eWalker Consulting Ltd., Hong Kong)</td></tr><tr><td></td><td><em><a href="proceedings/5-Brinson.pdf">A Cyber Forensics Ontology: Creating a New Approach to Studying Cyber Forensics</a></em> (<a href="proceedings/5-Brinson-pres.pdf">slides</a>)<br />Ashley N. Brinson, Abigail Robinson (Purdue University, USA) </td></tr><tr><td> </td><td><em><a href="proceedings/6-Harris.pdf">Arriving at an Anti-forensics Consensus: Examining How to Define and Control the Anti-forensics Problem</a></em> (<a href="proceedings/6-Harris-pres.pdf">slides</a>)<br />Ryan Harris (Purdue University, USA)</td></tr><tr><td>4:00 - 4:15 </td><td>Break </td></tr><tr><td>4:15 - 5:30</td><td><strong><a href="index.html#demos">Tool Demo / Poster Session (Chair: Todd Shipley)</a></strong> </td></tr><tr><td class="tbl_date" colspan="2"></td></tr><tr><td class="tbl_date" colspan="2">Tuesday, August 15, 2006</td></tr><tr><td>9:00 - 9:15</td><td>Administrative Remarks </td></tr><tr><td>9:15 – 10:45</td><td><strong>SESSION 4: </strong>Evidence Management (Chair: Brian Carrier)</td></tr><tr><td></td><td><em><a href="proceedings/7-Alink.pdf">XIRAF - Ultimate Forensic Querying</a></em> (<a href="proceedings/7-Alink-pres.pdf">slides</a>)<br />Wouter Alink, Raoul Bhoedjang (Netherlands Forensic Institute, Netherlands), Peter Boncz, Arjen de Vries (Centrum voor Wiskunde en Informatica, Netherlands)</td></tr><tr><td></td><td><em><a href="proceedings/8-Turner.pdf">Selective and Intelligent Imaging using Digital Evidence Bags</a></em> (<a href="proceedings/8-Turner-pres.pdf">slides</a>)<br />Philip Turner (QinetiQ, UK) </td></tr><tr><td></td><td><em><a href="proceedings/9-Lee.pdf">Detecting False Captioning Using Common Sense Reasoning</a> </em>(<a href="proceedings/9-Lee-pres.pdf">slides</a>)<em><br /></em>Sangwon Lee, David Ayman, Bruce Gooch (Northwestern University, USA) </td></tr><tr><td>10:45 - 11:00</td><td>Break</td></tr><tr><td>11:00 - 11:45 </td><td><strong>SESSION 5</strong>: Summary Reports (Chair: Vassil Roussev)</td></tr><tr><td></td><td><em>DFRWS Common Digital Evidence Storage Format (CDESF) Working Group </em></td></tr><tr><td></td><td><em>Knowledge Exploration, Analysis, and Discovery (KNEAD) Workshop</em> (<a href="proceedings/Maybury-pres.pdf">slides</a>)<br />Mark Maybury and Penny Chase (The MITRE Corporation, USA) </td></tr><tr><td>11:45 – 1:15</td><td>Lunch and Breakout Discussions </td></tr><tr><td>1:15 – 2:15</td><td><strong>SESSION 6: </strong>Evidence Correlation 1 (Chair: Wietse Venema) </td></tr><tr><td></td><td><em><a href="proceedings/10-Garfinkel.pdf">Cross-Drive Analysis</a> </em>(<a href="proceedings/10-Garfinkel-pres.pdf">slides</a>)<em><br /></em>Simson L. Garfinkel (Harvard, USA) </td></tr><tr><td></td><td><em><a href="proceedings/11-Roussev.pdf">md5bloom: Forensic Filesystem Hashing Revisited</a> </em>(<a href="proceedings/11-Roussev-pres.pdf">slides</a>)<em><br /></em>Vassil Roussev, Timothy Bourg, Yixin Chen, Golden G Richard (University of New Orleans, USA) </td></tr><tr><td>2:15 – 2:30 </td><td>Break</td></tr><tr><td>2:30 – 3:30 </td><td><strong>SESSION 7: </strong>Evidence Correlation 2 (Chair: Marcus Rogers) </td></tr><tr><td></td><td><em><a href="proceedings/12-Kornblum.pdf">Identifying Almost Identical Files Using Context Triggered Piecewise Hashing</a></em> (<a href="proceedings/12-Kornblum-pres.pdf">slides</a>)<br />Jesse Kornblum (ManTech, USA) </td></tr><tr><td></td><td><em><a href="proceedings/13-%20Schatz.pdf">A Correlation Method for Establishing Provenance of Timestamps in Digital Evidence</a></em> (<a href="proceedings/13-%20Schatz-pres.pdf">slides</a>)<br />Bradley Schatz, George Mohay, Andrew Clark (Queensland University of Technology, Australia) </td></tr><tr><td>3:30 - 3:45</td><td>Break</td></tr><tr><td>3:45 - 4:30 </td><td><strong>Presentations of Breakout Session Results (Panel Lead: Frank Adelstein)</strong></td></tr><tr><td>4:30 – 5:15</td><td><strong>Presentations of <a href="challenge/index.html">File Carving Challenge</a> Submissions</strong> (Lead: Brian Carrier)</td></tr><tr><td>5:30 – 7:00</td><td><strong>Banquet, <a href="challenge/index.html">File Carving Challenge</a> Winner, Best Paper Award </strong>(Sponsored by <a href="http://www.wetstonetech.com/">WetStone Technologies</a>) <strong><br /></strong>Prizes include copies of Gargoyle Enterprise from WetStone, copies of recent digital forensic books, and more. </td></tr><tr><td>7:00 - ... </td><td><a href="#rodeo">Forensic Rodeo</a> (Wrangler: Chet Hosmer)</td></tr><tr><td class="tbl_date" colspan="2"></td></tr><tr><td class="tbl_date" colspan="2">Wednesday, August 16, 2006</td></tr><tr><td>9:00 – 10:30</td><td><strong>SESSION 8: </strong>Clever Analysis (Chair: David Baker) </td></tr><tr><td></td><td><em><a href="proceedings/14-Jeyaraman.pdf">An Empirical Study of Automatic Event Reconstruction Systems</a></em> (<a href="proceedings/14-Jeyaraman-pres.pdf">slides</a>)<br />Sundararaman Jeyaraman (Purdue University, USA) </td></tr><tr><td></td><td><p><em><a href="proceedings/15-Rogers.pdf">Self-reported Computer Criminal Behavior: A Psychological Analysis</a></em> (<a href="proceedings/15-Rogers-pres.pdf">slides</a>) <br />Marcus Rogers (Purdue University, USA), Kathryn Seigfried (John Jay University, USA), Kirti Tidke (Purdue University, USA) </p></td></tr><tr><td></td><td><em><a href="proceedings/16-Carrier.pdf">Categories of Digital Investigation Analysis Techniques Based On The Computer History Model</a> </em>(<a href="proceedings/16-Carrier-pres.pdf">slides</a>)<em><br /></em>Brian D Carrier, Eugene Spafford (Purdue University, USA) </td></tr><tr><td>10:30 – 10:45 </td><td>Break</td></tr><tr><td valign="top">10:45 – 11:30</td><td><a href="#wip"><strong>Short Presentations / Works in Progress</strong></a> (Chair: Wietse Venema)<br />(5 mins each) </td></tr><tr><td valign="top">11:30 - 11:45 </td><td>Closing Comments </td></tr><tr><td valign="top">11:45 – 1:00</td><td><strong>Lunch / DFRWS 2007 Planning Session</strong></td></tr></tbody></table><h3></h3><h3>DFRWS Forensic Rodeo<a name="rodeo"></a></h3><p>The Forensic Rodeo has been a tradition at DFRWS for many years. After the banquet, attendees break into teams to tackle a digital forensic challenge. The first team to answer the questions wins. Historically, the challenges have been based on analyzing and recovering evidence from disk images. This year, the topic will be live analysis and the collection of evidence from a running system. At this point, that is all that we are saying. You are free to bring what ever tools you want...</p><h3>Short Presentations / Works in Progress<a name="wip"></a></h3><p>The Short Presentations / Works in Progress session is a forum open to anyone interested in presenting topics that would not merit a full time slot, perhaps because it is on-going work or it is at an early idea stage. The only limitations are on the time and number of slides, specifically 5 minutes and 2 slides (more time may be allotted depending on how many people sign up). Participants can use this time as a sounding board to judge the interest of other researchers or practitioners. Presentation slots will be allocated on a strictly first come, first serve basis. Talk to Daryl Pfeif anytime during the workshop to sign up for a slot; she will be managing the schedule.</p>页:
[1]