Difference between pages "SIM Cards" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (References)
 
(Conferences)
 
Line 1: Line 1:
[[Image:Simpic.jpg|thumb|A typical SIM card.]]
+
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
 +
Events should be posted in the correct section, and in date order. An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
 +
<i>Some conferences or training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
  
== SIM-Subscriber Identity Module ==
+
This is a BY DATE listing of upcoming conferences and training events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
  
The UICC (Universal Integrated Circuit Card) is a smart card which contains account information and memory that is used to enable GSM cellular telephonesOne of the applications running on the smart card is the SIM, or Subscriber Identity Module. In common parlance the term "UICC" is not used an the phrase "SIM" is used to describe the smart card itself.
+
This listing is divided into four sections (described as follows):<br>
 +
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
 +
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
 +
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
 +
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locationsThis would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Name, Date(s), Location(s), URL) (''note: this has been moved to its own page.'')<br></li></ol>
  
Because the SIM is just one of several applications running on the smart card, a given card could, in theory, contain multiple SIMs. This would allow multiple phone numbers or accounts to be accessed by a single UICC. This is seldom seen, though there is at least one "12-in-1" SIM card being advertised at present.
+
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv.
 +
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
 +
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
  
Early versions of the UICC used full-size smart cards (85mm x 54mm x 0.76mm). The card has since been shrunk to the standard size of 25mm x 15mm x 0.76mm.
+
== Calls For Papers ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! Title
 +
! Due Date
 +
! Website
 +
|-
 +
|International Workshop on Digital Forensics (WSDF’08) (ARES 2008)
 +
|Dec 1, 2007
 +
|http://www.ares-conference.eu/cfp/WSDF.pdf
 +
|-
 +
|ShmooCon
 +
|Dec 10, 2007
 +
|https://www.shmoocon.org/cfp.html
 +
|-
 +
|JDFSL - Special Issue on Security Issues in Online Communities
 +
|Dec 31, 2007
 +
|http://www.jdfsl.org/cfp-special-issue.htm
 +
|-
 +
|HTCIA/ASIS High Technology Crime Conference
 +
|Dec 31, 2007
 +
|http://htciatraining.org/papers.asp
 +
|-
 +
|International Association of Forensic Science Annual Meeting
 +
|Jan 01, 2008
 +
|http://www.iafs2008.com/abstracts/intro.asp
 +
|-
 +
|Usenix Annual Technical Conference
 +
|Jan 07, 2008 (11:59PM PST)
 +
|http://www.usenix.com/events/usenix08/cfp/
 +
|-
 +
|6th International Conference on Applied Cryptography and Network Security
 +
|Jan 14, 2008 (11:59PM EST)
 +
|http://acns2008.cs.columbia.edu/cfp.html
 +
|-
 +
|ADFSL 2008 Conference on Digital Forensics, Security and Law
 +
|Jan 15, 2008 (11:59PM EST)
 +
|http://www.digitalforensics-conference.org/callforpapers.htm
 +
|-
 +
|17th USENIX Security Symposium
 +
|Jan 30, 2008 (11:59 PM PST)
 +
|http://www.usenix.org/sec08/cfp/
 +
|-
 +
|Techno-Security 2008
 +
|May 04, 2008
 +
|http://www.techsec.com/html/TechnoPapers.html
 +
|-
 +
|Digital Forensic Research Workshop (DFRWS) 2008
 +
|Mar 17, 2008
 +
|http://www.dfrws.org/2008/cfp.shtml
 +
|-
 +
|}
  
 +
== Conferences ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! Title
 +
! Date/Location
 +
! Website
 +
|-
 +
|DeepSec IDSC
 +
|Nov 22-24, Vienna, Austria
 +
|http://deepsec.net/
 +
|-
 +
|Digital Forensic Forum Prague 2007
 +
|Nov 26-27, Prague, Czech Republic
 +
|http://www.dff-prague.com/
 +
|-
 +
|Association of AntiVirus Asia Researchers (AVAR) International Conference
 +
|Nov 28-30, Seoul, Korea
 +
|http://www.aavar.org/avar2007/index.html
 +
|-
 +
|PacSec Applied Security Conference
 +
|Nov 29-30, Tokyo, Japan
 +
|http://www.pacsec.jp/index.html
 +
|-
 +
|5th Australian Digital Forensics Conference
 +
|Dec 03, Edith Cowan University, Mount Lawley, WA, Australia
 +
|http://scissec.scis.ecu.edu.au/conferences2007/index.php?cf=1
 +
|-
 +
|HTCIA Asia Pacific Training Conference 2007
 +
|Dec 12-14, Hong Kong, China
 +
|http://2007.htcia.org.hk
 +
|-
 +
|SANS Security 2008
 +
|Jan 11-19, New Orleans, LA
 +
|http://www.sans.org/security08/
 +
|-
 +
|DoD Cyber Crime Conference 2008
 +
|Jan 13-18, St. Louis, MO
 +
|http://www.dodcybercrime.com/
 +
|-
 +
|e-Forensics 2008
 +
|Jan 21-23, Adelaide, SA, Australia
 +
|http://www.e-forensics.eu
 +
|-
 +
|4th Annual IFIP WG 11.9 International Conference on Digital Forensics
 +
|Jan 27-30, Kyoto, Japan
 +
|http://www.ifip119-kyoto.org/doku.php
 +
|-
 +
|Blackhat DC 2008 Briefings & Training
 +
|Feb 12-15, Washington, DC
 +
|http://www.blackhat.com/html/bh-link/briefings.html
 +
|-
 +
|ShmooCon
 +
|Feb 15-17, Washington, DC
 +
|http://www.shmoocon.org/
 +
|-
 +
|AAFS Annual Meeting 2008
 +
|Feb 18-23, Washington, DC
 +
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
 +
|-
 +
|International Workshop on Digital Forensics (WSDF’08) in Conjunction with ARES 2008
 +
|Mar 04–07, Polytechnic University of Catalonia, Barcelona, Spain
 +
|http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=45
 +
|-
 +
|CanSecWest Security Conference 2008
 +
|Mar 19-21, Vanouver, BC, Canada
 +
|http://cansecwest.com/
 +
|-
 +
|Blackhat Europe 2008 Briefings & Training
 +
|Mar 25-28, Amsterdam, Netherlands
 +
|http://www.blackhat.com/html/bh-link/briefings.html
 +
|-
 +
|ADFSL 2008 Conference on Digital Forensics, Security and Law
 +
|Apr 23-25, Oklahoma City, OK
 +
|http://www.digitalforensics-conference.org
 +
|-
 +
|Microsoft Law Enforcement Tech Conference 2008
 +
|Apr 28-30, Redmond, Washington
 +
|-
 +
|HTCIA/ASIS High Technology Crime Conference
 +
|May 06-08, San Francisco, CA
 +
|http://htciatraining.org/general_info.asp
 +
|-
 +
|EuSecWest Security Conference 2008
 +
|May 21-22, London, England
 +
|http://eusecwest.com/
 +
|-
 +
|Techno-Security 2008
 +
|Jun 01-04, Myrtle Beach, SC
 +
|http://www.techsec.com/html/Techno2008.html
 +
|-
 +
|6th International Conference on Applied Cryptography and Network Security
 +
|Jun 03-06, Columbia University, New York City, NY
 +
|http://acns2008.cs.columbia.edu/
 +
|-
 +
|Usenix Annual Technical Conference
 +
|Jun 22-27, Boston, MA
 +
|http://www.usenix.com/events/usenix08/
 +
|-
 +
|International Association of Forensic Sciences Annual Meeting
 +
|Jul 21-26, New Orleans, LA
 +
|http://www.iafs2008.com/
 +
|-
 +
|17th USENIX Security Symposium
 +
|Jul 28-Aug 01, San Jose, CA
 +
|http://www.usenix.org/events/sec08/
 +
|-
 +
|Blackhat USA 2008 Briefings & Training
 +
|Aug 02-07, Las Vegas, NV
 +
|http://www.blackhat.com/html/bh-link/briefings.html
 +
|-
 +
|Defcon 16
 +
|Aug 08-10, Las Vegas, NV
 +
|http://www.defcon.org
 +
|-
 +
|Digital Forensic Research Workshop
 +
|Aug 11-13, Baltimore, MD
 +
|http://www.dfrws.org
 +
|-
 +
|}
  
Although UICC cards traditionally held just 16 to 64KB of memory, the recent trend has been to produce SIM cards with larger storage capacities, ranging from 512MB up to [http://www.m-systems.com/site/en-US/ M-Systems'] 1GB SIM Card slated for release in late 2006.
+
== On-going / Continuous Training ==
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
== ICCID ==
+
|- style="background:#bfbfbf; font-weight: bold"
 
+
! Title
Each SIM is internationally identified by its ICC-ID (Integrated Circuit Card ID). ICC-IDs are stored in the SIM card and can also be engraved or printed on the SIM card’s body during a process called personalization. The number is up to 18 digits long with an addition of a single “check digit” that is used for error detection.  This single digit allows us to detect an input error of digits, mistyped digits or a permutation of two successive digits.  This digit was calculated using the Luhn algorithm.
+
! Date/Location or Venue
 
+
! Website
A typical SIM (19 digits) example 89 91 10 1200 00 320451 0, provide several details as follows:
+
|-
 
+
|Basic Computer Examiner Course - Computer Forensic Training Online
*The first two digits (89 in the example) refers to the Telecom Id.
+
|Distance Learning Format
*The next two digits (91 in the example) refers to the country code (91-India).
+
|http://www.cftco.com
*The next two digits (10 in the example) refers to the network code.
+
|-
*The next four digits (1200 in the example) refers to the month and year of manufacturing.
+
|Linux Data Forensics Training
*The next two digits (00 in the example) refers to the switch configuration code.
+
|Distance Learning Format
*The next six digits (320451 in the example) refers to the SIM number.
+
|http://www.crazytrain.com/training.html
*The last digit which is separated from the rest is called the “check digit”.
+
|-
 
+
|SANS On-Demand Training
 
+
|Distance Learning Format
These digits can be further grouped for additional information:
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
*The first 3 to 4 digits represents the Mobile Country Code (MCC) (Some cards only have 3 digits to represent the Telecom ID and country code.)
+
|-
*The next 2 digits represent the Mobile Network Code (MNC, AKA the mobile operator)
+
|MaresWare Suite Training
*The next 12 digits is the number represent the Home Location Register
+
|First full week every month, Atlanta, GA
*And mentioned above, the “check digit”
+
|http://www.maresware.com/maresware/training/maresware.htm
 
+
|-
== Location Area Identity==
+
|Evidence Recovery for Windows Vista&trade;
 
+
|First full week every month, Brunswick, GA
Operation networks for cell phone devices are divided into area locations called Location Areas.  Each location is identified with its own unique identification number creating the LAI (Location Area Identity).  A phone will store this number on its SIM card so it knows what location it’s in and to be able to receive service.  If a phone were to change to a new Location Area, it stores the new LAI in the SIM card, adding to a list of all the previous LAIs it has been in.  This way if a phone is powered down, when it boots back up, it can search its list of LAIs it has stored until it finds the one its in and can start to receive service again.  This is much quicker than scanning the whole list of frequencies that a telephone can have access on. 
+
|http://www.internetcrimes.net
This is a real plus for forensic investigators because when a SIM card is reviewed, they can get a general idea of where the SIM card has been geographically.  In turn this tells them where the phone has been and can then relate back to where the individual who owns the phone has been. 
+
|-
 
+
|Evidence Recovery for Windows Server&reg; 2003 R2
== SIM Security ==
+
|Second full week every month, Brunswick, GA
 
+
|http://www.internetcrimes.net
Information inside the UICC can be protected with a PIN and a PUK.
+
|-
 
+
|Evidence Recovery for the Windows XP&trade; operating system
A PIN locks the SIM card until correct code is entered. Each phone network sets the PIN of SIM to a standard default number (this can be changed via handset). If PIN protection is enabled, the PIN will need to be entered each time phone is switched on. If the PIN is entered incorrectly 3 times in a row, the SIM card will be blocked requiring a PUK from the network/service provider.
+
|Third full week every month, Brunswick, GA
 
+
|http://www.internetcrimes.net
A PUK is needed if the PIN is entered incorrectly 3 times and the SIM is blocked (phone is unable to make and receive calls/texts). The PUK can be received from the network provider, or possibly the GSM cell phone manual. '''Caution:''' if PUK is entered 10 times incorrectly, the SIM card is permanently disabled and must be exchanged.
+
|-
 
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
== SIM Forensics ==
+
|Third weekend of every month (Fri-Mon), Dallas, TX
 
+
|http://www.md5group.com
The data that a SIM card can provide the forensics examiner can be invaluable to an investigation. Acquiring a SIM card allows a large amount of information that the suspect has dealt with over the phone to be investigated.
+
|-
 
+
|}
In general, some of this data can help an investigator determine:
+
==[[Scheduled Training Courses]]==
* Phone numbers of calls made/received
+
* Contacts
+
* [[SMS]] details (time/date, recipient, etc.)
+
* SMS text (the message itself)
+
 
+
There are many software solutions that can help the examiner to acquire the information from the SIM card. Several products include 3GForensics SIMIS [http://www.3gforensics.co.uk/products.htm], Inside Out's [http://simcon.no/ SIMCon], or SIM Content Controller, and Paraben Forensics' [http://www.paraben-forensics.com/catalog/product_info.php?products_id=289 SIM Card Seizure].
+
 
+
The SIM file system is hierarchical in nature consisting of 3 parts:
+
*Master File (MF) - root of the file system that contains
+
DF’s and EF’s
+
*Dedicated File (DF)
+
*Elementary Files (EF)
+
 
+
 
+
=== Data Acquisition ===
+
 
+
These software titles can extract such technical data from the SIM card as:
+
 
+
* '''International Mobile Subscriber Identity (IMSI)''': A unique identifying number that identifies the phone/subscription to the [[GSM]] network
+
* '''Mobile Country Code (MCC)''': A three-digit code that represents the SIM card's country of origin
+
* '''Mobile Network Code (MNC)''': A two-digit code that represents the SIM card's home network
+
* '''Mobile Subscriber Identification Number (MSIN)''': A unique ten-digit identifying number that identifies the specific subscriber to the GSM network
+
* '''Mobile Subscriber International ISDN Number (MSISDN)''': A number that identifies the phone number used by the headset
+
* '''Abbreviated Dialing Numbers (ADN)''': Telephone numbers stored in sims memory
+
* '''Last Dialed Numbers (LDN)'''
+
* '''Short Message Service (SMS)''': Text Messages
+
* '''Public Land Mobile Network (PLMN) selector'''
+
* '''Forbidden PLMNs'''
+
* '''Location Information (LOCI)'''
+
* '''General Packet Radio Service (GPRS) location'''
+
* '''Integrated Circuit Card Identifier (ICCID)'''
+
* '''Service Provider Name (SPN)'''
+
* '''Phase Identification'''
+
* '''SIM Service Table (SST)'''
+
* '''Language Preference (LP)'''
+
* '''Card Holder Verification (CHV1) and (CHV2)'''
+
* '''Broadcast Control Channels (BCCH)'''
+
* '''Ciphering Key (Kc)'''
+
* '''Ciphering Key Sequence Number'''
+
* '''Emergency Call Code'''
+
* '''Fixed Dialing Numbers (FDN)'''
+
* '''Forbidden PLMNs'''
+
* '''Local Area Identitity (LAI)'''
+
* '''Own Dialing Number'''
+
* '''Temporary Mobile Subscriber Identity (TMSI)'''
+
* '''Routing Area Identifier (RIA) netowrk code'''
+
* '''Service Dialing Numbers (SDNs)'''
+
* '''Service Provider Name'''
+
* '''Depersonalizatoin Keys'''
+
 
+
This information can be used to contact the service provider to obtain even more information than is stored on the SIM card.
+
 
+
== USIM-Universal Subscriber Identity Module ==
+
 
+
A Universal Subscriber Identity Module is an application for UMTS mobile telephony running on a UICC smart card which is inserted in a 3G mobile phone. There is a common misconception to call the UICC card itself a USIM, but the USIM is merely a logical entity on the physical card.
+
 
+
It stores user subscriber information, authentication information and provides storage space for text messages and phone book contacts. The phone book on a UICC has been greatly enhanced.
+
 
+
For authentication purposes, the USIM stores a long-term preshared secret key K, which is shared with the Authentication Center (AuC) in the network. The USIM also verifies a sequence number that must be within a range using a window mechanism to avoid replay attacks, and is in charge of generating the session keys CK and IK to be used in the confidentiality and integrity algorithms of the KASUMI block cipher in Universal Mobile Telecommunications System (UMTS).
+
 
+
In Mobile Financial Services, USIM seems to be a mandetory Security Element for user authentication, authorization and stored credentials. With the integration of NFC Handset and USIM, users will be able to make proximity payments where the NFS handset enables contactless payment and USIM enables independent security element.
+
This is the evolution of the SIM for 3G devices. It can allow for multiple phone numbers to be assigned to the USIM, thus giving more than one phone number to a device.
+
 
+
== Service Provider Data ==
+
 
+
Some additional information the service provider might store:
+
 
+
* A customer database
+
* [[Call Detail Record]]s (CDR)
+
* [[Home Location Register]] (HLR)
+
 
+
 
+
== Service Providers that use SIM Cards in the United States ==
+
* T-Mobile
+
* Cingular/AT&T
+
 
+
== Sim Card Text Encoding ==
+
 
+
Originally the middle-European [[GSM]] network used only a 7-bit code derived from the basic [[ASCII]] code. However as GSM spread worldwide it was concluded that more characters, such as the major characters of all living languages, should be able to be represented on GSM phones. Thus, there was a movement towards a 16-bit code known as [[UCS-2]] which is now the standard in GSM text encoding. This change in encoding can make it more difficult to accurately obtain data form [[SIM cards]] of the older generation which use the 7-bit encoding. This encoding is used to compress the hexadecimal size of certain elements of the SIMs data, particularly in [[SMS]] and [[Abbreviated Dialing Numbers]].
+
 
+
== Authentication Key (Ki) ==
+
The authentication key or Ki is a 128 bit key used in the authentication and cipher key generation process. In a nutshell, the key is used to authenticate the SIM on the GSM network. Each SIM contains this key which is assigned to it by the operator during the personalization process. The SIM card is specially designed so the Ki can't be compromised using a smart-card interface. However, flaws in the GSM cryptography have been discovered that do allow the extraction of the Ki from the SIM card, and essentially SIM card duplication.
+
 
+
== See also ==
+
 
+
* [[SIM Card Forensics]]
+
 
+
== References ==
+
 
+
* [http://www.simcon.no/ SIMCon]
+
* [[SIM Explorer]]
+
* [http://www.sectorforensics.co.uk/sim-examination.shtml Sector Forensics]
+
* [http://www.utica.edu/academic/institutes/ecii/ijde/articles.cfm?action=issue&id=5  IJDE Spring 2003 Volume 2, Issue 1 ]: [http://www.utica.edu/academic/institutes/ecii/publications/articles/A0658858-BFF6-C537-7CF86A78D6DE746D.pdf Forensics and the GSM Mobile Telephone System] (PDF)
+
* http://en.wikipedia.org/wiki/Subscriber_Identity_Module
+
* [http://www.utica.edu/academic/institutes/ecii/publications/articles/EFE3EDD5-0AD1-6086-28804D3C49D798A0.pdf Forensics and SIM cards: an Overview] (PDF)
+

Revision as of 23:30, 25 November 2007

PLEASE READ BEFORE YOU EDIT THE LISTS BELOW
Events should be posted in the correct section, and in date order. An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training). When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some conferences or training opportunities may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

This is a BY DATE listing of upcoming conferences and training events relevant to digital forensics. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic conferences page, but entries in this list have specific dates and locations for the upcoming event.

This listing is divided into four sections (described as follows):

  1. Calls For Papers - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)

  2. Conferences - Conferences relevant for Digital Forensics (Name, Date, Location, URL)

  3. On-Going / Continuous Training - Training opportunities that are either always available online/distance learning format or that are offered the same time every month (Name, date-if applicable, URL)

  4. Scheduled Training Courses - Training Classes/Courses that are scheduled for specific dates/locations. This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Name, Date(s), Location(s), URL) (note: this has been moved to its own page.)

The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST) Requests for additions, deletions or corrections to this list may be sent by email to David Baker (bakerd AT mitre.org).

Calls For Papers

Title Due Date Website
International Workshop on Digital Forensics (WSDF’08) (ARES 2008) Dec 1, 2007 http://www.ares-conference.eu/cfp/WSDF.pdf
ShmooCon Dec 10, 2007 https://www.shmoocon.org/cfp.html
JDFSL - Special Issue on Security Issues in Online Communities Dec 31, 2007 http://www.jdfsl.org/cfp-special-issue.htm
HTCIA/ASIS High Technology Crime Conference Dec 31, 2007 http://htciatraining.org/papers.asp
International Association of Forensic Science Annual Meeting Jan 01, 2008 http://www.iafs2008.com/abstracts/intro.asp
Usenix Annual Technical Conference Jan 07, 2008 (11:59PM PST) http://www.usenix.com/events/usenix08/cfp/
6th International Conference on Applied Cryptography and Network Security Jan 14, 2008 (11:59PM EST) http://acns2008.cs.columbia.edu/cfp.html
ADFSL 2008 Conference on Digital Forensics, Security and Law Jan 15, 2008 (11:59PM EST) http://www.digitalforensics-conference.org/callforpapers.htm
17th USENIX Security Symposium Jan 30, 2008 (11:59 PM PST) http://www.usenix.org/sec08/cfp/
Techno-Security 2008 May 04, 2008 http://www.techsec.com/html/TechnoPapers.html
Digital Forensic Research Workshop (DFRWS) 2008 Mar 17, 2008 http://www.dfrws.org/2008/cfp.shtml

Conferences

Title Date/Location Website
DeepSec IDSC Nov 22-24, Vienna, Austria http://deepsec.net/
Digital Forensic Forum Prague 2007 Nov 26-27, Prague, Czech Republic http://www.dff-prague.com/
Association of AntiVirus Asia Researchers (AVAR) International Conference Nov 28-30, Seoul, Korea http://www.aavar.org/avar2007/index.html
PacSec Applied Security Conference Nov 29-30, Tokyo, Japan http://www.pacsec.jp/index.html
5th Australian Digital Forensics Conference Dec 03, Edith Cowan University, Mount Lawley, WA, Australia http://scissec.scis.ecu.edu.au/conferences2007/index.php?cf=1
HTCIA Asia Pacific Training Conference 2007 Dec 12-14, Hong Kong, China http://2007.htcia.org.hk
SANS Security 2008 Jan 11-19, New Orleans, LA http://www.sans.org/security08/
DoD Cyber Crime Conference 2008 Jan 13-18, St. Louis, MO http://www.dodcybercrime.com/
e-Forensics 2008 Jan 21-23, Adelaide, SA, Australia http://www.e-forensics.eu
4th Annual IFIP WG 11.9 International Conference on Digital Forensics Jan 27-30, Kyoto, Japan http://www.ifip119-kyoto.org/doku.php
Blackhat DC 2008 Briefings & Training Feb 12-15, Washington, DC http://www.blackhat.com/html/bh-link/briefings.html
ShmooCon Feb 15-17, Washington, DC http://www.shmoocon.org/
AAFS Annual Meeting 2008 Feb 18-23, Washington, DC http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
International Workshop on Digital Forensics (WSDF’08) in Conjunction with ARES 2008 Mar 04–07, Polytechnic University of Catalonia, Barcelona, Spain http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=45
CanSecWest Security Conference 2008 Mar 19-21, Vanouver, BC, Canada http://cansecwest.com/
Blackhat Europe 2008 Briefings & Training Mar 25-28, Amsterdam, Netherlands http://www.blackhat.com/html/bh-link/briefings.html
ADFSL 2008 Conference on Digital Forensics, Security and Law Apr 23-25, Oklahoma City, OK http://www.digitalforensics-conference.org
Microsoft Law Enforcement Tech Conference 2008 Apr 28-30, Redmond, Washington
HTCIA/ASIS High Technology Crime Conference May 06-08, San Francisco, CA http://htciatraining.org/general_info.asp
EuSecWest Security Conference 2008 May 21-22, London, England http://eusecwest.com/
Techno-Security 2008 Jun 01-04, Myrtle Beach, SC http://www.techsec.com/html/Techno2008.html
6th International Conference on Applied Cryptography and Network Security Jun 03-06, Columbia University, New York City, NY http://acns2008.cs.columbia.edu/
Usenix Annual Technical Conference Jun 22-27, Boston, MA http://www.usenix.com/events/usenix08/
International Association of Forensic Sciences Annual Meeting Jul 21-26, New Orleans, LA http://www.iafs2008.com/
17th USENIX Security Symposium Jul 28-Aug 01, San Jose, CA http://www.usenix.org/events/sec08/
Blackhat USA 2008 Briefings & Training Aug 02-07, Las Vegas, NV http://www.blackhat.com/html/bh-link/briefings.html
Defcon 16 Aug 08-10, Las Vegas, NV http://www.defcon.org
Digital Forensic Research Workshop Aug 11-13, Baltimore, MD http://www.dfrws.org

On-going / Continuous Training

Title Date/Location or Venue Website
Basic Computer Examiner Course - Computer Forensic Training Online Distance Learning Format http://www.cftco.com
Linux Data Forensics Training Distance Learning Format http://www.crazytrain.com/training.html
SANS On-Demand Training Distance Learning Format http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
MaresWare Suite Training First full week every month, Atlanta, GA http://www.maresware.com/maresware/training/maresware.htm
Evidence Recovery for Windows Vista™ First full week every month, Brunswick, GA http://www.internetcrimes.net
Evidence Recovery for Windows Server® 2003 R2 Second full week every month, Brunswick, GA http://www.internetcrimes.net
Evidence Recovery for the Windows XP™ operating system Third full week every month, Brunswick, GA http://www.internetcrimes.net
Computer Forensics Training and CCE™ Testing for Litigation Support Professionals Third weekend of every month (Fri-Mon), Dallas, TX http://www.md5group.com

Scheduled Training Courses