Difference between pages "Linux Memory Analysis" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Calls For Papers)
 
Line 1: Line 1:
The output of a [[Tools:Memory_Imaging|memory acquisition tool]] is a memory image which contains the raw physical memory of a systemA wide variety of tools can be used to search for strings or other patterns in a memory image, but to extract higher-level information about the state of the system a memory analysis tool is required.
+
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
 +
When events begin the same day, events of a longer length should be listed firstNew postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
 +
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
  
==Linux Memory Analysis Tools==
+
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
  
Active Open Source Projects:
+
This listing is divided into three sections (described as follows):<br>
* The [https://www.volatilesystems.com/default/volatility Volatility Framework] is a collection of tools, implemented in Python, for the extraction of digital artifacts from volatile memory (RAM) samples.  See the [http://code.google.com/p/volatility/wiki/LinuxMemoryForensics LinuxMemoryForensics] page on the Volatility wiki.  (Availability/License: GNU GPL)
+
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
* The [http://people.redhat.com/anderson/ Red Hat Crash Utility] is an extensible Linux kernel core dump analysis program.  Although designed as a debugging tool, it also has been utilized for memory forensics.  See, for example, the [http://volatilesystems.blogspot.com/2008/07/linux-memory-analysis-one-of-major.html 2008 DFRWS challenge write-up by AAron Walters].  (Availability/License: GNU GPL)
+
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
 +
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
  
Commercial Products:
+
== Calls For Papers ==
* [[Second Look]] provides memory acquisition and analysis tools for Linux incident response and enterprise security.  Its major differentiators versus Volatility are malware detection via integrity verification of the kernel and running processes, ease of use (automatic kernel version detection, a graphical user interface, etc.), and enterprise scalability (including live analysis of remote systems via a memory access agent). (Availability/License: commercial)
+
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
  
Inactive Open Source and Research Projects:
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
* The [http://4tphi.net/fatkit/ Forensic Analysis Toolkit (FATKit)] is a cross-platform, modular, and extensible digital investigation framework for analyzing volatile system memory.  (Publication Date: 2006; Availability/License: not available)
+
|- style="background:#bfbfbf; font-weight: bold"
* [http://hysteria.sk/~niekt0/foriana/ Foriana] is tool for extraction of information such as the process and modules lists from a RAM image using logical relations between OS structures. (Availability/License: GNU GPL)
+
! width="30%|Title
* [http://code.google.com/p/draugr/ Draugr] is a Linux memory forensics tool written in Python. (Availability/License: GNU GPL)
+
! width="15%"|Due Date
* [http://code.google.com/p/volatilitux/ Volatilitux] is another Linux memory forensics tool written in Python. (Availability/License: GNU GPL)
+
! width="15%"|Notification Date
* Idetect (Linux) http://forensic.seccure.net/ is an older implementation of Linux memory analysis.
+
! width="40%"|Website
 +
|-
 +
|DFRWS-Europe 2014
 +
|Dec 01, 2013
 +
|Mar 01, 2014
 +
|http://www.dfrws.org/2014eu/index.shtml
 +
|-
 +
|8th International Conference on IT Security Incident Management & IT Forensics - IMF2014
 +
|Dec 01, 2013
 +
|Jan 31, 2014
 +
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/cfp.html
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Dec 01, 2013
 +
|Feb 25, 2014
 +
|http://www.dsn.org/
 +
|-
 +
|CyberPatterns 2014
 +
|Jan 03, 2014
 +
|Jan 17, 2014
 +
|http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jan 10, 2014
 +
|Mar 14, 2014
 +
|http://acns2014.epfl.ch/callpapers.php
 +
|-
 +
|USENIX Annual Technical Conference
 +
|Jan 28, 2014
 +
|Apr 07, 2014
 +
|https://www.usenix.org/conference/atc14/call-for-papers
 +
|-
 +
|Audio Engineering Society (AES) Conference on Audio Forensics
 +
|Jan 31, 2014
 +
|Mar 15, 2014
 +
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
 +
|-
 +
|DFRWS - USA 2014
 +
|Feb 13, 2014
 +
|Apr 07, 2014
 +
|http://dfrws.org/2014/cfp.shtml
 +
|-
 +
|}
  
==Linux Memory Analysis Challenges==
+
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
  
* The [[Digital Forensic Research Workshop]] [http://dfrws.org/2008/challenge/index.shtml 2008 Forensics Challenge] focused on the development of Linux memory analysis techniques and the fusion of evidence from memory, hard disk, and network.
+
== Conferences ==
* [http://communaute.sstic.org/ChallengeSSTIC2010 Challenge SSTIC 2010] (French) dealt with analysis of physical memory from a mobile device running Android.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
* [http://www.honeynet.org/challenges/2011_7_compromised_server Challenge 7 of the Honeynet Project's Forensic Challenge 2011] included forensic analysis of a memory image from a potentially compromised Linux server.
+
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|2013 International Conference on Information and Communications Security
 +
|Nov 20-22<br>Beijing, China
 +
|http://icsd.i2r.a-star.edu.sg/icics2013/index.php
 +
|-
 +
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
 +
|Nov 21-22<br>Hong Kong, China
 +
|http://conf.ncku.edu.tw/sadfe/sadfe13/
 +
|-
 +
|Black Hat-Regional Summit
 +
|Nov 26-27<br>Sao Paulo, Brazil
 +
|https://www.blackhat.com/sp-13
 +
|-
 +
| Botconf'13 - First Botnet Fighting Conference
 +
| Dec 05-06<br>Nantes, France
 +
|https://www.botconf.eu/
 +
|-
 +
|29th Annual Computer Security Applications Conference (ACSAC)
 +
|Dec 09-13<br>New Orleans, LA, USA
 +
|http://www.acsac.org
 +
|-
 +
|IFIP WG 11.9 International Conference on Digital Forensics
 +
|Jan 08-10<br>Vienna, Austria
 +
|http://www.ifip119.org/Conferences/
 +
|-
 +
|AAFS 66th Annual Scientific Meeting
 +
|Feb 17-22<br>Seattle, WA, USA
 +
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
 +
|-
 +
|21st Network & Distributed System Security Symposium
 +
|Feb 23-26<br>San Diego, CA, USA
 +
|http://www.internetsociety.org/events/ndss-symposium
 +
|-
 +
|Fourth ACM Conference on Data and Application Security and Privacy 2014
 +
|Mar 03-05<br>San Antonio, TX, USA
 +
|http://www1.it.utsa.edu/codaspy/
 +
|-
 +
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
 +
|Mar 24-25<br>West Lafayette, IN, USA
 +
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
 +
|-
 +
|CyberPatterns 2014
 +
|Apr 11<br>Oxford, United Kingdom
 +
|http://tech.brookes.ac.uk/CyberPatterns2014/
 +
|-
 +
|DFRWS-Europe 2014
 +
|May 07-09<br>Amsterdam, Netherlands
 +
|http://dfrws.org/2014eu/index.shtml
 +
|-
 +
|8th International Conference on IT Security Incident Management & IT Forensics
 +
|May 12-14<br>Muenster, Germany
 +
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
 +
|-
 +
|2014 IEEE Symposium on Security and Privacy
 +
|May 16-23<br>Berkley, CA, USA
 +
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
 +
|-
 +
|Techno-Security and Forensics Conference
 +
|Jun 01-04<br>Myrtle Beach, SC, USA
 +
|http://www.techsec.com/html/Security%20Conference%202014.html
 +
|-
 +
|Mobile Forensics World
 +
|Jun 01-04<br>Myrtle Beach, SC, USA
 +
|http://www.techsec.com/html/MFC-2014-Spring.html
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jun 10-13<br>Lausanne, Switzerland
 +
|http://acns2014.epfl.ch/
 +
|-
 +
|54th Conference on Audio Forensics
 +
|Jun 12-14<br>London, England
 +
|http://www.aes.org/conferences/54/
 +
|-
 +
|2014 USENIX Annual Technical Conference
 +
|Jun 19-20<br>Philadelphia, PA, USA
 +
|https://www.usenix.org/conference/atc14
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Jun 23-26<br>Atlanta, GA, USA
 +
|http://www.dsn.org/
 +
|-
 +
|Symposium On Usable Privacy and Security (SOUPS) 2014
 +
|Jul 09-11<br>Menlo Park, CA, USA
 +
|http://cups.cs.cmu.edu/soups/2013/
 +
|-
 +
|Black Hat USA 2014
 +
|Aug 02-07<br>Las Vegas, NV, USA
 +
|https://www.blackhat.com
 +
|-
 +
|DFRWS 2014
 +
|Aug 03-06<br>Denver, CO, USA
 +
|http://dfrws.org/2014/index.shtml
 +
|-
 +
|RCFG GMU 2014
 +
|Aug 04-08<br>Fairfax, VA, USA
 +
|http://www.rcfg.org/gmu/
 +
|-
 +
|23rd USENIX Security Symposium
 +
|Aug 20-22<br>San Diego, CA, USA
 +
|https://www.usenix.org/conferences
 +
|-
 +
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
 +
|Oct 06-10<br>Coeur d’Alene, ID, USA
 +
|http://www.leva.org/annual-training-conference/
 +
|-
 +
|}
  
==Linux Memory Images==
+
==See Also==
 
+
* [[Training Courses and Providers]]
Aside from those in the challenges referenced above, sample Linux memory images can also be found on the Second Look web site at http://secondlookforensics.com/images.html.
+
==References==
 
+
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
==Linux Memory Analysis Bibliography==
+
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
* [http://forensic.seccure.net/pdf/mburdach_digital_forensics_of_physical_memory.pdf Digital Forensics of the Physical Memory] M. Burdach, March 2005.
+
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
* [http://www.usenix.org/events/usenix05/tech/freenix/full_papers/movall/movall.pdf Linux Physical Memory Analysis], Paul Movall, Ward Nelson, Shaun Wetzstein; Usenix, 2005.
+
* [http://cisr.nps.edu/downloads/theses/06thesis_urrea.pdf An Analysis Of Linux RAM Forensics], J.M. Urrea, Masters Thesis, Naval Postgraduate School, 2006.
+
* [http://volatilesystems.blogspot.com/2008/07/linux-memory-analysis-one-of-major.html Linux Memory Forensics for DFRWS Challenge 2008 using Volatility, Crash, and PyFlag], by AAron Walters on the Volatile Systems Blog.
+
* [http://www.dfrws.org/2008/proceedings/p65-case.pdf FACE: Automated digital evidence discovery and correlation], Andrew Case, Andrew Cristina, Lodovico Marziale, Golden G. Richard, Vassil Roussev, DFRWS 2008
+
* [http://esiea-recherche.eu/~desnos/papers/slidesdraugr.pdf Linux Live Memory Forensics], a presentation by Desnos Anthony describing the implementation of draugr, 2009.
+
* [http://is.cuni.cz/studium/dipl_st/index.php?doo=detail&did=48540 Forensic RAM Dump Image Analyzer] by Ivor Kollar, describing the implementation of foriana, 2009.
+
* [http://www.dfrws.org/2010/proceedings/2010-305.pdf Treasure and tragedy in kmem_cache mining for live forensics investigation] by Andrew Case, Lodovico Marziale, Cris Neckar, Golden G. Richard III; Digital Investigation, Volume 7, Supplement 1, The Proceedings of the Tenth Annual DFRWS Conference, August 2010.  [http://www.dfrws.org/2010/proceedings/richard2.pdf (Presentation)]
+
* [http://secondlookforensics.com/ Second Look Web Page]
+
* [http://blackhat.com/html/bh-dc-11/bh-dc-11-archives.html#Case De-Anonymizing Live CDs through Physical Memory Analysis] ([https://media.blackhat.com/bh-dc-11/Case/BlackHat_DC_2011_Case_De-Anonymizing_Live_CDs-wp.pdf Whitepaper]) ([https://media.blackhat.com/bh-dc-11/Case/BlackHat_DC_2011_Case_De-Anonymizing%20Live%20CDs-Slides.pdf Slides]) Andrew Case; Blackhat DC 2011.
+
* [http://dfsforensics.blogspot.com/2011/03/bringing-linux-support-to-volatility.html Bringing Linux Support to Volatility], Andrew Case; Digital Forensics Solutions Blog, 2011.
+
* [http://blackhat.com/html/bh-us-11/bh-us-11-briefings.html#Case Workshop - Linux Memory Analysis with Volatility] ([http://www.digitalforensicssolutions.com/papers/blackhat-workshop-full-presentation.pdf Slides]) Andrew Case; Blackhat Vegas 2011.
+
 
+
Volatility Mailing List Threads on Support for Linux:
+
* http://lists.volatilesystems.com/pipermail/vol-users/2010-January/thread.html#143
+
* http://lists.volatilesystems.com/pipermail/vol-dev/2010-September/thread.html#112
+
 
+
[[Category:Memory Analysis]]
+

Revision as of 08:11, 19 November 2013

PLEASE READ BEFORE YOU EDIT THE LISTS BELOW
When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some events may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

This is a BY DATE listing of upcoming events relevant to digital forensics. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic conferences page, but entries in this list have specific dates and locations for the upcoming event.

This listing is divided into three sections (described as follows):

  1. Calls For Papers - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)

  2. Conferences - Conferences relevant for Digital Forensics (Name, Date, Location, URL)

  3. Training Courses and Providers - Training

Calls For Papers

Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.

Title Due Date Notification Date Website
DFRWS-Europe 2014 Dec 01, 2013 Mar 01, 2014 http://www.dfrws.org/2014eu/index.shtml
8th International Conference on IT Security Incident Management & IT Forensics - IMF2014 Dec 01, 2013 Jan 31, 2014 http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/cfp.html
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Dec 01, 2013 Feb 25, 2014 http://www.dsn.org/
CyberPatterns 2014 Jan 03, 2014 Jan 17, 2014 http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
12th International Conference on Applied Cryptography and Network Security Jan 10, 2014 Mar 14, 2014 http://acns2014.epfl.ch/callpapers.php
USENIX Annual Technical Conference Jan 28, 2014 Apr 07, 2014 https://www.usenix.org/conference/atc14/call-for-papers
Audio Engineering Society (AES) Conference on Audio Forensics Jan 31, 2014 Mar 15, 2014 http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
DFRWS - USA 2014 Feb 13, 2014 Apr 07, 2014 http://dfrws.org/2014/cfp.shtml

See also WikiCFP 'Forensics'

Conferences

Title Date/Location Website
2013 International Conference on Information and Communications Security Nov 20-22
Beijing, China
http://icsd.i2r.a-star.edu.sg/icics2013/index.php
8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) Nov 21-22
Hong Kong, China
http://conf.ncku.edu.tw/sadfe/sadfe13/
Black Hat-Regional Summit Nov 26-27
Sao Paulo, Brazil
https://www.blackhat.com/sp-13
Botconf'13 - First Botnet Fighting Conference Dec 05-06
Nantes, France
https://www.botconf.eu/
29th Annual Computer Security Applications Conference (ACSAC) Dec 09-13
New Orleans, LA, USA
http://www.acsac.org
IFIP WG 11.9 International Conference on Digital Forensics Jan 08-10
Vienna, Austria
http://www.ifip119.org/Conferences/
AAFS 66th Annual Scientific Meeting Feb 17-22
Seattle, WA, USA
http://www.aafs.org/aafs-66th-annual-scientific-meeting
21st Network & Distributed System Security Symposium Feb 23-26
San Diego, CA, USA
http://www.internetsociety.org/events/ndss-symposium
Fourth ACM Conference on Data and Application Security and Privacy 2014 Mar 03-05
San Antonio, TX, USA
http://www1.it.utsa.edu/codaspy/
9th International Conference on Cyber Warfare and Security (ICCWS-2014) Mar 24-25
West Lafayette, IN, USA
http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
CyberPatterns 2014 Apr 11
Oxford, United Kingdom
http://tech.brookes.ac.uk/CyberPatterns2014/
DFRWS-Europe 2014 May 07-09
Amsterdam, Netherlands
http://dfrws.org/2014eu/index.shtml
8th International Conference on IT Security Incident Management & IT Forensics May 12-14
Muenster, Germany
http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
2014 IEEE Symposium on Security and Privacy May 16-23
Berkley, CA, USA
http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
Techno-Security and Forensics Conference Jun 01-04
Myrtle Beach, SC, USA
http://www.techsec.com/html/Security%20Conference%202014.html
Mobile Forensics World Jun 01-04
Myrtle Beach, SC, USA
http://www.techsec.com/html/MFC-2014-Spring.html
12th International Conference on Applied Cryptography and Network Security Jun 10-13
Lausanne, Switzerland
http://acns2014.epfl.ch/
54th Conference on Audio Forensics Jun 12-14
London, England
http://www.aes.org/conferences/54/
2014 USENIX Annual Technical Conference Jun 19-20
Philadelphia, PA, USA
https://www.usenix.org/conference/atc14
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Jun 23-26
Atlanta, GA, USA
http://www.dsn.org/
Symposium On Usable Privacy and Security (SOUPS) 2014 Jul 09-11
Menlo Park, CA, USA
http://cups.cs.cmu.edu/soups/2013/
Black Hat USA 2014 Aug 02-07
Las Vegas, NV, USA
https://www.blackhat.com
DFRWS 2014 Aug 03-06
Denver, CO, USA
http://dfrws.org/2014/index.shtml
RCFG GMU 2014 Aug 04-08
Fairfax, VA, USA
http://www.rcfg.org/gmu/
23rd USENIX Security Symposium Aug 20-22
San Diego, CA, USA
https://www.usenix.org/conferences
25th Annual Conference & Digital Multimedia Evidence Training Symposium Oct 06-10
Coeur d’Alene, ID, USA
http://www.leva.org/annual-training-conference/

See Also

References