Difference between pages "Upcoming events" and "Gzip"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{expand}}
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
== File format ==
 +
The gzip file (.gz) format consists of:
 +
* a file header
 +
* optional headers
 +
** extra fields
 +
** original file name
 +
** comment
 +
** header checksum
 +
* a body, containing a DEFLATE-compressed payload
 +
* a file footer
  
This listing is divided into three sections (described as follows):<br>
+
=== File header ===
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
The file header is 10 bytes in size and contains:
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
{| class="wikitable"
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
! align="left"| Offset
 
+
! Size
== Calls For Papers ==
+
! Value
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
! Description
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
 
|-
 
|-
|IEEE Symposium on Security and Privacy
+
| 0
|Nov 13, 2013
+
| 2
 +
| 0x1f 0x8b
 +
| Signature (or identification byte 1 and 2)
 +
|-
 +
| 2
 +
| 1
 
|
 
|
|http://www.ieee-security.org/TC/SP2014/cfp.html
+
| Compression Method
 
|-
 
|-
|DFRWS-Europe 2014
+
| 3
|Dec 01, 2013
+
| 1
|Mar 01, 2014
+
|
|http://www.dfrws.org/2014eu/index.shtml
+
| Flags
 
|-
 
|-
|8th International Conference on IT Security Incident Management & IT Forensics - IMF2014
+
| 4
|Dec 01, 2013
+
| 4
|Jan 31, 2014
+
|
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/cfp.html
+
| Last modification time <br> Contains a POSIX timestamp.
 
|-
 
|-
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
+
| 8
|Dec 01, 2013
+
| 1
|Feb 25, 2014
+
|
|http://www.dsn.org/
+
| Extra flags
 
|-
 
|-
|12th International Conference on Applied Cryptography and Network Security
+
| 9
|Jan 10, 2014
+
| 1
|Mar 14, 2014
+
|
|http://acns2014.epfl.ch/callpapers.php
+
| Operating system <br> Value that indicates on which operating system the gzip file was created.
|-
+
|}
|USENIX Annual Technical Conference
+
 
|Jan 28, 2014
+
==== Compression method ====
|Apr 07, 2014
+
 
|https://www.usenix.org/conference/atc14/call-for-papers
+
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|Audio Engineering Society (AES) Conference on Audio Forensics
+
| 0 - 7
|Jan 31, 2014
+
|  
|Mar 15, 2014
+
| Reserved
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
+
 
|-
 
|-
 +
| 8
 +
| "deflate"
 +
| zlib compressed data
 
|}
 
|}
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
==== Flags ====
  
== Conferences ==
+
{| class="wikitable"
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
! align="left"| Value
|- style="background:#bfbfbf; font-weight: bold"
+
! Identifier
! width="40%"|Title
+
! Description
! width="20%"|Date/Location
+
! width="40%"|Website
+
 
|-
 
|-
|VB2013 - the 23rd Virus Bulletin International Conference
+
| 0x01
|Oct 02-04<br>Berlin, Germany
+
| FTEXT
|http://www.virusbtn.com/conference/vb2013/index
+
| If set the uncompressed data needs to be treated as text instead of binary data. <br> This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
 
|-
 
|-
|8th International Conference on Malicious and Unwanted Software
+
| 0x02
|Oct 22-24<br>Fajardo, Puerto Rico, USA
+
| FHCRC
|http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
+
| The file contains a header checksum (CRC-16)
 
|-
 
|-
|16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
+
| 0x04
|Oct 23-25<br>St. Lucia
+
| FEXTRA
|http://www.raid2013.org/
+
| The file contains extra fields
 
|-
 
|-
|5th International Workshop on Managing Insider Security Threats
+
| 0x08
|Oct 24-25<br>Busan, South Korea
+
| FNAME
|http://isyou.info/conf/mist13/index.htm
+
| The file contains an original file name string
 
|-
 
|-
|20th ACM Conference on Computer and Communications Security
+
| 0x10
|Nov 04-08<br>Berlin, Germany
+
| FCOMMENT
|http://www.sigsac.org/ccs/CCS2013/
+
| The file contains comment
 
|-
 
|-
|4th Annual Open Source Digital Forensics Conference (OSDF)
+
| 0x20
|Nov 04-05<br>Chantilly, VA
+
|  
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
+
| Reserved
 
|-
 
|-
|Paraben Forensic Innovations Conference
+
| 0x40
|Nov 13-15<br>Salt Lake City, UT
+
|  
|http://www.pfic-conference.com/
+
| Reserved
 
|-
 
|-
|2013 International Conference on Information and Communications Security
+
| 0x80
|Nov 20-22<br>Beijing, Chine
+
|  
|http://icsd.i2r.a-star.edu.sg/icics2013/index.php
+
| Reserved
 +
|}
 +
 
 +
<b>Note:</b> The FHCRC bit was never set by versions of gzip up to 1.2.4, even though it was documented with a different meaning in gzip 1.2.4.
 +
 
 +
==== Extra flags ====
 +
If compression method is 8 the following extra flags can be defined:
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
+
| 0x02
|Nov 21-22<br>Hong Kong, China
+
|
|http://conf.ncku.edu.tw/sadfe/sadfe13/
+
| compressor used maximum compression, slowest algorithm
 
|-
 
|-
|Black Hat-Regional Summit
+
| 0x04
|Nov 26-27<br>Sao Paulo, Brazil
+
|
|https://www.blackhat.com/sp-13
+
| compressor used fastest algorithm
 +
|}
 +
 
 +
==== Operating System ====
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
| Botconf'13 - First Botnet Fighting Conference
+
| 0
| Dec 05-06<br>Nantes, France
+
|
|https://www.botconf.eu/
+
| FAT filesystem (MS-DOS, OS/2, NT/Win32)
 
|-
 
|-
|29th Annual Computer Security Applications Conference (ACSAC)
+
| 1
|Dec 09-13<br>New Orleans, LA
+
|
|http://www.acsac.org
+
| Amiga
 
|-
 
|-
|IFIP WG 11.9 International Conference on Digital Forensics
+
| 2
|Jan 08-10<br>Vienna, Austria
+
|
|http://www.ifip119.org/Conferences/
+
| VMS (or OpenVMS)
 
|-
 
|-
|AAFS 66th Annual Scientific Meeting
+
| 3
|Feb 17-22<br>Seattle, WA
+
|
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
+
| Unix
 
|-
 
|-
|21st Network & Distributed System Security Symposium
+
| 4
|Feb 23-26<br>San Diego, CA
+
|
|http://www.internetsociety.org/events/ndss-symposium
+
| VM/CMS
 
|-
 
|-
|Fourth ACM Conference on Data and Application Security and Privacy 2014
+
| 5
|Mar 03-05<br>San Antonio, TX
+
|
|http://www1.it.utsa.edu/codaspy/
+
| Atari TOS
 
|-
 
|-
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
+
| 6
|Mar 24-25<br>West Lafayette, IN
+
|
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
+
| HPFS filesystem (OS/2, NT)
 
|-
 
|-
|DFRWS-Europe 2014
+
| 7
|May 07-09<br>Amsterdam, Netherlands
+
|
|http://dfrws.org/2014eu/index.shtml
+
| Macintosh
 
|-
 
|-
|2014 IEEE Symposium on Security and Privacy
+
| 8
|May 16-23<br>Berkley, CA
+
|
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
+
| Z-System
 
|-
 
|-
|Techno-Security and Forensics Conference
+
| 9
|Jun 01-04<br>Myrtle Beach, SC
+
|
|http://www.techsec.com/html/Security%20Conference%202014.html
+
| CP/M
 
|-
 
|-
|Mobile Forensics World
+
| 10
|Jun 01-04<br>Myrtle Beach, SC
+
|
|http://www.techsec.com/html/MFC-2014-Spring.html
+
| TOPS-20
 
|-
 
|-
|12th International Conference on Applied Cryptography and Network Security
+
| 11
|Jun 10-13<br>Lausanne, Switzerland
+
|
|http://acns2014.epfl.ch/
+
| NTFS filesystem (NT)
 
|-
 
|-
|54th Conference on Audio Forensics
+
| 12
|Jun 12-14<br>London, England
+
|
|http://www.aes.org/conferences/54/
+
| QDOS
 
|-
 
|-
|2014 USENIX Annual Technical Conference
+
| 13
|Jun 19-20<br>Philadelphia, PA
+
|
|https://www.usenix.org/conference/atc14
+
| Acorn RISCOS
 
|-
 
|-
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
+
| 255
|Jun 23-26<br>Atlanta, GA
+
|
|http://www.dsn.org/
+
| unknown
 +
|}
 +
 
 +
=== Optional headers ===
 +
==== Extra fields ====
 +
<b>TODO: add description</b>
 +
 
 +
The extra field are variable of size and contains:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 
|-
 
|-
|Symposium On Usable Privacy and Security (SOUPS) 2014
+
| 0
|Jul 09-11<br>Menlo Park, CA
+
| 2
|http://cups.cs.cmu.edu/soups/2013/
+
|
 +
| Extra field data size <br> Value in bytes.
 
|-
 
|-
|DFRWS 2014
+
| 2
|Aug 03-06<br>Denver, CO
+
| ...
|http://dfrws.org/2014/index.shtml
+
|  
 +
| Extra field data
 +
|}
 +
 
 +
==== Original file name ====
 +
This is the original name of the file being compressed, with any directory components removed, and, if the file being compressed is on a file system with case insensitive names, forced to lower case.
 +
 
 +
Contains an ISO 8859-1 (LATIN-1) string with end-of-string character.
 +
 
 +
==== Comment ====
 +
Contains an ISO 8859-1 (LATIN-1) string with end-of-string character. Line breaks should be denoted by a single line feed character.
 +
 
 +
==== Header checksum ====
 +
The header checksum contain a CRC-16 that consists of the two least significant bytes of the CRC-32 for all bytes of the gzip header up to and not including the CRC-16.
 +
 
 +
=== File footer ===
 +
The file footer is 8 bytes in size and contains:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 
|-
 
|-
|RCFG GMU 2014
+
| 0
|Aug 04-08<br>Fairfax, VA
+
| 4
|http://www.rcfg.org/gmu/
+
|
|-
+
| Checksum (CRC-32)
|23rd USENIX Security Symposium
+
|Aug 20-22<br>San Diego, CA
+
|https://www.usenix.org/conferences
+
|-
+
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
+
|Oct 06-10<br>Coeur d’Alene, ID
+
|http://www.leva.org/annual-training-conference/
+
 
|-
 
|-
 +
| 4
 +
| 4
 +
|
 +
| Uncompressed data size <br> Value in bytes.
 
|}
 
|}
  
==See Also==
+
== External Links ==
* [[Training Courses and Providers]]
+
 
==References==
+
* [http://www.gzip.org/format.txt The gzip file format], by the [http://www.gzip.org/ gzip project]
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
* [http://www.gzip.org/algorithm.txt The gzip compression algorithm], by the [http://www.gzip.org/ gzip project]
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
* [http://tools.ietf.org/html/rfc1952 RFC1952: GZIP file format specification version 4.3], by [[IETF]]
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
* [http://en.wikipedia.org/wiki/Gzip Wikipedia: gzip]
 +
 
 +
[[Category:File Formats]]

Revision as of 02:05, 28 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

File format

The gzip file (.gz) format consists of:

  • a file header
  • optional headers
    • extra fields
    • original file name
    • comment
    • header checksum
  • a body, containing a DEFLATE-compressed payload
  • a file footer

File header

The file header is 10 bytes in size and contains:

Offset Size Value Description
0 2 0x1f 0x8b Signature (or identification byte 1 and 2)
2 1 Compression Method
3 1 Flags
4 4 Last modification time
Contains a POSIX timestamp.
8 1 Extra flags
9 1 Operating system
Value that indicates on which operating system the gzip file was created.

Compression method

Value Identifier Description
0 - 7 Reserved
8 "deflate" zlib compressed data

Flags

Value Identifier Description
0x01 FTEXT If set the uncompressed data needs to be treated as text instead of binary data.
This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
0x02 FHCRC The file contains a header checksum (CRC-16)
0x04 FEXTRA The file contains extra fields
0x08 FNAME The file contains an original file name string
0x10 FCOMMENT The file contains comment
0x20 Reserved
0x40 Reserved
0x80 Reserved

Note: The FHCRC bit was never set by versions of gzip up to 1.2.4, even though it was documented with a different meaning in gzip 1.2.4.

Extra flags

If compression method is 8 the following extra flags can be defined:

Value Identifier Description
0x02 compressor used maximum compression, slowest algorithm
0x04 compressor used fastest algorithm

Operating System

Value Identifier Description
0 FAT filesystem (MS-DOS, OS/2, NT/Win32)
1 Amiga
2 VMS (or OpenVMS)
3 Unix
4 VM/CMS
5 Atari TOS
6 HPFS filesystem (OS/2, NT)
7 Macintosh
8 Z-System
9 CP/M
10 TOPS-20
11 NTFS filesystem (NT)
12 QDOS
13 Acorn RISCOS
255 unknown

Optional headers

Extra fields

TODO: add description

The extra field are variable of size and contains:

Offset Size Value Description
0 2 Extra field data size
Value in bytes.
2 ... Extra field data

Original file name

This is the original name of the file being compressed, with any directory components removed, and, if the file being compressed is on a file system with case insensitive names, forced to lower case.

Contains an ISO 8859-1 (LATIN-1) string with end-of-string character.

Comment

Contains an ISO 8859-1 (LATIN-1) string with end-of-string character. Line breaks should be denoted by a single line feed character.

Header checksum

The header checksum contain a CRC-16 that consists of the two least significant bytes of the CRC-32 for all bytes of the gzip header up to and not including the CRC-16.

File footer

The file footer is 8 bytes in size and contains:

Offset Size Value Description
0 4 Checksum (CRC-32)
4 4 Uncompressed data size
Value in bytes.

External Links