Difference between pages "Upcoming events" and "Gzip"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{expand}}
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
== File format ==
 +
The gzip file (.gz) format consists of:
 +
* a file header
 +
* optional headers
 +
** extra fields
 +
** original file name
 +
** comment
 +
** header checksum
 +
* a body, containing a DEFLATE-compressed payload
 +
* a file footer
  
This listing is divided into three sections (described as follows):<br>
+
=== File header ===
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
The file header is 10 bytes in size and contains:
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
{| class="wikitable"
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
! align="left"| Offset
 
+
! Size
== Calls For Papers ==
+
! Value
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
! Description
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
 
|-
 
|-
|DFRWS-Europe 2014
+
| 0
|Dec 01, 2013
+
| 2
|Mar 01, 2014
+
| 0x1f 0x8b
|http://www.dfrws.org/2014eu/index.shtml
+
| Signature (or identification byte 1 and 2)
 
|-
 
|-
|8th International Conference on IT Security Incident Management & IT Forensics - IMF2014
+
| 2
|Dec 01, 2013
+
| 1
|Jan 31, 2014
+
|
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/cfp.html
+
| Compression Method
 
|-
 
|-
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
+
| 3
|Dec 01, 2013
+
| 1
|Feb 25, 2014
+
|
|http://www.dsn.org/
+
| Flags
 
|-
 
|-
|CyberPatterns 2014
+
| 4
|Jan 03, 2014
+
| 4
|Jan 17, 2014
+
|
|http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
+
| Last modification time <br> Contains a POSIX timestamp.
 
|-
 
|-
|12th International Conference on Applied Cryptography and Network Security
+
| 8
|Jan 10, 2014
+
| 1
|Mar 14, 2014
+
|
|http://acns2014.epfl.ch/callpapers.php
+
| Extra flags
 
|-
 
|-
|USENIX Annual Technical Conference
+
| 9
|Jan 28, 2014
+
| 1
|Apr 07, 2014
+
|
|https://www.usenix.org/conference/atc14/call-for-papers
+
| Operating system <br> Value that indicates on which operating system the gzip file was created.
|-
+
|}
|Audio Engineering Society (AES) Conference on Audio Forensics
+
 
|Jan 31, 2014
+
==== Compression method ====
|Mar 15, 2014
+
 
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
+
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|DFRWS - USA 2014
+
| 0 - 7
|Feb 13, 2014
+
|  
|Apr 07, 2014
+
| Reserved
|http://dfrws.org/2014/cfp.shtml
+
 
|-
 
|-
 +
| 8
 +
| "deflate"
 +
| zlib compressed data
 
|}
 
|}
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
==== Flags ====
  
== Conferences ==
+
{| class="wikitable"
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
! align="left"| Value
|- style="background:#bfbfbf; font-weight: bold"
+
! Identifier
! width="40%"|Title
+
! Description
! width="20%"|Date/Location
+
! width="40%"|Website
+
 
|-
 
|-
|2013 International Conference on Information and Communications Security
+
| 0x01
|Nov 20-22<br>Beijing, China
+
| FTEXT
|http://icsd.i2r.a-star.edu.sg/icics2013/index.php
+
| If set the uncompressed data needs to be treated as text instead of binary data. <br> This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
 
|-
 
|-
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
+
| 0x02
|Nov 21-22<br>Hong Kong, China
+
| FHCRC
|http://conf.ncku.edu.tw/sadfe/sadfe13/
+
| The file contains a header checksum (CRC-16)
 
|-
 
|-
|Black Hat-Regional Summit
+
| 0x04
|Nov 26-27<br>Sao Paulo, Brazil
+
| FEXTRA
|https://www.blackhat.com/sp-13
+
| The file contains extra fields
 
|-
 
|-
| Botconf'13 - First Botnet Fighting Conference
+
| 0x08
| Dec 05-06<br>Nantes, France
+
| FNAME
|https://www.botconf.eu/
+
| The file contains an original file name string
 
|-
 
|-
|29th Annual Computer Security Applications Conference (ACSAC)
+
| 0x10
|Dec 09-13<br>New Orleans, LA, USA
+
| FCOMMENT
|http://www.acsac.org
+
| The file contains comment
 
|-
 
|-
|IFIP WG 11.9 International Conference on Digital Forensics
+
| 0x20
|Jan 08-10<br>Vienna, Austria
+
|  
|http://www.ifip119.org/Conferences/
+
| Reserved
 
|-
 
|-
|AAFS 66th Annual Scientific Meeting
+
| 0x40
|Feb 17-22<br>Seattle, WA, USA
+
|  
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
+
| Reserved
 
|-
 
|-
|21st Network & Distributed System Security Symposium
+
| 0x80
|Feb 23-26<br>San Diego, CA, USA
+
|  
|http://www.internetsociety.org/events/ndss-symposium
+
| Reserved
 +
|}
 +
 
 +
<b>Note:</b> The FHCRC bit was never set by versions of gzip up to 1.2.4, even though it was documented with a different meaning in gzip 1.2.4.
 +
 
 +
==== Extra flags ====
 +
If compression method is 8 the following extra flags can be defined:
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|Fourth ACM Conference on Data and Application Security and Privacy 2014
+
| 0x02
|Mar 03-05<br>San Antonio, TX, USA
+
|
|http://www1.it.utsa.edu/codaspy/
+
| compressor used maximum compression, slowest algorithm
 
|-
 
|-
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
+
| 0x04
|Mar 24-25<br>West Lafayette, IN, USA
+
|
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
+
| compressor used fastest algorithm
 +
|}
 +
 
 +
==== Operating System ====
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|CyberPatterns 2014
+
| 0
|Apr 11<br>Oxford, United Kingdom
+
|
|http://tech.brookes.ac.uk/CyberPatterns2014/
+
| FAT filesystem (MS-DOS, OS/2, NT/Win32)
 
|-
 
|-
|DFRWS-Europe 2014
+
| 1
|May 07-09<br>Amsterdam, Netherlands
+
|
|http://dfrws.org/2014eu/index.shtml
+
| Amiga
 
|-
 
|-
|8th International Conference on IT Security Incident Management & IT Forensics
+
| 2
|May 12-14<br>Muenster, Germany
+
|
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
+
| VMS (or OpenVMS)
 
|-
 
|-
|2014 IEEE Symposium on Security and Privacy
+
| 3
|May 16-23<br>Berkley, CA, USA
+
|
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
+
| Unix
 
|-
 
|-
|Techno-Security and Forensics Conference
+
| 4
|Jun 01-04<br>Myrtle Beach, SC, USA
+
|
|http://www.techsec.com/html/Security%20Conference%202014.html
+
| VM/CMS
 
|-
 
|-
|Mobile Forensics World
+
| 5
|Jun 01-04<br>Myrtle Beach, SC, USA
+
|
|http://www.techsec.com/html/MFC-2014-Spring.html
+
| Atari TOS
 
|-
 
|-
|12th International Conference on Applied Cryptography and Network Security
+
| 6
|Jun 10-13<br>Lausanne, Switzerland
+
|
|http://acns2014.epfl.ch/
+
| HPFS filesystem (OS/2, NT)
 
|-
 
|-
|54th Conference on Audio Forensics
+
| 7
|Jun 12-14<br>London, England
+
|
|http://www.aes.org/conferences/54/
+
| Macintosh
 
|-
 
|-
|2014 USENIX Annual Technical Conference
+
| 8
|Jun 19-20<br>Philadelphia, PA, USA
+
|
|https://www.usenix.org/conference/atc14
+
| Z-System
 
|-
 
|-
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
+
| 9
|Jun 23-26<br>Atlanta, GA, USA
+
|
|http://www.dsn.org/
+
| CP/M
 
|-
 
|-
|Symposium On Usable Privacy and Security (SOUPS) 2014
+
| 10
|Jul 09-11<br>Menlo Park, CA, USA
+
|
|http://cups.cs.cmu.edu/soups/2013/
+
| TOPS-20
 
|-
 
|-
|Black Hat USA 2014
+
| 11
|Aug 02-07<br>Las Vegas, NV, USA
+
|
|https://www.blackhat.com
+
| NTFS filesystem (NT)
 
|-
 
|-
|DFRWS 2014
+
| 12
|Aug 03-06<br>Denver, CO, USA
+
|
|http://dfrws.org/2014/index.shtml
+
| QDOS
 
|-
 
|-
|RCFG GMU 2014
+
| 13
|Aug 04-08<br>Fairfax, VA, USA
+
|
|http://www.rcfg.org/gmu/
+
| Acorn RISCOS
 
|-
 
|-
|23rd USENIX Security Symposium
+
| 255
|Aug 20-22<br>San Diego, CA, USA
+
|
|https://www.usenix.org/conferences
+
| unknown
 +
|}
 +
 
 +
=== Optional headers ===
 +
==== Extra fields ====
 +
<b>TODO: add description</b>
 +
 
 +
The extra field are variable of size and contains:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 
|-
 
|-
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
+
| 0
|Oct 06-10<br>Coeur d’Alene, ID, USA
+
| 2
|http://www.leva.org/annual-training-conference/
+
|
 +
| Extra field data size <br> Value in bytes.
 
|-
 
|-
 +
| 2
 +
| ...
 +
|
 +
| Extra field data
 
|}
 
|}
  
==See Also==
+
==== Original file name ====
* [[Training Courses and Providers]]
+
This is the original name of the file being compressed, with any directory components removed, and, if the file being compressed is on a file system with case insensitive names, forced to lower case.
==References==
+
 
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
Contains an ISO 8859-1 (LATIN-1) string with end-of-string character.
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
 
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
==== Comment ====
 +
Contains an ISO 8859-1 (LATIN-1) string with end-of-string character. Line breaks should be denoted by a single line feed character.
 +
 
 +
==== Header checksum ====
 +
The header checksum contain a CRC-16 that consists of the two least significant bytes of the CRC-32 for all bytes of the gzip header up to and not including the CRC-16.
 +
 
 +
=== File footer ===
 +
The file footer is 8 bytes in size and contains:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 +
|-
 +
| 0
 +
| 4
 +
|
 +
| Checksum (CRC-32)
 +
|-
 +
| 4
 +
| 4
 +
|
 +
| Uncompressed data size <br> Value in bytes.
 +
|}
 +
 
 +
== External Links ==
 +
 
 +
* [http://www.gzip.org/format.txt The gzip file format], by the [http://www.gzip.org/ gzip project]
 +
* [http://www.gzip.org/algorithm.txt The gzip compression algorithm], by the [http://www.gzip.org/ gzip project]
 +
* [http://tools.ietf.org/html/rfc1952 RFC1952: GZIP file format specification version 4.3], by [[IETF]]
 +
* [http://en.wikipedia.org/wiki/Gzip Wikipedia: gzip]
 +
 
 +
[[Category:File Formats]]

Revision as of 02:05, 28 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Contents

File format

The gzip file (.gz) format consists of:

  • a file header
  • optional headers
    • extra fields
    • original file name
    • comment
    • header checksum
  • a body, containing a DEFLATE-compressed payload
  • a file footer

File header

The file header is 10 bytes in size and contains:

Offset Size Value Description
0 2 0x1f 0x8b Signature (or identification byte 1 and 2)
2 1 Compression Method
3 1 Flags
4 4 Last modification time
Contains a POSIX timestamp.
8 1 Extra flags
9 1 Operating system
Value that indicates on which operating system the gzip file was created.

Compression method

Value Identifier Description
0 - 7 Reserved
8 "deflate" zlib compressed data

Flags

Value Identifier Description
0x01 FTEXT If set the uncompressed data needs to be treated as text instead of binary data.
This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
0x02 FHCRC The file contains a header checksum (CRC-16)
0x04 FEXTRA The file contains extra fields
0x08 FNAME The file contains an original file name string
0x10 FCOMMENT The file contains comment
0x20 Reserved
0x40 Reserved
0x80 Reserved

Note: The FHCRC bit was never set by versions of gzip up to 1.2.4, even though it was documented with a different meaning in gzip 1.2.4.

Extra flags

If compression method is 8 the following extra flags can be defined:

Value Identifier Description
0x02 compressor used maximum compression, slowest algorithm
0x04 compressor used fastest algorithm

Operating System

Value Identifier Description
0 FAT filesystem (MS-DOS, OS/2, NT/Win32)
1 Amiga
2 VMS (or OpenVMS)
3 Unix
4 VM/CMS
5 Atari TOS
6 HPFS filesystem (OS/2, NT)
7 Macintosh
8 Z-System
9 CP/M
10 TOPS-20
11 NTFS filesystem (NT)
12 QDOS
13 Acorn RISCOS
255 unknown

Optional headers

Extra fields

TODO: add description

The extra field are variable of size and contains:

Offset Size Value Description
0 2 Extra field data size
Value in bytes.
2 ... Extra field data

Original file name

This is the original name of the file being compressed, with any directory components removed, and, if the file being compressed is on a file system with case insensitive names, forced to lower case.

Contains an ISO 8859-1 (LATIN-1) string with end-of-string character.

Comment

Contains an ISO 8859-1 (LATIN-1) string with end-of-string character. Line breaks should be denoted by a single line feed character.

Header checksum

The header checksum contain a CRC-16 that consists of the two least significant bytes of the CRC-32 for all bytes of the gzip header up to and not including the CRC-16.

File footer

The file footer is 8 bytes in size and contains:

Offset Size Value Description
0 4 Checksum (CRC-32)
4 4 Uncompressed data size
Value in bytes.

External Links