Difference between pages "Upcoming events" and "File Carving"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m (File Carving)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
'''Carving''' is the practice of searching an input for files or other kinds of objects based on content, rather than on metadata. File carving is a powerful tool for recovering files and fragments of files when directory entries are corrupt or missing, as may be the case with old files that have been deleted or when performing an analysis on damaged media. Memory carving is a useful tool for analyzing physical and virtual memory dumps when the memory structures are unknown or have been overwritten.
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
 
  
This listing is divided into three sections (described as follows):<br>
+
=File Carving=
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
  
== Calls For Papers ==
+
Most file carvers operate by looking for file headers and/or footers, and then "carving out" the blocks between these two boundaries. [[Semantic Carving]] performs carving based on an analysis of the contents of the proposed files.  
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
File carving should be done on a [[disk image]], rather than on the original disk.
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|IEEE Symposium on Security & Privacy
+
|Nov 14, 2012
+
|Jan 28, 2013
+
|http://www.ieee-security.org/TC/SP2013/cfp.html
+
|-
+
|FIRST Conference
+
|Dec 2012
+
|Feb 2013
+
|http://conference.first.org/2013/
+
|-
+
|The 1st ACM Workshop on Information Hiding and Multimedia Security
+
|Jan 25, 2013
+
|Apr 02, 2013
+
|http://ihmmsec.org/index.php/call-for-papers
+
|-
+
|International Workshop on Cyber Crime
+
|Feb 15, 2013
+
|Mar 01, 2013
+
|http://stegano.net/IWCC2013/
+
|-
+
|28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference
+
|TBD
+
|TBD
+
|http://www.sec2013.org/Submissions.aspx
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
File carving tools are listed on the [[Tools:Data_Recovery]] wiki page.
  
== Conferences ==
+
Many carving programs have an option to only look at or near sector boundaries where headers are found. However, searching the entire input can find files that have been embedded into other files, such as [[JPEG]]s being embedded into [[Microsoft]] [[DOC|Word documents]]. This may be considered an advantage or a disadvantage, depending on the circumstances.
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|7th IEEE LCN Workshop on Security In Communication Networks
+
|Oct 22-25<br>Clearwater, FL
+
|http://www.sick-workshop.org
+
|-
+
|Paraben Forensic Innovations Conference
+
|Nov 03-07<br>Park City, UT
+
|http://www.pfic-conference.com/
+
|-
+
|2012 International Workshop on Computational Forensics
+
|Nov 11<br>Tsukuba, Japan
+
|http://iwcf12.arsforensica.org/
+
|-
+
|IEEE Conference on Technologies for Homeland Security
+
|Nov 13-15<br>Waltham, MA
+
|http://www.ieee-hst.org/
+
|-
+
|8th International Conference on Information Assurance and Security (IAS'12)
+
|Nov 21-23<br>Sao Carlos, Brazil
+
|http://www.mirlabs.org/ias12
+
|-
+
|Forensics@NIST 2012
+
|Nov 28-30<br>Rockville, MD
+
|http://www.nist.gov/oles/forensics-2012.cfm
+
|-
+
|IEEE International Workshop on Information Forensics and Security
+
|Dec 02-05<br>Tenerife, Spain
+
|http://www.wifs12.org/index.html
+
|-
+
|28th Annual Computer Security Applications Conference (ACSAC 2012)
+
|Dec 03-07<br>Orlando, FL
+
|http://www.acsac.org
+
|-
+
|2012 secau Security Congress
+
|Dec 03-05<br>Perth, Western Australia
+
|http://conferences.secau.org/
+
|-
+
|Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Jan 28-30<br>Orlando, FL
+
|http://www.ifip119.org/Conferences/
+
|-
+
|2013 DoD Cybercrime Conference
+
|Jan 29-Feb 01<br>Louisville, KY
+
|http://www.dodcybercrime.com/
+
|-
+
|65th Annual AAFS Meeting
+
|Feb 18-23<br>Washington, DC
+
|http://www.aafs.org/aafs-2013-annual-meeting
+
|-
+
|IMF 2013 - 7th International Conference on IT Security Incident Management & IT Forensics
+
|Mar 12-14<br>Nuernberg, Germany
+
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2013/about.html
+
|-
+
|IEEE Symposium on Security & Privacy
+
|May 19-23<br>San Francisco, CA
+
|http://www.ieee-security.org/TC/SP2013/index.html
+
|-
+
|International Workshop on Cyber Crime
+
|May 24<br>San Francisco, CA
+
|http://stegano.net/IWCC2013/
+
|-
+
|Techno Security and Forensics Investigation Conference
+
|Jun 02-05<br>Myrtle Beach, SC
+
|http://www.thetrainingco.com/html/Security%20Conference%202013.html
+
|-
+
|Mobile Forensics World
+
|Jun 02-05<br>Myrtle Beach, SC
+
|http://www.techsec.com/html/MFC-2013-Spring.html
+
|-
+
|FIRST Conference
+
|Jun 16-21<br>Bangkok, Thailand
+
|http://conference.first.org/2013/
+
|-
+
|The 1st ACM Workshop on Information Hiding and Multimedia Security
+
|Jun 17-19<br>Montpellier, France
+
|http://ihmmsec.org/
+
|-
+
|28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference
+
|Jul 08-10<br>Auckland, New Zealand
+
|http://www.sec2013.org/
+
|-
+
|DFRWS 2013
+
|Aug 04-07<br>Monterey, CA
+
|http://dfrws.org/2013
+
|-
+
|Regional Computer Forensics Group GMU 2013
+
|Aug 05-09<br>Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|22nd USENIX Security Symposium - USENIX Security '13
+
|Aug 14-16<br>Washington, DC
+
|https://www.usenix.org/conferences?page=1
+
|-
+
|VB2013 - the 23rd Virus Bulletin International Conference
+
|Oct 02-04<br>Berlin, Germany
+
|http://www.virusbtn.com/conference/vb2013/index
+
|-
+
|}
+
  
==See Also==
+
Today most file carving programs will only recover files that are contiguous on the media.
* [[Training Courses and Providers]]
+
 
==References==
+
== File Carving challenges and test images ==
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
 
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
[http://www.dfrws.org/2006/challenge/]
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
File Carving Challenge - [[DFRWS]] 2006
 +
 
 +
[http://dftt.sourceforge.net/test6/index.html]
 +
FAT Undelete Test #1 - Digital Forensics Tool Testing Image (dftt #6)
 +
 
 +
[http://dftt.sourceforge.net/test7/index.html]
 +
NTFS Undelete (and leap year) Test #1 - Digital Forensics Tool Testing Image (dftt #7)
 +
 
 +
[http://dftt.sourceforge.net/test11/index.html]
 +
Basic Data Carving Test - fat32 (by Nick Mikus) - Digital Forensics Tool Testing Image (dftt #11)
 +
 
 +
[http://dftt.sourceforge.net/test12/index.html]
 +
Basic Data Carving Test - ext2 (by Nick Mikus) - Digital Forensics Tool Testing Image (dftt #12)
 +
 
 +
==File Carving Bibliography==
 +
 
 +
Mikus, Nicholas A. "An analysis of disc carving techniques," Master's Thesis, Naval Postgraduate School. March 2005. http://handle.dtic.mil/100.2/ADA432468
 +
 
 +
== See also ==
 +
[[Tools:Data_Recovery#Carving | FIle Carving Tools]]
 +
 
 +
=Memory Carving=

Revision as of 12:10, 13 February 2007

Carving is the practice of searching an input for files or other kinds of objects based on content, rather than on metadata. File carving is a powerful tool for recovering files and fragments of files when directory entries are corrupt or missing, as may be the case with old files that have been deleted or when performing an analysis on damaged media. Memory carving is a useful tool for analyzing physical and virtual memory dumps when the memory structures are unknown or have been overwritten.


Contents

File Carving

Most file carvers operate by looking for file headers and/or footers, and then "carving out" the blocks between these two boundaries. Semantic Carving performs carving based on an analysis of the contents of the proposed files.

File carving should be done on a disk image, rather than on the original disk.

File carving tools are listed on the Tools:Data_Recovery wiki page.

Many carving programs have an option to only look at or near sector boundaries where headers are found. However, searching the entire input can find files that have been embedded into other files, such as JPEGs being embedded into Microsoft Word documents. This may be considered an advantage or a disadvantage, depending on the circumstances.

Today most file carving programs will only recover files that are contiguous on the media.

File Carving challenges and test images

[1] File Carving Challenge - DFRWS 2006

[2] FAT Undelete Test #1 - Digital Forensics Tool Testing Image (dftt #6)

[3] NTFS Undelete (and leap year) Test #1 - Digital Forensics Tool Testing Image (dftt #7)

[4] Basic Data Carving Test - fat32 (by Nick Mikus) - Digital Forensics Tool Testing Image (dftt #11)

[5] Basic Data Carving Test - ext2 (by Nick Mikus) - Digital Forensics Tool Testing Image (dftt #12)

File Carving Bibliography

Mikus, Nicholas A. "An analysis of disc carving techniques," Master's Thesis, Naval Postgraduate School. March 2005. http://handle.dtic.mil/100.2/ADA432468

See also

FIle Carving Tools

Memory Carving