Difference between pages "FAT" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(External links)
 
(Calls For Papers)
 
Line 1: Line 1:
'''FAT''', or File Allocation Table, is a [[File Systems|file system]] that is designed to keep track of allocation status of clusters on a [[hard drive]]Developed in 1977 by [[Microsoft]] Corporation, FAT was originally intended to be a [[File Systems|file system]] for the Microsoft Disk BASIC interpreter. FAT was quickly incorporated into an early version of Tim Patterson's QDOS, which was a moniker for "Quick and Dirty Operating System". [[Microsoft]] later purchased the rights to QDOS and released it under Microsoft branding as PC-DOS and later, MS-DOS.   
+
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
 +
When events begin the same day, events of a longer length should be listed firstNew postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
 +
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audienceSuch restrictions should be noted when known.</i>
  
== Specification ==
+
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
  
FAT is described by Microsoft in [[Media:Fatgen103.doc|Microsoft's FAT32 specification]]. Despite the name, the document includes descriptions of FAT12 and FAT16.
+
This listing is divided into three sections (described as follows):<br>
 +
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
 +
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
 +
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
  
Closely related standards are: ECMA 107 and ISO/EIC 9293, which only cover FAT12 and FAT16, and also are somewhat more restricted than the file system described by Microsoft's document.
+
== Calls For Papers ==
 +
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
  
== Structure==
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 
+
|- style="background:#bfbfbf; font-weight: bold"
{| style="text-align:center;" cellpadding="3" border="1px"
+
! width="30%|Title
| Boot sector
+
! width="15%"|Due Date
| More reserved<br/> sectors (optional)
+
! width="15%"|Notification Date
| FAT #1
+
! width="40%"|Website
| FAT #2
+
|-
| Root directory<br /> (FAT12/16 only)
+
|IEEE Symposium on Security and Privacy
| Data region<br /> (rest of disk)
+
|Nov 13, 2013
 +
|
 +
|http://www.ieee-security.org/TC/SP2014/cfp.html
 +
|-
 +
|DFRWS-Europe 2014
 +
|Dec 01, 2013
 +
|Mar 01, 2014
 +
|http://www.dfrws.org/2014-europe/index.shtml
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Dec 01, 2013
 +
|Feb 25, 2014
 +
|http://www.dsn.org/
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jan 10, 2014
 +
|Mar 14, 2014
 +
|http://acns2014.epfl.ch/callpapers.php
 +
|-
 +
|USENIX Annual Technical Conference
 +
|Jan 28, 2014
 +
|Apr 07, 2014
 +
|https://www.usenix.org/conference/atc14/call-for-papers
 +
|-
 +
|Audio Engineering Society (AES) Conference on Audio Forensics
 +
|Jan 31, 2014
 +
|Mar 15, 2014
 +
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
 +
|-
 
|}
 
|}
  
=== Boot Record ===
+
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
When a computer is powered on, a POST (power-on self test) is performed, and control is then transferred to the [[Master boot record]] ([[MBR]]). The [[MBR]] is present no matter what file system is in use, and contains information about how the storage device is logically partitioned. When using a FAT file system, the [[MBR]] hands off control of the computer to the Boot Record, which is the first sector on the partition. The Boot Record, which occupies a reserved area on the partition, contains executable code, in addition to information such as an OEM identifier, number of FATs, media descriptor (type of storage device), and information about the operating system to be booted. Once the Boot Record code executes, control is handed off to the operating system installed on that partition.
+
  
=== FATs ===
+
== Conferences ==
The primary task of the File Alocation Tables are to keep track of the allocation status of clusters, or logical groupings of sectors, on the disk drive.  There are four different possible FAT entries: allocated (along with the address of the next cluster associated with the file), unallocated, end of file, and bad sector.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 
+
|- style="background:#bfbfbf; font-weight: bold"
In order to provide redundancy in case of data corruption, two FATs, FAT1 and FAT2, are stored in the file system. FAT2 is a typically a duplicate of FAT1. However, FAT mirroring can be disabled on a FAT32 drive, thus enabling any of the FATs to become the Primary FAT. This possibly leaves FAT1 empty, which can be deceiving.
+
! width="40%"|Title
 
+
! width="20%"|Date/Location
=== Root Directory ===
+
! width="40%"|Website
The Root Directory, sometimes referred to as the Root Folder, contains an entry for each file and directory stored in the file system.  This information includes the file name, starting cluster number, and file size. This information is changed whenever a file is created or subsequently modified. Root directory has a fixed size of 512 entries on a hard disk and the size on a floppy disk depends.  With FAT32 it can be stored anywhere within the partition, although in previous versions it is always located immediately following the FAT region.
+
|-
 
+
|VB2013 - the 23rd Virus Bulletin International Conference
=== Data Area ===
+
|Oct 02-04<br>Berlin, Germany
 
+
|http://www.virusbtn.com/conference/vb2013/index
The Boot Record, FATs, and Root Directory are collectively referred to as the System Area.  The remaining space on the logical drive is called the Data Area, which is where files are actually stored.  It should be noted that when a file is deleted by the operating system, the data stored in the Data Area remains intact until it is overwritten.
+
|-
 
+
|8th International Conference on Malicious and Unwanted Software
=== Clusters ===
+
|Oct 22-24<br>Fajardo, Puerto Rico, USA
In order for FAT to manage files with satisfactory efficiency, it groups sectors into larger blocks referred to as clusters. A cluster is the smallest unit of disk space that can be allocated to a file, which is why clusters are often called allocation units. Each cluster can be used by one and only one resident file. Only the "data area" is divided into clusters, the rest of the partition is simply sectors. Cluster size is determined by the size of the disk volume and every file must be allocated an even number of clusters. Cluster sizing has a significant impact on performance and disk utilization. Larger cluster sizes result in more wasted space because files are less likely to fill up an even number of clusters.
+
|http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
 
+
|-
The size of one cluster is specified in the Boot Record and can range from a single sector (512 bytes) to 128 sectors (65536 bytes). The sectors in a cluster are continuous, therefore each cluster is a continuous block of space on the disk.  Note that only one file can be allocated to a cluster.  Therefore if a 1KB file is placed within a 32KB cluster there are 31KB of wasted space. The formula for determining clusters in a partition is (# of Sectors in Partition) - (# of Sectors per Fat * 2) - (# of Reserved Sectors) ) /  (# of Sectors per Cluster).
+
|16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
 
+
|Oct 23-25<br>St. Lucia
=== Wasted Sectors ===
+
|http://www.raid2013.org/
 
+
|-
'''Wasted Sectors''' (a.k.a. '''partition [[slack]]''') are a result of the number of data sectors not being evenly distributed by the cluster size. It's made up of unused bytes left at the end of a file. Also, if the partition as declared in the partition table is larger than what is claimed in the Boot Record the volume can be said to have wasted sectors. Small files on a hard drive are the reason for wasted space and the bigger the hard drive the more wasted space there is. 
+
|5th International Workshop on Managing Insider Security Threats
 
+
|Oct 24-25<br>Busan, South Korea
=== FAT Entry Values ===
+
|http://isyou.info/conf/mist13/index.htm
<br>
+
|-
FAT12<br>
+
|20th ACM Conference on Computer and Communications Security
<br>
+
|Nov 04-08<br>Berlin, Germany
0x000          (Free Cluster)<br>   
+
|http://www.sigsac.org/ccs/CCS2013/
0x001          (Reserved Cluster)<br>
+
|-
0x002 - 0xFEF  (Used cluster; value points to next cluster)<br>
+
|4th Annual Open Source Digital Forensics Conference (OSDF)
0xFF0 - 0xFF6  (Reserved values)<br>
+
|Nov 04-05<br>Chantilly, VA
0xFF7          (Bad cluster)<br>
+
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
0xFF8 - 0xFFF  (Last cluster in file)<br>
+
|-
<br>
+
|Paraben Forensic Innovations Conference
FAT16<br>
+
|Nov 13-15<br>Salt Lake City, UT
<br>
+
|http://www.pfic-conference.com/
0x0000          (Free Cluster)<br>
+
|-
0x0001          (Reserved Cluster)<br>
+
|2013 International Conference on Information and Communications Security
0x0002 - 0xFFEF  (Used cluster; value points to next cluster)<br>
+
|Nov 20-22<br>Beijing, Chine
0xFFF0 - 0xFFF6  (Reserved values)<br>
+
|http://icsd.i2r.a-star.edu.sg/icics2013/index.php
0xFFF7          (Bad cluster)<br>
+
|-
0xFFF8 - 0xFFFF  (Last cluster in file)<br>
+
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
<br>
+
|Nov 21-22<br>Hong Kong, China
FAT32<br>
+
|http://conf.ncku.edu.tw/sadfe/sadfe13/
<br>
+
|-
0x?0000000              (Free Cluster)<br>
+
|Black Hat-Regional Summit
0x?0000001              (Reserved Cluster)<br>
+
|Nov 26-27<br>Sao Paulo, Brazil
0x?0000002 - 0x?FFFFFEF  (Used cluster; value points to next cluster)<br>
+
|https://www.blackhat.com/sp-13
0x?FFFFFF0 - 0x?FFFFFF6  (Reserved values)<br>
+
|-
0x?FFFFFF7              (Bad cluster)<br>
+
|29th Annual Computer Security Applications Conference (ACSAC)
0x?FFFFFF8 - 0x?FFFFFFF  (Last cluster in file)
+
|Dec 09-13<br>New Orleans, LA
 
+
|http://www.acsac.org
Note: FAT32 uses only 28 of 32 possible bits, the upper 4 bits should be left alone. Typically these bits are zero, and are represented above by a question mark (?).
+
|-
 
+
|IFIP WG 11.9 International Conference on Digital Forensics
==Versions==
+
|Jan 08-10<br>Vienna, Austria
 
+
|http://www.ifip119.org/Conferences/
There are three variants of FAT in existence: FAT12, FAT16, and FAT32.
+
|-
 
+
|AAFS 66th Annual Scientific Meeting
=== FAT12 ===
+
|Feb 17-22<br>Seattle, WA
*  FAT12 is the oldest type of FAT that uses a 12 bit file allocation table entry.
+
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
*  FAT12 can hold a max of 4,084 clusters (which is 2<sup>12</sup> clusters minus a few values that are reserved for values used in  the FAT).
+
|-
*  It is used for floppy disks and hard drive partitions that are smaller than 16 MB. 
+
|21st Network & Distributed System Security Symposium
*  All 1.44 MB 3.5" floppy disks are formatted using FAT12.
+
|Feb 23-26<br>San Diego, CA
*  Cluster size that is used is between 0.5 KB to 4 KB.
+
|http://www.internetsociety.org/events/ndss-symposium
 
+
|-
=== FAT16 ===
+
|Fourth ACM Conference on Data and Application Security and Privacy 2014
*  It is called FAT16 because all entries are 16 bit.
+
|Mar 03-05<br>San Antonio, TX
*  FAT16 can hold a max of 65,524 addressable units
+
|http://www1.it.utsa.edu/codaspy/
*  It is used for small and moderate sized hard disk volumes.
+
|-
 
+
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
=== FAT32 ===
+
|Mar 24-25<br>West Lafayette, IN
FAT32 is the enhanced version of the FAT system implemented beginning with Windows 95 OSR2, Windows 98, and Windows Me.
+
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
Features include:
+
|-
*  Drives of up to 2 terabytes are supported ([[Windows]] 2000 only supports up to 32 gigabytes)
+
|DFRWS-Europe 2014
*  Since FAT32 uses smaller clusters (of 4 kilobytes each), it uses hard drive space more efficiently. This is a 10 to 15 percent improvement over FAT or FAT16.
+
|May 07-09<br>Amsterdam, Netherlands
*  The limitations of FAT or FAT 16 on the number of root folder entries have been eliminated. In FAT32, the root folder is an ordinary cluster chain, and can be located anywhere on the drive.
+
|http://dfrws.org/2014eu/index.shtml
*  File allocation mirroring can be disabled in FAT32. This allows a different copy of the file allocation table then the default to be active.
+
|-
 
+
|2014 IEEE Symposium on Security and Privacy
==== Limitations with [[Windows]] 2000 & [[Windows]] XP ====
+
|May 16-23<br>Berkley, CA
* Clusters cannot be 64KB or larger.
+
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
* Cannot decrease cluster size that will result in the the FAT being larger than 16 MB minus 64KB in size.
+
|-
* Cannot contain fewer than 65,527 clusters.
+
|Techno-Security and Forensics Conference
* Maximum of 32KB per cluster.
+
|Jun 01-04<br>Myrtle Beach, SC
* ''[[Windows]] XP'': The Windows XP installation program will not allow a user to format a drive of more than 32GB using the FAT32 file system. Using the installation program, the only way to format a disk greater than 32GB in size is to use NTFS. A disk larger than 32GB in size ''can'' be formatted with FAT32 for use with Windows XP if the system is booted from a Windows 98 or Windows ME startup disk, and formatted using the tool that will be on the disk.
+
|http://www.techsec.com/html/Security%20Conference%202014.html
 
+
|-
=== exFAT (sometimes incorrectly called FAT64) ===
+
|Mobile Forensics World
exFAT (also know as Extended File Allocation Table or exFAT) is Microsoft's latest version of FAT and works with Windows Embedded CE 6.0, Windows XP/Server 2003 (with a KB patch, Vista/Server 2008 SP 1 & Later, and Windows 7.
+
|Jun 01-04<br>Myrtle Beach, SC
Features include:
+
|http://www.techsec.com/html/MFC-2014-Spring.html
*  Largest file size is 2<sup>64</sup> bytes (16 exabytes) vs. FAT32's maximum file size of 4GB.
+
|-
*  Has transaction support using Transaction-Safe Extended FAT File System (TexFAT). (Not released yet in Desktop/Server OS)
+
|12th International Conference on Applied Cryptography and Network Security
*  Speeds up storage allocation processes by using free space bitmaps.
+
|Jun 10-13<br>Lausanne, Switzerland
*  Support UTC timestamps (Vista/Server 2008 SP1 does not support UTC, UTC support came out with SP2)
+
|http://acns2014.epfl.ch/
*  Maximum Cluster size of 32MB (Fat32 is 32KB)
+
|-
*  Sector sizes from 512 bytes to 4096 bytes in size
+
|54th Conference on Audio Forensics
*  Maximum FAT supportable volume size of 128PB
+
|Jun 12-14<br>London, England
*  Maximum Subdirectory size of 256MB which can support up to over 2 million files in a singlr subdirectory
+
|http://www.aes.org/conferences/54/
*  Uses a Bitmap for cluster allocation
+
|-
*  Supports File Permissions (Not released yet in Desktop/Server OS)
+
|2014 USENIX Annual Technical Conference
*  Has been selected as the exclusive file system of the SDXC memory card by the SD Association
+
|Jun 19-20<br>Philadelphia, PA
 
+
|https://www.usenix.org/conference/atc14
Although Microsoft has published some information on exFAT, there are more technical specifications available from third parties. For example, here is a  [http://paradigmsolutions.files.wordpress.com/2009/12/exfat-excerpt-1-4.pdf detailed presentation on exFAT].
+
|-
 
+
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Another published technical paper that goes in the internals in great detail is in the SANS Reading Room at: [http://www.sans.org/reading_room/whitepapers/forensics/rss/reverse_engineering_the_microsoft_exfat_file_system_33274 Reverse Engineering the Microsoft exFAT File System]
+
|Jun 23-26<br>Atlanta, GA
 
+
|http://www.dsn.org/
=== Comparison of FAT Versions ===
+
|-
 
+
|Symposium On Usable Privacy and Security (SOUPS) 2014
See the table at http://en.wikipedia.org/wiki/File_Allocation_Table for more detailed information about the various versions of FAT.
+
|Jul 09-11<br>Menlo Park, CA
 
+
|http://cups.cs.cmu.edu/soups/2013/
== Uses ==
+
|-
Due to its low cost, mobility, and non-volatile nature, flash memory has quickly become the choice medium for storing and transferring data in consumer electronic devices. The majority of flash memory storage is formatted using the FAT file system.  In addition, FAT is also frequently used in electronic devices with miniature hard drives.
+
|DFRWS 2014
 
+
|Aug 03-06<br>Denver, CO
Examples of devices in which FAT is utilized include:
+
|http://dfrws.org/2014/index.shtml
 
+
|-
* [[USB]] thumb drives
+
|23rd USENIX Security Symposium
* [[Digital camera|Digital cameras]]
+
|Aug 20-22<br>San Diego, CA
* Digital camcorders
+
|https://www.usenix.org/conferences
* Portable audio and video players
+
|-
* Multifunction [[printers]]
+
|}
* Electronic photo frames
+
* Electronic musical instruments
+
* Standard televisions
+
* [[PDAs]]
+
 
+
==Data Recovery==
+
Recovering directory entries from FAT filesystems as part of [[recovering deleted data]] can be accomplished by looking for entries that begin with a sigma 0xe5. When a file or directory is deleted under a FAT filesystem, the first character of its name is changed to sigma. The remainder of the directory entry information remains intact.
+
 
+
The pointers are also changed to zero for each cluster used by the file. Recovery tools look at the FAT to find the entry for the file. The location of the starting cluster will still be in the directory file.  It is not deleted or modified.  The tool will go straight to that cluster and try to recover the file using the file size to determine the number of clusters to recover.  Some tools will go to the starting cluster and recover the next "X" number of clusters needed for the specific file size.  However, this tool is not ideal.  An ideal tool will locate "X" number of available clusters.  Since files are most often fragmented, this will be a more precise way to recover the file.
+
 
+
An issue arises when two files in the same row of clusters are deleted. If the clusters are not in sequential order, the tool will automatically receive "X" number of clusters.  However, because the file was fragmented, it's most likely that all the clusters obtained will not all contain data for that file.  If these two deleted files are in the same row of clusters, it is highly unlikely the file can be recovered.
+
 
+
==File [[Slack]]==
+
File [[slack]] is data that starts from the end of the file written and continues to the end of the sectors designated to the file. There are two types of file [[slack]], RAM slack and Residual [[slack]]. RAM slack starts from the end of the file and goes to the end of that sector. Residual slack then starts at the next sector and goes to the end of the cluster allocated for the file.  File slack is a helpful tool when analyzing a hard drive because the old data that is not overwritten by the new file is still in tact. Go to http://www.pcguide.com/ref/hdd/file/partSizes-c.html for examples.
+
 
+
 
+
<table border="1" cellspacing="2" bordercolor="#000000" cellpadding="4" width="468" bordercolorlight="#C0C0C0">
+
  <tr>
+
    <td width="101" bgcolor="#808080"><font size="2"><b><center>Cluster</center></b></font></td>
+
    <td width="177" bgcolor="#808080"><font size="2"><b><center>Sample Slack Space,
+
    50% Cluster Slack Per File</center></b></font></td>
+
    <td width="178" bgcolor="#808080"><font size="2"><b><center>Sample Slack Space,
+
    67% Cluster Slack Per File</center></b></font></td>
+
  </tr>
+
  <tr>
+
    <td width="101" bgcolor="#C0C0C0"><font size="2"><b><center>2 kiB</center></b></font></td>
+
    <td width="177"><font size="2"><center>17 MB</center></font></td>
+
    <td width="178"><font size="2"><center>22 MB</center></font></td>
+
  </tr>
+
  <tr>
+
    <td width="101" bgcolor="#C0C0C0"><font size="2"><b><center>4 kiB</center></b></font></td>
+
    <td width="177"><font size="2"><center>33 MB</center></font></td>
+
    <td width="178"><font size="2"><center>44 MB</center></font></td>
+
  </tr>
+
  <tr>
+
    <td width="101" bgcolor="#C0C0C0"><font size="2"><b><center>8 kiB</center></b></font></td>
+
    <td width="177"><font size="2"><center>66 MB</center></font></td>
+
    <td width="178"><font size="2"><center>89 MB</center></font></td>
+
  </tr>
+
  <tr>
+
    <td width="101" bgcolor="#C0C0C0"><font size="2"><b><center>16 kiB</center></b></font></td>
+
    <td width="177"><font size="2"><center>133 MB</center></font></td>
+
    <td width="178"><font size="2"><center>177 MB</center></font></td>
+
  </tr>
+
  <tr>
+
    <td width="101" bgcolor="#C0C0C0"><font size="2"><b><center>32 kiB</center></b></font></td>
+
    <td width="177"><font size="2"><center>265 MB</center></font></td>
+
    <td width="178"><font size="2"><center>354 MB</center></font></td>
+
  </tr>
+
</table>
+
 
+
The diagram above demonstrates the larger the cluster size used, the more disk space is wasted due to slack. This suggests it is better to use smaller cluster sizes whenever possible.
+
 
+
==FAT Advantages==
+
*  Files available to multiple operating systems on the same computer
+
*  Easier to switch from FAT to [[NTFS]] than vice versa
+
*  Performs faster on smaller volumes (< 10GB)
+
*  Does not index files, which causes slightly higher performance
+
*  Performs better with small cache sizes (< 96MB)
+
*  More space-efficient on small volumes (< 4GB)
+
*  Performs better with slow disks (< 5400RPM)
+
 
+
==FAT Disadvantages==
+
*  FAT has a fixed maximum number of clusters per partition, which means as the hard disk gets bigger the size of each cluster must increase, creating more slack space
+
*  Doesn't natively support many abilities of [[NTFS]] such as on-the-fly compression, [[encryption]], or advanced security using access control lists
+
*  [[NTFS]] recommended by [[Microsoft]] for volumes larger than 32GB
+
*  FAT slows down as the number of files on the disk increases
+
*  FAT usually fragments files more
+
*  FAT does not allow for indexing of files for faster searching
+
*  FAT does not support user quotas
+
*  FAT has minimal security features including no access control list (ACL) capability.
+
 
+
== External links ==
+
* http://en.wikipedia.org/wiki/File_Allocation_Table
+
* http://www.microsoft.com
+
* http://www.ntfs.com
+
* http://www.ntfs.com/ntfs_vs_fat.htm
+
* http://support.microsoft.com/kb/q154997/#XSLTH3126121123120121120120
+
* http://www.dewassoc.com/kbase/hard_drives/boot_sector.htm
+
* http://home.teleport.com/~brainy/fat32.htm
+
* http://www2.tech.purdue.edu/cpt/courses/cpt499s/
+
* http://home.no.net/tkos/info/fat.html
+
* http://web.ukonline.co.uk/cook/fat32.htm
+
* http://www.ntfs.com/fat-systems.htm
+
* http://www.microsoft.com/whdc/system/platform/firmware/fatgen.mspx
+
* http://support.microsoft.com/kb/q140418
+
 
+
== Tools ==
+
=== ExFAT ===
+
* [http://code.google.com/p/exfat/ Open Source exFAT file system implementation]
+
  
[[Category:File Systems]]
+
==See Also==
 +
* [[Training Courses and Providers]]
 +
==References==
 +
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
 +
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
 +
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]

Revision as of 10:45, 25 September 2013

PLEASE READ BEFORE YOU EDIT THE LISTS BELOW
When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some events may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

This is a BY DATE listing of upcoming events relevant to digital forensics. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic conferences page, but entries in this list have specific dates and locations for the upcoming event.

This listing is divided into three sections (described as follows):

  1. Calls For Papers - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)

  2. Conferences - Conferences relevant for Digital Forensics (Name, Date, Location, URL)

  3. Training Courses and Providers - Training

Calls For Papers

Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.

Title Due Date Notification Date Website
IEEE Symposium on Security and Privacy Nov 13, 2013 http://www.ieee-security.org/TC/SP2014/cfp.html
DFRWS-Europe 2014 Dec 01, 2013 Mar 01, 2014 http://www.dfrws.org/2014-europe/index.shtml
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Dec 01, 2013 Feb 25, 2014 http://www.dsn.org/
12th International Conference on Applied Cryptography and Network Security Jan 10, 2014 Mar 14, 2014 http://acns2014.epfl.ch/callpapers.php
USENIX Annual Technical Conference Jan 28, 2014 Apr 07, 2014 https://www.usenix.org/conference/atc14/call-for-papers
Audio Engineering Society (AES) Conference on Audio Forensics Jan 31, 2014 Mar 15, 2014 http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf

See also WikiCFP 'Forensics'

Conferences

Title Date/Location Website
VB2013 - the 23rd Virus Bulletin International Conference Oct 02-04
Berlin, Germany
http://www.virusbtn.com/conference/vb2013/index
8th International Conference on Malicious and Unwanted Software Oct 22-24
Fajardo, Puerto Rico, USA
http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID) Oct 23-25
St. Lucia
http://www.raid2013.org/
5th International Workshop on Managing Insider Security Threats Oct 24-25
Busan, South Korea
http://isyou.info/conf/mist13/index.htm
20th ACM Conference on Computer and Communications Security Nov 04-08
Berlin, Germany
http://www.sigsac.org/ccs/CCS2013/
4th Annual Open Source Digital Forensics Conference (OSDF) Nov 04-05
Chantilly, VA
http://www.basistech.com/about-us/events/open-source-forensics-conference/
Paraben Forensic Innovations Conference Nov 13-15
Salt Lake City, UT
http://www.pfic-conference.com/
2013 International Conference on Information and Communications Security Nov 20-22
Beijing, Chine
http://icsd.i2r.a-star.edu.sg/icics2013/index.php
8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) Nov 21-22
Hong Kong, China
http://conf.ncku.edu.tw/sadfe/sadfe13/
Black Hat-Regional Summit Nov 26-27
Sao Paulo, Brazil
https://www.blackhat.com/sp-13
29th Annual Computer Security Applications Conference (ACSAC) Dec 09-13
New Orleans, LA
http://www.acsac.org
IFIP WG 11.9 International Conference on Digital Forensics Jan 08-10
Vienna, Austria
http://www.ifip119.org/Conferences/
AAFS 66th Annual Scientific Meeting Feb 17-22
Seattle, WA
http://www.aafs.org/aafs-66th-annual-scientific-meeting
21st Network & Distributed System Security Symposium Feb 23-26
San Diego, CA
http://www.internetsociety.org/events/ndss-symposium
Fourth ACM Conference on Data and Application Security and Privacy 2014 Mar 03-05
San Antonio, TX
http://www1.it.utsa.edu/codaspy/
9th International Conference on Cyber Warfare and Security (ICCWS-2014) Mar 24-25
West Lafayette, IN
http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
DFRWS-Europe 2014 May 07-09
Amsterdam, Netherlands
http://dfrws.org/2014eu/index.shtml
2014 IEEE Symposium on Security and Privacy May 16-23
Berkley, CA
http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
Techno-Security and Forensics Conference Jun 01-04
Myrtle Beach, SC
http://www.techsec.com/html/Security%20Conference%202014.html
Mobile Forensics World Jun 01-04
Myrtle Beach, SC
http://www.techsec.com/html/MFC-2014-Spring.html
12th International Conference on Applied Cryptography and Network Security Jun 10-13
Lausanne, Switzerland
http://acns2014.epfl.ch/
54th Conference on Audio Forensics Jun 12-14
London, England
http://www.aes.org/conferences/54/
2014 USENIX Annual Technical Conference Jun 19-20
Philadelphia, PA
https://www.usenix.org/conference/atc14
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Jun 23-26
Atlanta, GA
http://www.dsn.org/
Symposium On Usable Privacy and Security (SOUPS) 2014 Jul 09-11
Menlo Park, CA
http://cups.cs.cmu.edu/soups/2013/
DFRWS 2014 Aug 03-06
Denver, CO
http://dfrws.org/2014/index.shtml
23rd USENIX Security Symposium Aug 20-22
San Diego, CA
https://www.usenix.org/conferences

See Also

References