Difference between pages "File Carving" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (See also)
 
(Calls For Papers)
 
Line 1: Line 1:
'''Carving''' is the practice of searching an input for files or other kinds of objects based on content, rather than on metadata. File carving is a powerful tool for recovering files and fragments of files when directory entries are corrupt or missing, as may be the case with old files that have been deleted or when performing an analysis on damaged media. Memory carving is a useful tool for analyzing physical and virtual memory dumps when the memory structures are unknown or have been overwritten.
+
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
 +
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
 +
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
  
 +
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
  
=File Carving=
+
This listing is divided into three sections (described as follows):<br>
 +
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
 +
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
 +
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
  
Most file carvers operate by looking for file headers and/or footers, and then "carving out" the blocks between these two boundaries. [[Semantic Carving]] performs carving based on an analysis of the contents of the proposed files.  
+
== Calls For Papers ==
 +
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
  
File carving should be done on a [[disk image]], rather than on the original disk.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="30%|Title
 +
! width="15%"|Due Date
 +
! width="15%"|Notification Date
 +
! width="40%"|Website
 +
|-
 +
|IEEE Symposium on Security and Privacy
 +
|Nov 13, 2013
 +
|
 +
|http://www.ieee-security.org/TC/SP2014/cfp.html
 +
|-
 +
|DFRWS-Europe 2014
 +
|Dec 01, 2013
 +
|Mar 01, 2014
 +
|http://www.dfrws.org/2014-europe/index.shtml
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Dec 01, 2013
 +
|Feb 25, 2014
 +
|http://www.dsn.org/
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jan 10, 2014
 +
|Mar 14, 2014
 +
|http://acns2014.epfl.ch/callpapers.php
 +
|-
 +
|USENIX Annual Technical Conference
 +
|Jan 28, 2014
 +
|Apr 07, 2014
 +
|https://www.usenix.org/conference/atc14/call-for-papers
 +
|-
 +
|Audio Engineering Society (AES) Conference on Audio Forensics
 +
|Jan 31, 2014
 +
|Mar 15, 2014
 +
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
 +
|-
 +
|}
  
File carving tools are listed on the [[Tools:Data_Recovery]] wiki page.
+
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
  
Many carving programs have an option to only look at or near sector boundaries where headers are found. However, searching the entire input can find files that have been embedded into other files, such as [[JPEG]]s being embedded into [[Microsoft]] [[DOC|Word documents]]. This may be considered an advantage or a disadvantage, depending on the circumstances.
+
== Conferences ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|VB2013 - the 23rd Virus Bulletin International Conference
 +
|Oct 02-04<br>Berlin, Germany
 +
|http://www.virusbtn.com/conference/vb2013/index
 +
|-
 +
|8th International Conference on Malicious and Unwanted Software
 +
|Oct 22-24<br>Fajardo, Puerto Rico, USA
 +
|http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
 +
|-
 +
|16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
 +
|Oct 23-25<br>St. Lucia
 +
|http://www.raid2013.org/
 +
|-
 +
|5th International Workshop on Managing Insider Security Threats
 +
|Oct 24-25<br>Busan, South Korea
 +
|http://isyou.info/conf/mist13/index.htm
 +
|-
 +
|20th ACM Conference on Computer and Communications Security
 +
|Nov 04-08<br>Berlin, Germany
 +
|http://www.sigsac.org/ccs/CCS2013/
 +
|-
 +
|4th Annual Open Source Digital Forensics Conference (OSDF)
 +
|Nov 04-05<br>Chantilly, VA
 +
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
 +
|-
 +
|Paraben Forensic Innovations Conference
 +
|Nov 13-15<br>Salt Lake City, UT
 +
|http://www.pfic-conference.com/
 +
|-
 +
|2013 International Conference on Information and Communications Security
 +
|Nov 20-22<br>Beijing, Chine
 +
|http://icsd.i2r.a-star.edu.sg/icics2013/index.php
 +
|-
 +
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
 +
|Nov 21-22<br>Hong Kong, China
 +
|http://conf.ncku.edu.tw/sadfe/sadfe13/
 +
|-
 +
|Black Hat-Regional Summit
 +
|Nov 26-27<br>Sao Paulo, Brazil
 +
|https://www.blackhat.com/sp-13
 +
|-
 +
|29th Annual Computer Security Applications Conference (ACSAC)
 +
|Dec 09-13<br>New Orleans, LA
 +
|http://www.acsac.org
 +
|-
 +
|IFIP WG 11.9 International Conference on Digital Forensics
 +
|Jan 08-10<br>Vienna, Austria
 +
|http://www.ifip119.org/Conferences/
 +
|-
 +
|AAFS 66th Annual Scientific Meeting
 +
|Feb 17-22<br>Seattle, WA
 +
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
 +
|-
 +
|21st Network & Distributed System Security Symposium
 +
|Feb 23-26<br>San Diego, CA
 +
|http://www.internetsociety.org/events/ndss-symposium
 +
|-
 +
|Fourth ACM Conference on Data and Application Security and Privacy 2014
 +
|Mar 03-05<br>San Antonio, TX
 +
|http://www1.it.utsa.edu/codaspy/
 +
|-
 +
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
 +
|Mar 24-25<br>West Lafayette, IN
 +
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
 +
|-
 +
|DFRWS-Europe 2014
 +
|May 07-09<br>Amsterdam, Netherlands
 +
|http://dfrws.org/2014eu/index.shtml
 +
|-
 +
|2014 IEEE Symposium on Security and Privacy
 +
|May 16-23<br>Berkley, CA
 +
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
 +
|-
 +
|Techno-Security and Forensics Conference
 +
|Jun 01-04<br>Myrtle Beach, SC
 +
|http://www.techsec.com/html/Security%20Conference%202014.html
 +
|-
 +
|Mobile Forensics World
 +
|Jun 01-04<br>Myrtle Beach, SC
 +
|http://www.techsec.com/html/MFC-2014-Spring.html
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jun 10-13<br>Lausanne, Switzerland
 +
|http://acns2014.epfl.ch/
 +
|-
 +
|54th Conference on Audio Forensics
 +
|Jun 12-14<br>London, England
 +
|http://www.aes.org/conferences/54/
 +
|-
 +
|2014 USENIX Annual Technical Conference
 +
|Jun 19-20<br>Philadelphia, PA
 +
|https://www.usenix.org/conference/atc14
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Jun 23-26<br>Atlanta, GA
 +
|http://www.dsn.org/
 +
|-
 +
|Symposium On Usable Privacy and Security (SOUPS) 2014
 +
|Jul 09-11<br>Menlo Park, CA
 +
|http://cups.cs.cmu.edu/soups/2013/
 +
|-
 +
|DFRWS 2014
 +
|Aug 03-06<br>Denver, CO
 +
|http://dfrws.org/2014/index.shtml
 +
|-
 +
|23rd USENIX Security Symposium
 +
|Aug 20-22<br>San Diego, CA
 +
|https://www.usenix.org/conferences
 +
|-
 +
|}
  
Today most file carving programs will only recover files that are contiguous on the media.
+
==See Also==
 
+
* [[Training Courses and Providers]]
== FIle Carving Taxonomy==
+
==References==
[[Simson Garfinkel]] and [[Joachim Metz]] have proposed the following file carving taxonomy:
+
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
 
+
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
;Carving
+
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
:General term for extracting data (files) out of undifferentiated blocks (raw data), like "carving" a sculpture out of soap stone.
+
 
+
;Block Based Carving
+
:Any carving method (algorithm) that analyzes the input on block-by-block basis to determine if a block is part of a possible output file. This method assumes that each block can only be part of a single file (or embedded file).
+
 
+
;Characteristic Based Carving
+
:Any carving method (algorithm) that analyzes the input on characteristic basis (for example, entropy) to determine if the input is part of a possible output file.
+
 
+
;Header/Footer Carving
+
:A method for carving files out of raw data using a distinct header (start of file marker) and footer (end of file marker).
+
 
+
;Header/Maximum (file) size Carving
+
:A method for carving files out of raw data using a distinct header (start of file marker) and a maximum (file) size. This approach works because many file formats (e.g. JPEG, MP3) do not care if additional junk is appended to the end of a valid file.
+
 
+
;Header/Embedded Length Carving
+
:A method for carving files out of raw data using a distinct header and a file length (size) which is embedded in the file format
+
 
+
;File structure based Carving
+
:A method for carving files out of raw data using a certain level of knowledge of the internal structure of file types. Garfinkel called this approach "Semantic Carving" in his DFRWS2006 carving challenge submission, while Metz and Mora called the approach "Deep Carving."
+
 
+
;Semantic Carving
+
:A method for carving files based on a linguistic analysis of the file's content. For example, a semantic carver might conclude that six blocks of french in the middle of a long HTML file written in English is a fragment left from a previous allocated file, and not from the English-language HTML file.
+
 
+
;Carving with Validation
+
:A method for carving files out of raw data where the carved files are validated using a file type specific validator.
+
 
+
;Fragment Recovery Carving
+
:A carving method in which two or more fragments are reassembled to form the original file or object. Garfinkel previously called this approach "Split Carving."
+
 
+
== File Carving challenges and test images ==
+
 
+
[http://www.dfrws.org/2006/challenge/]
+
File Carving Challenge - [[Digital Forensic Research Workshop|DFRWS]] 2006
+
 
+
[http://dftt.sourceforge.net/test6/index.html]
+
FAT Undelete Test #1 - Digital Forensics Tool Testing Image (dftt #6)
+
 
+
[http://dftt.sourceforge.net/test7/index.html]
+
NTFS Undelete (and leap year) Test #1 - Digital Forensics Tool Testing Image (dftt #7)
+
 
+
[http://dftt.sourceforge.net/test11/index.html]
+
Basic Data Carving Test - fat32 (by Nick Mikus) - Digital Forensics Tool Testing Image (dftt #11)
+
 
+
[http://dftt.sourceforge.net/test12/index.html]
+
Basic Data Carving Test - ext2 (by Nick Mikus) - Digital Forensics Tool Testing Image (dftt #12)
+
 
+
==File Carving Bibliography==
+
 
+
Mikus, Nicholas A. "An analysis of disc carving techniques," Master's Thesis, Naval Postgraduate School. March 2005. http://handle.dtic.mil/100.2/ADA432468
+
 
+
Garfinkel, S., "Carving Contiguous and Fragmented Files with Fast Object Validation", Digital Forensics Workshop (DFRWS 2007), Pittsburgh, PA, August 2007.  http://www.simson.net/clips/academic/2007.DFRWS.pdf
+
 
+
== See also ==
+
[[Tools:Data_Recovery#Carving | FIle Carving Tools]]
+
[[File Carving Bibliography]]
+
 
+
=Memory Carving=
+

Revision as of 09:45, 25 September 2013

PLEASE READ BEFORE YOU EDIT THE LISTS BELOW
When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some events may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

This is a BY DATE listing of upcoming events relevant to digital forensics. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic conferences page, but entries in this list have specific dates and locations for the upcoming event.

This listing is divided into three sections (described as follows):

  1. Calls For Papers - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)

  2. Conferences - Conferences relevant for Digital Forensics (Name, Date, Location, URL)

  3. Training Courses and Providers - Training

Calls For Papers

Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.

Title Due Date Notification Date Website
IEEE Symposium on Security and Privacy Nov 13, 2013 http://www.ieee-security.org/TC/SP2014/cfp.html
DFRWS-Europe 2014 Dec 01, 2013 Mar 01, 2014 http://www.dfrws.org/2014-europe/index.shtml
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Dec 01, 2013 Feb 25, 2014 http://www.dsn.org/
12th International Conference on Applied Cryptography and Network Security Jan 10, 2014 Mar 14, 2014 http://acns2014.epfl.ch/callpapers.php
USENIX Annual Technical Conference Jan 28, 2014 Apr 07, 2014 https://www.usenix.org/conference/atc14/call-for-papers
Audio Engineering Society (AES) Conference on Audio Forensics Jan 31, 2014 Mar 15, 2014 http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf

See also WikiCFP 'Forensics'

Conferences

Title Date/Location Website
VB2013 - the 23rd Virus Bulletin International Conference Oct 02-04
Berlin, Germany
http://www.virusbtn.com/conference/vb2013/index
8th International Conference on Malicious and Unwanted Software Oct 22-24
Fajardo, Puerto Rico, USA
http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID) Oct 23-25
St. Lucia
http://www.raid2013.org/
5th International Workshop on Managing Insider Security Threats Oct 24-25
Busan, South Korea
http://isyou.info/conf/mist13/index.htm
20th ACM Conference on Computer and Communications Security Nov 04-08
Berlin, Germany
http://www.sigsac.org/ccs/CCS2013/
4th Annual Open Source Digital Forensics Conference (OSDF) Nov 04-05
Chantilly, VA
http://www.basistech.com/about-us/events/open-source-forensics-conference/
Paraben Forensic Innovations Conference Nov 13-15
Salt Lake City, UT
http://www.pfic-conference.com/
2013 International Conference on Information and Communications Security Nov 20-22
Beijing, Chine
http://icsd.i2r.a-star.edu.sg/icics2013/index.php
8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) Nov 21-22
Hong Kong, China
http://conf.ncku.edu.tw/sadfe/sadfe13/
Black Hat-Regional Summit Nov 26-27
Sao Paulo, Brazil
https://www.blackhat.com/sp-13
29th Annual Computer Security Applications Conference (ACSAC) Dec 09-13
New Orleans, LA
http://www.acsac.org
IFIP WG 11.9 International Conference on Digital Forensics Jan 08-10
Vienna, Austria
http://www.ifip119.org/Conferences/
AAFS 66th Annual Scientific Meeting Feb 17-22
Seattle, WA
http://www.aafs.org/aafs-66th-annual-scientific-meeting
21st Network & Distributed System Security Symposium Feb 23-26
San Diego, CA
http://www.internetsociety.org/events/ndss-symposium
Fourth ACM Conference on Data and Application Security and Privacy 2014 Mar 03-05
San Antonio, TX
http://www1.it.utsa.edu/codaspy/
9th International Conference on Cyber Warfare and Security (ICCWS-2014) Mar 24-25
West Lafayette, IN
http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
DFRWS-Europe 2014 May 07-09
Amsterdam, Netherlands
http://dfrws.org/2014eu/index.shtml
2014 IEEE Symposium on Security and Privacy May 16-23
Berkley, CA
http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
Techno-Security and Forensics Conference Jun 01-04
Myrtle Beach, SC
http://www.techsec.com/html/Security%20Conference%202014.html
Mobile Forensics World Jun 01-04
Myrtle Beach, SC
http://www.techsec.com/html/MFC-2014-Spring.html
12th International Conference on Applied Cryptography and Network Security Jun 10-13
Lausanne, Switzerland
http://acns2014.epfl.ch/
54th Conference on Audio Forensics Jun 12-14
London, England
http://www.aes.org/conferences/54/
2014 USENIX Annual Technical Conference Jun 19-20
Philadelphia, PA
https://www.usenix.org/conference/atc14
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Jun 23-26
Atlanta, GA
http://www.dsn.org/
Symposium On Usable Privacy and Security (SOUPS) 2014 Jul 09-11
Menlo Park, CA
http://cups.cs.cmu.edu/soups/2013/
DFRWS 2014 Aug 03-06
Denver, CO
http://dfrws.org/2014/index.shtml
23rd USENIX Security Symposium Aug 20-22
San Diego, CA
https://www.usenix.org/conferences

See Also

References