Difference between pages "Upcoming events" and "Gzip"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
(File format)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{expand}}
Events should be posted in the correct section, and in date order.  An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
== File format ==
 +
The gzip file (.gz) format consists of:
 +
* a file header
 +
* optional headers
 +
** extra fields
 +
** original file name
 +
** comment
 +
** header checksum
 +
* a body, containing a DEFLATE-compressed payload
 +
* a file footer
  
This listing is divided into four sections (described as follows):<br>
+
The gzip format uses little-endian.
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format (start anytime) or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locations.  This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Provider, URL) (''note: this has been moved to its own page.'')<br></li></ol>
+
  
== Calls For Papers ==
+
{| class="wikitable"
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
! align="left"| Offset
 
+
! Characteristics
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
! Description
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
 
|-
 
|-
|23rd Computer Security Foundations Symposium
+
| Byte order
|Feb 04, 2010
+
| little-endian
|Mar 19, 2010
+
|http://www.floc-conference.org/CSF-cfp.html
+
 
|-
 
|-
|USENIX Security Symposium 2010
+
| Date and time values
|Feb 05, 2010
+
| Filetime in UTC
|Jul 05, 2010
+
|http://www.usenix.org/events/sec10/cfp/
+
 
|-
 
|-
|Seventh GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment
+
| Character string
|Feb 05, 2010
+
| ISO 8859-1 (LATIN-1)
|Apr 05, 2010
+
|}
|http://dimva2010.fkie.fraunhofer.de/cfp-dimva2010.pdf
+
 
 +
=== File header ===
 +
The file header is 10 bytes in size and contains:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 
|-
 
|-
|7th International Symposium on Risk Management and Cyber-Informatics: RMCI 2010
+
| 0
|Feb 10, 2010
+
| 2
|Mar 03, 2010
+
| 0x1f 0x8b
|http://www.iiis2010.org/wmsci/Contents/CallForPapers-RMCI-2010.pdf
+
| Signature (or identification byte 1 and 2)
 
|-
 
|-
|Thirtieth Annual International Cryptology Conference
+
| 2
|Feb 18, 2010
+
| 1
|Apr 30, 2010
+
|http://www.iacr.org/conferences/crypto2010/cfp.php
+
|-
+
|2010 Conference on Digital Forensics, Security and Law
+
|Feb 19, 2010
+
 
|
 
|
|http://www.digitalforensics-conference.org/callforpapers.htm
+
| Compression Method
 
|-
 
|-
|3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats
+
| 3
|Feb 25, 2010
+
| 1
|Mar 24, 2010
+
|
|http://www.usenix.org/events/leet10/cfp/
+
| Flags
 
|-
 
|-
|Digital Forensic Research Workshop (DFRWS) 2010
+
| 4
|Feb 28, 2010
+
| 4
|Apr 05, 2010
+
|http://dfrws.org/2010/cfp.shtml
+
|-
+
|Blackhat Europe 2010
+
|Mar 01, 2010
+
 
|
 
|
|http://blackhat.com/html/bh-eu-10/registration/bh-eu-10-cfp.html
+
| Last modification time <br> Contains a POSIX timestamp.
 
|-
 
|-
|Symposium On Usable Privacy and Security
+
| 8
|Mar 05, 2010
+
| 1
|Apr 30, 2010
+
|http://cups.cs.cmu.edu/soups/2010/cfp.html
+
|-
+
|20th Virus Bulletin International Conference
+
|Mar 05, 2010
+
 
|
 
|
|http://www.virusbtn.com/conference/vb2010/call/index
+
| Extra flags
|-
+
|European Symposium on Research in Computer Security
+
|Apr 01, 2010
+
|Jun 10, 2010
+
|http://www.esorics2010.org/index.php?option=com_content&view=article&id=1&Itemid=3
+
|-
+
|13th Annual Recent Advances in Intrusion Detection
+
|Apr 04, 2010
+
|Jun 07, 2010
+
|http://www.raid2010.org/calls-for-participation
+
|-
+
|6th International Conference on Security and Privacy in Communication Networks
+
|Apr 05, 2010
+
|May 31, 2010
+
|http://www.securecomm.org/cfp.shtml
+
|-
+
|New Security Paradigms Workshop (NSPW)
+
|Apr 16, 2010
+
|Jun 11, 2010
+
|http://www.nspw.org/2010/cfp
+
 
|-
 
|-
|ACM Computer and Communications Security Conference
+
| 9
|Apr 17, 2010
+
| 1
|Jun 21, 2010
+
|http://www.sigsac.org/ccs/CCS2010/cfp.shtml
+
|-
+
|2010 IEEE International Conference on Technologies for Homeland Security
+
|Apr 24, 2010
+
 
|
 
|
|http://ieee-hst.org/
+
| Operating system <br> Value that indicates on which operating system the gzip file was created.
|-
+
|}
|2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
+
 
|May 01, 2010
+
==== Compression method ====
|Jun 15, 2010
+
 
|http://www.d-forensics.org/callforpapers.shtml
+
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|2nd International Workshop on Security in Cloud Computing (SCC'2010)
+
| 0 - 7
|May 01, 2010
+
|  
|Jun 07, 2010
+
| Reserved
|http://bingweb.binghamton.edu/~ychen/SCC2010.htm
+
 
|-
 
|-
 +
| 8
 +
| "deflate"
 +
| zlib compressed data
 
|}
 
|}
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
==== Flags ====
  
== Conferences ==
+
{| class="wikitable"
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
! align="left"| Value
|- style="background:#bfbfbf; font-weight: bold"
+
! Identifier
! width="40%"|Title
+
! Description
! width="20%"|Date/Location
+
! width="40%"|Website
+
 
|-
 
|-
|DoD Cyber Crime Conference
+
| 0x01
|Jan 22-29<br>St. Louis, MO
+
| FTEXT
|http://www.dodcybercrime.com/10CC/
+
| If set the uncompressed data needs to be treated as text instead of binary data. <br> This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
 
|-
 
|-
|ShmooCon VI
+
| 0x02
|Feb 05-07<br>Washington, DC
+
| FHCRC
|http://www.shmoocon.org
+
| The file contains a header checksum (CRC-16)
 
|-
 
|-
|International Conference on Technical and Legal Aspects of the e-Society
+
| 0x04
|Feb 10-15<br>St. Maarten, Netherlands Antilles
+
| FEXTRA
|http://www.iaria.org/conferences2010/CYBERLAWS10.html
+
| The file contains extra fields
 
|-
 
|-
|Third International Workshop on Digital Forensics
+
| 0x08
|Feb 15-18<br>Krakow, Poland
+
| FNAME
|http://www.ares-conference.eu/conf/index.php/workshops/wsdf
+
| The file contains an original file name string
 
|-
 
|-
|American Academy of Forensic Sciences Annual Meeting
+
| 0x10
|Feb. 22-27<br>Seattle, WA
+
| FCOMMENT
|http://www.aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
| The file contains comment
 
|-
 
|-
|17th Network and IT Security Conference
+
| 0x20
|Feb 38-Mar 03<br>San Diego, CA
+
|  
|http://www.isoc.org/isoc/conferences/ndss/10/
+
| Reserved
 
|-
 
|-
|RSA Conference 2010
+
| 0x40
|Mar 01-05<br>San Francisco, CA
+
|  
|http://www.rsaconference.com/2010/usa/index.htm
+
| Reserved
 
|-
 
|-
|CanSecWest 2010
+
| 0x80
|Mar 22-26<br>Vancouver, British Columbia, Canada
+
|  
|http://cansecwest.com/index.html
+
| Reserved
 +
|}
 +
 
 +
<b>Note:</b> The FHCRC bit was never set by versions of gzip up to 1.2.4, even though it was documented with a different meaning in gzip 1.2.4.
 +
 
 +
==== Extra flags ====
 +
If compression method is 8 the following extra flags can be defined:
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|Blackhat Europe 2010
+
| 0x02
|Apr 12-15<br>Barcelona, Spain
+
|
|http://blackhat.com/html/bh-eu-10/bh-eu-10-home.html
+
| compressor used maximum compression, slowest algorithm
 
|-
 
|-
|31st IEEE Symposium on Security and Privacy
+
| 0x04
|May 16-19<br>Oakland, CA
+
|
|http://oakland31.cs.virginia.edu/
+
| compressor used fastest algorithm
 +
|}
 +
 
 +
==== Operating System ====
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|AusCERT Asia Pacific Information Security Conference
+
| 0
|May 16-21<br>Kenmore Hills, Queensland, Australia
+
|
|http://conference.auscert.org.au/conf2010/index.html
+
| FAT filesystem (MS-DOS, OS/2, NT/Win32)
 
|-
 
|-
|Conference on Digital Forensics, Security and Law 2010
+
| 1
|May 19-21<br>St. Paul, MN
+
|
|http://www.digitalforensics-conference.org/index.htm
+
| Amiga
 
|-
 
|-
|Blackhat Abu Dhabi 2010
+
| 2
|May 30-Jun 02<br>Abu Dhabi, UAE
+
|
|http://blackhat.com/html/events.html
+
| VMS (or OpenVMS)
 
|-
 
|-
|Techno-Security 2010
+
| 3
|Jun 06-09<br>Myrtle Beach, SC
+
|
|http://www.thetrainingco.com/html/Security_Conference_2010.html
+
| Unix
 
|-
 
|-
|7th International Symposium on Risk Management and Cyber-Informatics
+
| 4
|Jun 29-Jul 02<br>Orlando, FL
+
|
|http://www.2010iiisconferences.org/RMCI
+
| VM/CMS
 
|-
 
|-
|Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment
+
| 5
|Jul 08-09<br>Bonn, Germany
+
|
|http://dimva2010.fkie.fraunhofer.de/
+
| Atari TOS
 
|-
 
|-
|Symposium On Usable Privacy and Security
+
| 6
|Jul 14-16<br>Redmond, WA
+
|
|http://cups.cs.cmu.edu/soups/2010/
+
| HPFS filesystem (OS/2, NT)
 
|-
 
|-
|CSF 2010 - 23rd Computer Security Foundations Symposium
+
| 7
|Jul 17-19<br>Edinburgh, Scotland, UK
+
|
|http://www.floc-conference.org/CSF-home.html
+
| Macintosh
 
|-
 
|-
|Blackhat USA 2010
+
| 8
|Jul 24-29<br>Las Vegas, NV
+
|
|http://blackhat.com/html/events.html
+
| Z-System
 
|-
 
|-
|Digital Forensic Research Workshop (DFRWS) 2010
+
| 9
|Aug 02-04<br>Portland, OR
+
|
|http://dfrws.org/2010/
+
| CP/M
 
|-
 
|-
|19th USENIX Security Symposium
+
| 10
|Aug 11-13(br>Washington, DC
+
|
|http://www.usenix.org/events/sec10/
+
| TOPS-20
 
|-
 
|-
|30th International Cryptology Conference
+
| 11
|Aug 15-19<Santa Barbara, CA
+
|
|http://www.iacr.org/conferences/crypto2010/
+
| NTFS filesystem (NT)
 
|-
 
|-
|6th International Conference on Security and Privacy in Communication Networks
+
| 12
|Sep 07-10<br>Singapore
+
|
|http://www.securecomm.org/index.shtml
+
| QDOS
 
|-
 
|-
|2nd International Workshop on Security in Cloud Computing (SCC'2010)
+
| 13
|Sep 13-16<br>San Diego, CA
+
|
|http://bingweb.binghamton.edu/~ychen/SCC2010.htm
+
| Acorn RISCOS
 
|-
 
|-
|13th International Symposium on Recent Advances in Intrusion Detection
+
| 255
|Sep 15-17<br>Ottowa, Ontario, Canada
+
|
|http://www.raid2010.org/
+
| unknown
|-
+
|}
|European Symposium on Research in Computer Security
+
 
|Sep 20-22<br>Athens, Greece
+
=== Optional headers ===
|http://www.esorics2010.org/
+
==== Extra fields ====
|-
+
<b>TODO: add description</b>
|2010 HTCIA International Training Conference & Exposition
+
 
|Sep 20-22<br>Atlanta, GA
+
The extra field are variable of size and contains:
|http://www.htciaconference.org/
+
{| class="wikitable"
|-
+
! align="left"| Offset
|New Security Paradigms Workshop (NSPW)
+
! Size
|Sep 21-23<br>Concord, MA
+
! Value
|http://www.nspw.org/2010
+
! Description
|-
+
|VB2010 Fighting malware and spam
+
|Sep 29-Oct 01<br>Vancouver, BC, Canada
+
|http://www.virusbtn.com/conference/vb2010/
+
|-
+
|17th ACM Computer and Communications Security Conference
+
|Oct 04-08<br>Chicago, IL
+
|http://www.sigsac.org/ccs/CCS2010/
+
 
|-
 
|-
|2nd International ICST Conference on Digital Forensics & Cyber Crime (ICDF2C)
+
| 0
|Oct 04-06<br>Abu Dhabi, UAE
+
| 2
|http://www.d-forensics.org/
+
|  
|-
+
| Extra field data size <br> Value in bytes.
|Techno Forensics 2010
+
|Oct 25-26<br>Gaithersburg, MD
+
|http://www.techsec.com/html/TechnoForensics2010.html
+
|-
+
|2010 IEEE International Conference on Technologies for Homeland Security
+
|Nov 08-10<br>Waltham, MA
+
|http://ieee-hst.org/
+
|-
+
|IFIP Working Group 11.9 - Digital Forensics
+
|January 2011<br>Unknown
+
|http://www.ifip119.org/Conferences/
+
 
|-
 
|-
 +
| 2
 +
| ...
 +
|
 +
| Extra field data
 
|}
 
|}
  
== On-going / Continuous Training ==
+
==== Original file name ====
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
This is the original name of the file being compressed, with any directory components removed, and, if the file being compressed is on a file system with case insensitive names, forced to lower case.
|- style="background:#bfbfbf; font-weight: bold"
+
 
! width="40%"|Title
+
Contains an ISO 8859-1 (LATIN-1) string with end-of-string character.
! width="20%"|Date/Location
+
 
! width="40%"|Website
+
==== Comment ====
 +
Contains an ISO 8859-1 (LATIN-1) string with end-of-string character. Line breaks should be denoted by a single line feed character.
 +
 
 +
==== Header checksum ====
 +
The header checksum contain a CRC-16 that consists of the two least significant bytes of the CRC-32 for all bytes of the gzip header up to and not including the CRC-16.
 +
 
 +
=== File footer ===
 +
The file footer is 8 bytes in size and contains:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 
|-
 
|-
|- style="background:pink;align:left"
+
| 0
! DISTANCE LEARNING
+
| 4
|-
+
|
|Basic Computer Examiner Course - Computer Forensic Training Online
+
| Checksum (CRC-32)
|Distance Learning Format
+
|http://www.cftco.com
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|SANS On-Demand Training
+
|Distance Learning Format
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|Champlain College - CCE Course
+
|Online / Distance Learning Format
+
|http://extra.champlain.edu/cps/wdc/alliances/cce/landing/
+
|-
+
|Las Positas College
+
|Online Computer Forensics Courses
+
|http://www.laspositascollege.edu
+
|-
+
|- style="background:pink;align:left"
+
!RECURRING TRAINING
+
|-
+
|MaresWare Suite Training
+
|First full week every month<br>Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month<br>Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|Third weekend of every month(Fri-Mon)<br>Dallas, TX
+
|http://www.md5group.com
+
 
|-
 
|-
 +
| 4
 +
| 4
 +
|
 +
| Uncompressed data size <br> Value in bytes.
 
|}
 
|}
  
==See Also==
+
== See Also ==
* [[Scheduled Training Courses]]
+
* [[bz2 file]]
==References==
+
 
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
== External Links ==
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
 
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
* [http://www.gzip.org/format.txt The gzip file format], by the [http://www.gzip.org/ gzip project]
 +
* [http://www.gzip.org/algorithm.txt The gzip compression algorithm], by the [http://www.gzip.org/ gzip project]
 +
* [http://tools.ietf.org/html/rfc1952 RFC1952: GZIP file format specification version 4.3], by [[IETF]]
 +
* [http://en.wikipedia.org/wiki/Gzip Wikipedia: gzip]
 +
 
 +
[[Category:File Formats]]

Revision as of 22:22, 28 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

File format

The gzip file (.gz) format consists of:

  • a file header
  • optional headers
    • extra fields
    • original file name
    • comment
    • header checksum
  • a body, containing a DEFLATE-compressed payload
  • a file footer

The gzip format uses little-endian.

Offset Characteristics Description
Byte order little-endian
Date and time values Filetime in UTC
Character string ISO 8859-1 (LATIN-1)

File header

The file header is 10 bytes in size and contains:

Offset Size Value Description
0 2 0x1f 0x8b Signature (or identification byte 1 and 2)
2 1 Compression Method
3 1 Flags
4 4 Last modification time
Contains a POSIX timestamp.
8 1 Extra flags
9 1 Operating system
Value that indicates on which operating system the gzip file was created.

Compression method

Value Identifier Description
0 - 7 Reserved
8 "deflate" zlib compressed data

Flags

Value Identifier Description
0x01 FTEXT If set the uncompressed data needs to be treated as text instead of binary data.
This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
0x02 FHCRC The file contains a header checksum (CRC-16)
0x04 FEXTRA The file contains extra fields
0x08 FNAME The file contains an original file name string
0x10 FCOMMENT The file contains comment
0x20 Reserved
0x40 Reserved
0x80 Reserved

Note: The FHCRC bit was never set by versions of gzip up to 1.2.4, even though it was documented with a different meaning in gzip 1.2.4.

Extra flags

If compression method is 8 the following extra flags can be defined:

Value Identifier Description
0x02 compressor used maximum compression, slowest algorithm
0x04 compressor used fastest algorithm

Operating System

Value Identifier Description
0 FAT filesystem (MS-DOS, OS/2, NT/Win32)
1 Amiga
2 VMS (or OpenVMS)
3 Unix
4 VM/CMS
5 Atari TOS
6 HPFS filesystem (OS/2, NT)
7 Macintosh
8 Z-System
9 CP/M
10 TOPS-20
11 NTFS filesystem (NT)
12 QDOS
13 Acorn RISCOS
255 unknown

Optional headers

Extra fields

TODO: add description

The extra field are variable of size and contains:

Offset Size Value Description
0 2 Extra field data size
Value in bytes.
2 ... Extra field data

Original file name

This is the original name of the file being compressed, with any directory components removed, and, if the file being compressed is on a file system with case insensitive names, forced to lower case.

Contains an ISO 8859-1 (LATIN-1) string with end-of-string character.

Comment

Contains an ISO 8859-1 (LATIN-1) string with end-of-string character. Line breaks should be denoted by a single line feed character.

Header checksum

The header checksum contain a CRC-16 that consists of the two least significant bytes of the CRC-32 for all bytes of the gzip header up to and not including the CRC-16.

File footer

The file footer is 8 bytes in size and contains:

Offset Size Value Description
0 4 Checksum (CRC-32)
4 4 Uncompressed data size
Value in bytes.

See Also

External Links