Difference between pages "Upcoming events" and "Memory Imaging"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
(External Links)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{expand}}
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
Memory imaging is the process of making a bit-by-bit copy of memory. In principle it is similar to [[Disk Imaging]].
  
This listing is divided into three sections (described as follows):<br>
+
For physical memory it is common to have sections that are not accessible, e.g. because of memory-mapped I/O
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
  
== Calls For Papers ==
+
The resulting copy is stored in a [[:Category:Forensics_File_Formats|Forensics image format]].
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
Some of these formats have means to differentiate between an image of memory and e.g. that of a disk.
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
== Methods ==
|- style="background:#bfbfbf; font-weight: bold"
+
! width="30%|Title
+
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
|-
+
|4th Annual Open Source Digital Forensics Conference
+
|May 01, 2013
+
|
+
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
+
|-
+
|5th International Conference on Digital Forensics & Cyber Crime (ICDF2C 2013)
+
|May 17, 2013
+
|Jun 17, 2013
+
|http://d-forensics.org/2013/show/cf-papers
+
|-
+
|2nd Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns Workshop
+
|May 20, 2013
+
|Jun 10, 2013
+
|http://tech.brookes.ac.uk/CyberPatterns2013
+
|-
+
|29th Annual Computer Security Applications Conference
+
|Jun 01, 2013
+
|Aug 15, 2013
+
|http://www.acsac.org/2013/cfp/
+
|-
+
|Eighth International Workshop on Systematic Approaches to Digital Forensics Engineering
+
|June 24, 2013
+
|October 1, 2013
+
|http://conf.ncku.edu.tw/sadfe/sadfe13/
+
|-
+
|AAFS 66th Annual Scientific Meeting
+
|Aug 01, 2013
+
|Nov 2013
+
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
+
|-
+
|}
+
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
=== Reading from the Physical Memory Object ===
 +
In [[Windows]] the Physical Memory Object, \\Device\PhysicalMemory, can be used the access physical memory. Since Windows 2003 SP1 user-mode access to this device-object is no longer permitted [http://technet.microsoft.com/en-en/library/cc787565(v=ws.10).aspx]. A kernel-mode process is still allowed to read from this device-object.
  
== Conferences ==
+
=== MmMapIoSpace ===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="20%"|Date/Location
+
! width="40%"|Website
+
|-
+
|8th Annual Workshop on Digital Forensics and Incident Analysis (WDFIA)
+
|May 08-10<br>Lisbon, Portugal
+
|http://www.wdfia.org/default.asp
+
|-
+
|European Information Security Multi-Conference (EISMC 2013)
+
|May 08-10<br>Lisbon, Portugal
+
|http://www.eismc.org/
+
|-
+
|IEEE Symposium on Security & Privacy
+
|May 19-23<br>San Francisco, CA
+
|http://www.ieee-security.org/TC/SP2013/index.html
+
|-
+
|International Workshop on Cyber Crime
+
|May 24<br>San Francisco, CA
+
|http://stegano.net/IWCC2013/
+
|-
+
|Techno Security and Forensics Investigation Conference
+
|Jun 02-05<br>Myrtle Beach, SC
+
|http://www.thetrainingco.com/html/Security%20Conference%202013.html
+
|-
+
|Mobile Forensics World
+
|Jun 02-05<br>Myrtle Beach, SC
+
|http://www.techsec.com/html/MFC-2013-Spring.html
+
|-
+
|ADFSL 2013 Conference on Digital Forensics, Security and Law
+
|Jun 10-12<br>Richmond, VA
+
|http://www.digitalforensics-conference.org/index.htm
+
|-
+
|FIRST Conference
+
|Jun 16-21<br>Bangkok, Thailand
+
|http://conference.first.org/2013/
+
|-
+
|The 1st ACM Workshop on Information Hiding and Multimedia Security
+
|Jun 17-19<br>Montpellier, France
+
|http://ihmmsec.org/
+
|-
+
|28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference
+
|Jul 08-10<br>Auckland, New Zealand
+
|http://www.sec2013.org/
+
|-
+
|The Second International Workshop on Cyber Patterns: Unifying Design Patterns with Security, Attack and Forensic Patterns
+
|Jul 08-09<br>Abingdon, Oxfordshire, United Kingdom
+
|http://tech.brookes.ac.uk/CyberPatterns2013
+
|-
+
|10th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
+
|Jul 18-19<br>Berlin, Germany
+
|http://dimva.sec.t-labs.tu-berlin.de/
+
|-
+
|Symposium On Usable Privacy and Security (SOUPS)
+
|Jul 24-26<br>Newcastle, United Kingdom
+
|http://cups.cs.cmu.edu/soups/2013/
+
|-
+
|BlackHat USA
+
|Jul 27-Aug 01<br>Las Vegas, NV
+
|https://www.blackhat.com/us-13/
+
|-
+
|DFRWS 2013
+
|Aug 04-07<br>Monterey, CA
+
|http://dfrws.org/2013
+
|-
+
|Regional Computer Forensics Group GMU 2013
+
|Aug 05-09<br>Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '13)
+
|Aug 12<br>Washington, DC
+
|https://www.usenix.org/conferences?page=1
+
|-
+
|8th USENIX Workshop on Hot Topics in Security (HotSec '13)
+
|Aug 13<br>Washington, DC
+
|https://www.usenix.org/conferences?page=1
+
|-
+
|22nd USENIX Security Symposium - USENIX Security '13
+
|Aug 14-16<br>Washington, DC
+
|https://www.usenix.org/conference/usenixsecurity13
+
|-
+
|6th International Workshop on Digital Forensics (WSDF 2013)
+
|Sep 02-06<br>Regensburg, Germany
+
|http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95
+
|-
+
|2013 HTCIA International Conference & Training Expo
+
|Sep 08-11<br>Summerlin, NV
+
|http://www.htciaconference.org/
+
|-
+
|New Security Paradigms Workshop (NSPW)
+
|Sep 09-12<br>The Banff Center, Canada
+
|http://www.nspw.org/current/
+
|-
+
|Black Hat-Regional Summit
+
|Sep 10-12<br>Istanbul, Turkey
+
|https://www.blackhat.com/is-13/
+
|-
+
|French-Speaking Days on Digital Investigations-Journées Francophones de l'Investigation Numérique (AFSIN)
+
|Sep 10-12<br>Neuchâtel, Switzerland
+
|https://www.afsin.org/
+
|-
+
|5th International Conference on Digital Forensics & Cyber Crime
+
|Sep 25-27<br>Moscow, Russia
+
|http://d-forensics.org/2013/show/home
+
|-
+
|VB2013 - the 23rd Virus Bulletin International Conference
+
|Oct 02-04<br>Berlin, Germany
+
|http://www.virusbtn.com/conference/vb2013/index
+
|-
+
|16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
+
|Oct 23-25<br>St. Lucia
+
|http://www.raid2013.org/
+
|-
+
|4th Annual Open Source Digital Forensics Conference (OSDF)
+
|Nov 04-05<br>Chantilly, VA
+
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
+
|-
+
|Paraben Forensic Innovations Conference
+
|Nov 13-15<br>Salt Lake City, UT
+
|http://www.pfic-conference.com/
+
|-
+
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
+
|Nov 21-22<br>Hong Kong, China
+
|http://conf.ncku.edu.tw/sadfe/sadfe13/
+
|-
+
|Black Hat-Regional Summit
+
|Nov 26-27<br>Sao Paulo, Brazil
+
|https://www.blackhat.com/sp-13
+
|-
+
|29th Annual Computer Security Applications Conference (ACSAC)
+
|Dec 09-13<br>New Orleans, LA
+
|http://www.acsac.org
+
|-
+
|AAFS 66th Annual Scientific Meeting
+
|Feb 17-22<br>Seattle, WA
+
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
+
|-
+
|}
+
  
==See Also==
+
The MmMapIoSpace function (or routine) is kernel-mode function to map a physical address range to non-paged system space [http://msdn.microsoft.com/en-us/library/windows/hardware/ff554618(v=vs.85).aspx].
* [[Training Courses and Providers]]
+
 
==References==
+
== Also see ==
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
* [[Memory analysis]]
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
* [[:Tools:Memory_Imaging|Memory Imaging Tools]]
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
 
 +
== External Links ==
 +
* [http://en.wikipedia.org/wiki/Memory-mapped_I/O Wikipedia article on Memory-mapped I/O]
 +
* [http://www.dfrws.org/2013/proceedings/DFRWS2013-13.pdf Anti-forensic resilient memory acquisition], by [[Johannes Stuettgen]], [[Michael Cohen]], August 2013
 +
* [http://takahiroharuyama.github.io/blog/2014/01/07/64bit-big-size-ram-acquisition-problem/ 64bit Big Sized RAM Image Acquisition Problem], by [[Takahiro haruyama]], January 7, 2014
 +
* [http://brimorlabs.blogspot.com/2014/01/all-memory-dumping-tools-are-not-same.html All memory dumping tools are not the same], by [[Brian Moran]], January 14, 2014
 +
* [http://www.rekall-forensic.com/docs/References/Papers/DFRWS2014EU.html Robust Linux memory acquisition with minimal target impact], [[Johannes Stüttgen]] [[Michael Cohen]], May 2014
 +
 
 +
[[Category:Memory Analysis]]

Revision as of 00:57, 27 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Memory imaging is the process of making a bit-by-bit copy of memory. In principle it is similar to Disk Imaging.

For physical memory it is common to have sections that are not accessible, e.g. because of memory-mapped I/O

The resulting copy is stored in a Forensics image format. Some of these formats have means to differentiate between an image of memory and e.g. that of a disk.

Methods

Reading from the Physical Memory Object

In Windows the Physical Memory Object, \\Device\PhysicalMemory, can be used the access physical memory. Since Windows 2003 SP1 user-mode access to this device-object is no longer permitted [1]. A kernel-mode process is still allowed to read from this device-object.

MmMapIoSpace

The MmMapIoSpace function (or routine) is kernel-mode function to map a physical address range to non-paged system space [2].

Also see

External Links