Difference between pages "AFF4" and "Upcoming events"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(New page: = Advanced Forensic Framework 4 (AFF4) = == Why did we want to design yet another forensic file format? == Traditional forensic file formats have a number of limitations which have been ...)
 
(Conferences)
 
Line 1: Line 1:
= Advanced Forensic Framework 4 (AFF4) =
+
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
 +
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
 +
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
  
== Why did we want to design yet another forensic file format? ==
+
This is a BY DATE listing of upcoming events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
  
Traditional forensic file formats have a number of limitations which have been exposed over the years:
+
This listing is divided into three sections (described as follows):<br>
 +
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
 +
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
 +
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
  
* Proprietary formats like EWF are difficult to implement and explain. EWF is a fairly complex file format. Most of the details are reverse engineered. Recovery from damaged EWF files is difficult as detailed knowledge of the file format is required.
+
== Calls For Papers ==
 +
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
  
* Simple file formats like dd are very large since they are uncompressed. They also dont store metadata, signatures or have cryptographic support.
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="30%|Title
 +
! width="15%"|Due Date
 +
! width="15%"|Notification Date
 +
! width="40%"|Website
 +
|-
 +
|IEEE Symposium on Security and Privacy
 +
|Nov 13, 2013
 +
|
 +
|http://www.ieee-security.org/TC/SP2014/cfp.html
 +
|-
 +
|DFRWS-Europe 2014
 +
|Dec 01, 2013
 +
|Mar 01, 2014
 +
|http://www.dfrws.org/2014eu/index.shtml
 +
|-
 +
|8th International Conference on IT Security Incident Management & IT Forensics - IMF2014
 +
|Dec 01, 2013
 +
|Jan 31, 2014
 +
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/cfp.html
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Dec 01, 2013
 +
|Feb 25, 2014
 +
|http://www.dsn.org/
 +
|-
 +
|CyberPatterns 2014
 +
|Jan 03, 2014
 +
|Jan 17, 2014
 +
|http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jan 10, 2014
 +
|Mar 14, 2014
 +
|http://acns2014.epfl.ch/callpapers.php
 +
|-
 +
|USENIX Annual Technical Conference
 +
|Jan 28, 2014
 +
|Apr 07, 2014
 +
|https://www.usenix.org/conference/atc14/call-for-papers
 +
|-
 +
|Audio Engineering Society (AES) Conference on Audio Forensics
 +
|Jan 31, 2014
 +
|Mar 15, 2014
 +
|http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
 +
|-
 +
|DFRWS - USA 2014
 +
|Feb 13, 2014
 +
|Apr 07, 2014
 +
|http://dfrws.org/2014/cfp.shtml
 +
|-
 +
|}
  
* Traditional file formats are designed to store a single stream. Often in an investigation, however, multiple source of data need to be acquired (sometimes simultaneously) and stored in the same evidence volumes.
+
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
  
* Traditional file formats just deal with data - there is no attempt to build a universal evidence management system integrated within the file specification.
+
== Conferences ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|Paraben Forensic Innovations Conference
 +
|Nov 13-15<br>Salt Lake City, UT, USA
 +
|http://www.pfic-conference.com/
 +
|-
 +
|2013 International Conference on Information and Communications Security
 +
|Nov 20-22<br>Beijing, China
 +
|http://icsd.i2r.a-star.edu.sg/icics2013/index.php
 +
|-
 +
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
 +
|Nov 21-22<br>Hong Kong, China
 +
|http://conf.ncku.edu.tw/sadfe/sadfe13/
 +
|-
 +
|Black Hat-Regional Summit
 +
|Nov 26-27<br>Sao Paulo, Brazil
 +
|https://www.blackhat.com/sp-13
 +
|-
 +
| Botconf'13 - First Botnet Fighting Conference
 +
| Dec 05-06<br>Nantes, France
 +
|https://www.botconf.eu/
 +
|-
 +
|29th Annual Computer Security Applications Conference (ACSAC)
 +
|Dec 09-13<br>New Orleans, LA, USA
 +
|http://www.acsac.org
 +
|-
 +
|IFIP WG 11.9 International Conference on Digital Forensics
 +
|Jan 08-10<br>Vienna, Austria
 +
|http://www.ifip119.org/Conferences/
 +
|-
 +
|AAFS 66th Annual Scientific Meeting
 +
|Feb 17-22<br>Seattle, WA, USA
 +
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
 +
|-
 +
|21st Network & Distributed System Security Symposium
 +
|Feb 23-26<br>San Diego, CA, USA
 +
|http://www.internetsociety.org/events/ndss-symposium
 +
|-
 +
|Fourth ACM Conference on Data and Application Security and Privacy 2014
 +
|Mar 03-05<br>San Antonio, TX, USA
 +
|http://www1.it.utsa.edu/codaspy/
 +
|-
 +
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
 +
|Mar 24-25<br>West Lafayette, IN, USA
 +
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
 +
|-
 +
|CyberPatterns 2014
 +
|Apr 11<br>Oxford, United Kingdom
 +
|http://tech.brookes.ac.uk/CyberPatterns2014/
 +
|-
 +
|DFRWS-Europe 2014
 +
|May 07-09<br>Amsterdam, Netherlands
 +
|http://dfrws.org/2014eu/index.shtml
 +
|-
 +
|8th International Conference on IT Security Incident Management & IT Forensics
 +
|May 12-14<br>Muenster, Germany
 +
|http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
 +
|-
 +
|2014 IEEE Symposium on Security and Privacy
 +
|May 16-23<br>Berkley, CA, USA
 +
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
 +
|-
 +
|Techno-Security and Forensics Conference
 +
|Jun 01-04<br>Myrtle Beach, SC, USA
 +
|http://www.techsec.com/html/Security%20Conference%202014.html
 +
|-
 +
|Mobile Forensics World
 +
|Jun 01-04<br>Myrtle Beach, SC, USA
 +
|http://www.techsec.com/html/MFC-2014-Spring.html
 +
|-
 +
|12th International Conference on Applied Cryptography and Network Security
 +
|Jun 10-13<br>Lausanne, Switzerland
 +
|http://acns2014.epfl.ch/
 +
|-
 +
|54th Conference on Audio Forensics
 +
|Jun 12-14<br>London, England
 +
|http://www.aes.org/conferences/54/
 +
|-
 +
|2014 USENIX Annual Technical Conference
 +
|Jun 19-20<br>Philadelphia, PA, USA
 +
|https://www.usenix.org/conference/atc14
 +
|-
 +
|44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
 +
|Jun 23-26<br>Atlanta, GA, USA
 +
|http://www.dsn.org/
 +
|-
 +
|Symposium On Usable Privacy and Security (SOUPS) 2014
 +
|Jul 09-11<br>Menlo Park, CA, USA
 +
|http://cups.cs.cmu.edu/soups/2013/
 +
|-
 +
|Black Hat USA 2014
 +
|Aug 02-07<br>Las Vegas, NV, USA
 +
|https://www.blackhat.com
 +
|-
 +
|DFRWS 2014
 +
|Aug 03-06<br>Denver, CO, USA
 +
|http://dfrws.org/2014/index.shtml
 +
|-
 +
|RCFG GMU 2014
 +
|Aug 04-08<br>Fairfax, VA, USA
 +
|http://www.rcfg.org/gmu/
 +
|-
 +
|23rd USENIX Security Symposium
 +
|Aug 20-22<br>San Diego, CA, USA
 +
|https://www.usenix.org/conferences
 +
|-
 +
|25th Annual Conference & Digital Multimedia Evidence Training Symposium
 +
|Oct 06-10<br>Coeur d’Alene, ID, USA
 +
|http://www.leva.org/annual-training-conference/
 +
|-
 +
|}
  
 
+
==See Also==
The previous AFF format made huge advancements in the field introducing excellent support for cryptography, digital signatures, compression and even the concepts of external referencing. It was time to gather up all the good things in AFF and redesign a new AFF4 specification.
+
* [[Training Courses and Providers]]
 
+
==References==
We wanted to use a well recognized, widely supported and open bit level format. One of the strengths of AFF was the use of segments within the file format itself. It because obvious that the only requirement we have from an underlying storage mechanism is the ability to store blobs of data by name, and retrieve them by that name. How these are actually stored is quite irrelevant to us.
+
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
 
+
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
The sections below give a quick overview to some of the major ideas.
+
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
 
+
== Objects ==
+
 
+
AFF4 is an object oriented architecture. We term the ''AFF4 universe'' the total set of objects which are known. Because AFF4 is designed to be scalable to huge evidence corpuses the AFF4 universe is infinite. All objects are addressable by their name which is unique in the universe. For example an AFF4 object might have a name of:
+
 
+
    urn:aff4:f3eba626-505a-4730-8216-1987853bc4d2
+
 
+
This is a standard URN notation object. The URN is unique. There will never be another object created anywhere in the universe with the same URN. Once objects are created their URN is fixed.
+
 
+
== Relations ==
+
The AFF4 universe uses RDF to specify attributes about objects. In its simplest form (the one we use) RDF is just a set of statements about an object of the form:
+
 
+
  Subject  Attribute  Value
+
 
+
For example:
+
  <nowiki>
+
  ******** Object urn:aff4:f3eba626-505a-4730-8216-1987853bc4d2 ***********
+
aff4:stored = urn:aff4:4bdbf8bc-d8a5-40cb-9af0-fd7e4d0e2c9e
+
aff4:type = image
+
aff4:interface = stream
+
aff4:timestamp = 0x49E9DEC3
+
aff4:chunk_size = 32k
+
aff4:compression = 8
+
aff4:chunks_in_segment = 2048
+
aff4:size = 10485760
+
  </nowiki>
+
 
+
This shows that the object named (the Subject) has all these attributes and their values. We call these ''relations'' or ''facts''. The entire AFF4 universe is constructed around these facts. As we will see later facts can be signed by a person - which essentially has the person asserting that the facts are true.
+
 
+
AFF4 objects exist because they do something useful. What they do depends on the interface they present. Currently there are a few interfaces, the most important ones are the '''Volume''' interface and the '''Stream''' interface. An object's interface is a fact about the object with an attribute of aff4:interface. This tells us what the object can do for us.
+
 
+
On the other hand AFF4 objects can actually be different things and do what they do in a different way. The actual type of an object is specified by the attribute aff4:type. Whereas an interface tells us what the object can do for us, a type tells us what it actually is. (Its possible to change an object's type without changing its interface for example going from a ZipFile to a Directory volume. This does not affect any users of the object).
+
 
+
== Volumes ==
+
 
+
We define a '''Volume''' as a storage mechanism which can store a segment (bit of binary data) by name and retrieve it by name. Currently we have two volume implementations: a '''Directory''' and a '''ZipFile'''.
+
 
+
=== Directory Volume ===
+
 
+
The Directory implementation stores the segments as flat files inside a regular directory on the filesystem. This is really useful if we want to image to a FAT filesystem since each segment is really small and we will not exceed the file size limitations. Its also possible to root the directory on a http url (i.e. the directory starts with http://somehost/url/). This allows us to use the image directly from the web - no need to download the whole thing.
+
 
+
=== ZipFile Volume ===
+
 
+
The ZipFile implementation stores segments inside a zip archive. If the archive gets too large (over 4Gb) we use the Zip64 extensions to store offsets in 64 bits. This is nice since small volumes can just be opened with windows explorer. Its also really easy to extract the data out.
+
 
+
Example: http://www.pyflag.net/images/test.zip is an example of a small (about 1mb) AFF4 image.
+
 
+
Directory and ZipFile volumes can be easily converted from one to the other (i.e. unzip the ZipFile into a directory to create a Directory volume).
+
 
+
== Streams ==
+
 
+
Streams are the basic interface for storing image data. Streams present a consistent interface which presents the methods of ''read'', ''seek'', ''tell' and ''close''. (Streams also support ''write'', but thats a bit special because its how you actually create them).
+
 
+
As long as an AFF4 object presents a stream interface its possible to perform random reads within the body of data. Hence its possible to store any image data within the stream. The following section explain some of the specific implementations of streams.
+

Revision as of 08:10, 19 November 2013

PLEASE READ BEFORE YOU EDIT THE LISTS BELOW
When events begin the same day, events of a longer length should be listed first. New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).
Some events may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

This is a BY DATE listing of upcoming events relevant to digital forensics. It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic conferences page, but entries in this list have specific dates and locations for the upcoming event.

This listing is divided into three sections (described as follows):

  1. Calls For Papers - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)

  2. Conferences - Conferences relevant for Digital Forensics (Name, Date, Location, URL)

  3. Training Courses and Providers - Training

Calls For Papers

Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.

Title Due Date Notification Date Website
IEEE Symposium on Security and Privacy Nov 13, 2013 http://www.ieee-security.org/TC/SP2014/cfp.html
DFRWS-Europe 2014 Dec 01, 2013 Mar 01, 2014 http://www.dfrws.org/2014eu/index.shtml
8th International Conference on IT Security Incident Management & IT Forensics - IMF2014 Dec 01, 2013 Jan 31, 2014 http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/cfp.html
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Dec 01, 2013 Feb 25, 2014 http://www.dsn.org/
CyberPatterns 2014 Jan 03, 2014 Jan 17, 2014 http://tech.brookes.ac.uk/CyberPatterns2014/CFPCyberpatterns2014.pdf
12th International Conference on Applied Cryptography and Network Security Jan 10, 2014 Mar 14, 2014 http://acns2014.epfl.ch/callpapers.php
USENIX Annual Technical Conference Jan 28, 2014 Apr 07, 2014 https://www.usenix.org/conference/atc14/call-for-papers
Audio Engineering Society (AES) Conference on Audio Forensics Jan 31, 2014 Mar 15, 2014 http://www.aes.org/conferences/54/downloads/54thCallForContributions.pdf
DFRWS - USA 2014 Feb 13, 2014 Apr 07, 2014 http://dfrws.org/2014/cfp.shtml

See also WikiCFP 'Forensics'

Conferences

Title Date/Location Website
Paraben Forensic Innovations Conference Nov 13-15
Salt Lake City, UT, USA
http://www.pfic-conference.com/
2013 International Conference on Information and Communications Security Nov 20-22
Beijing, China
http://icsd.i2r.a-star.edu.sg/icics2013/index.php
8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE) Nov 21-22
Hong Kong, China
http://conf.ncku.edu.tw/sadfe/sadfe13/
Black Hat-Regional Summit Nov 26-27
Sao Paulo, Brazil
https://www.blackhat.com/sp-13
Botconf'13 - First Botnet Fighting Conference Dec 05-06
Nantes, France
https://www.botconf.eu/
29th Annual Computer Security Applications Conference (ACSAC) Dec 09-13
New Orleans, LA, USA
http://www.acsac.org
IFIP WG 11.9 International Conference on Digital Forensics Jan 08-10
Vienna, Austria
http://www.ifip119.org/Conferences/
AAFS 66th Annual Scientific Meeting Feb 17-22
Seattle, WA, USA
http://www.aafs.org/aafs-66th-annual-scientific-meeting
21st Network & Distributed System Security Symposium Feb 23-26
San Diego, CA, USA
http://www.internetsociety.org/events/ndss-symposium
Fourth ACM Conference on Data and Application Security and Privacy 2014 Mar 03-05
San Antonio, TX, USA
http://www1.it.utsa.edu/codaspy/
9th International Conference on Cyber Warfare and Security (ICCWS-2014) Mar 24-25
West Lafayette, IN, USA
http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
CyberPatterns 2014 Apr 11
Oxford, United Kingdom
http://tech.brookes.ac.uk/CyberPatterns2014/
DFRWS-Europe 2014 May 07-09
Amsterdam, Netherlands
http://dfrws.org/2014eu/index.shtml
8th International Conference on IT Security Incident Management & IT Forensics May 12-14
Muenster, Germany
http://www1.gi-ev.de/fachbereiche/sicherheit/fg/sidar/imf/imf2014/
2014 IEEE Symposium on Security and Privacy May 16-23
Berkley, CA, USA
http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
Techno-Security and Forensics Conference Jun 01-04
Myrtle Beach, SC, USA
http://www.techsec.com/html/Security%20Conference%202014.html
Mobile Forensics World Jun 01-04
Myrtle Beach, SC, USA
http://www.techsec.com/html/MFC-2014-Spring.html
12th International Conference on Applied Cryptography and Network Security Jun 10-13
Lausanne, Switzerland
http://acns2014.epfl.ch/
54th Conference on Audio Forensics Jun 12-14
London, England
http://www.aes.org/conferences/54/
2014 USENIX Annual Technical Conference Jun 19-20
Philadelphia, PA, USA
https://www.usenix.org/conference/atc14
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Jun 23-26
Atlanta, GA, USA
http://www.dsn.org/
Symposium On Usable Privacy and Security (SOUPS) 2014 Jul 09-11
Menlo Park, CA, USA
http://cups.cs.cmu.edu/soups/2013/
Black Hat USA 2014 Aug 02-07
Las Vegas, NV, USA
https://www.blackhat.com
DFRWS 2014 Aug 03-06
Denver, CO, USA
http://dfrws.org/2014/index.shtml
RCFG GMU 2014 Aug 04-08
Fairfax, VA, USA
http://www.rcfg.org/gmu/
23rd USENIX Security Symposium Aug 20-22
San Diego, CA, USA
https://www.usenix.org/conferences
25th Annual Conference & Digital Multimedia Evidence Training Symposium Oct 06-10
Coeur d’Alene, ID, USA
http://www.leva.org/annual-training-conference/

See Also

References