Difference between pages "Upcoming events" and "Research Topics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Scheduled Training Courses)
 
m (SleuthKit Enhancements)
 
Line 1: Line 1:
Here is a BY DATE listing of '''upcoming conferences and training events''' that pertain to [[digital forensics]]. Some of these duplicate the generic [[conferences]], but have specific dates/locations for the upcoming conference/training event.
+
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
  
<b> The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv</b>
+
==Disk Forensics==
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
===SleuthKit Enhancements===
<b> Any requests for additions, deletions or corrections to this list should be sent by email to David Baker <i>(bakerd AT mitre.org)</i>. </b>
+
* Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK. (I've already started on this if you want the code.)
 +
* Make SleuthKit handle Encrypted Files.
 +
* Modify SleuthKit to report the physical location on disk of compressed files.
  
== Calls For Papers ==
+
===Stream Forensics===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Process the entire disk with one pass, or at most two, to minimize seek time.
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|First Annual European DeepSec In-Depth Security Conference
+
|Jun 10, 2007
+
|http://deepsec.net/cfp/
+
|-
+
|DFRWS 2007 File Carving Challenge
+
|Jul 09, 2007
+
|http://www.dfrws.org/2007/challenge/submission.html
+
|-
+
|}
+
  
== Conferences ==
+
===Evidence Falsification===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Automatically detect falsified digital evidence.
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|2007 Techno-Security Conference
+
|Jun 03-06, Myrtle Beach, SC
+
|http://www.techsec.com/html/Techno2007.html
+
|-
+
|Computer Security Institute NetSec '07
+
|Jun 11-13, Scottsdale, AZ
+
|http://www.gocsi.com/netsec/
+
|-
+
|2007 USENIX Annual Technical Conference
+
|Jun 17-22, Santa Clara, CA
+
|http://www.usenix.org/events/
+
|-
+
|Third Government Forum of Incident Response and Security Teams Conference
+
|Jun 25-29, Orlando, FL
+
|http://www.us-cert.gov/GFIRST/index.html
+
|-
+
|First International Workshop on Cyber-Fraud
+
|Jul 01-06, San Jose, CA
+
|http://www.iaria.org/conferences2007/CYBERFRAUD.html
+
|-
+
|Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2007
+
|Jul 12-13, Lucerne, Switzerland
+
|http://www.gi-ev.de/fachbereiche/sicherheit/fg/sidar/dimva/
+
|-
+
|16th USENIX Security Symposium
+
|Aug 06-10, Boston, MA
+
|http://www.usenix.org/events/
+
|-
+
|GMU 2007 Symposium
+
|Aug 06-10, George Mason University, Fairfax, VA
+
|http://www.rcfg.org
+
|-
+
|[[Digital Forensic Research Workshop|Digital Forensic Research Workshop 2007]]
+
|Aug 13-15, Pittsburgh, PA
+
|http://www.dfrws.org/2007/index.html
+
|-
+
|HTCIA 2007 International Training Conference & Exposition
+
|Aug 27-29, San Diego, CA
+
|http://www.htcia-sd.org/htcia2007.html
+
|-
+
|Recent Advances in Intrusion Detection (RAID) 2007
+
|Sep 05-07, Gold Coast, Queensland, Australia
+
|http://www.isi.qut.edu.au/events/conferences/raid07
+
|-
+
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
+
|Sep 10-14, Modena, Italy
+
|http://www.iciap2007.org
+
|-
+
|3rd International Conference on IT-Incident Management & IT-Forensics
+
|Sep 11-12, Stuttgart, Germany
+
|http://www.imf-conference.org/
+
|-
+
|Black and White Ball
+
|Sep 25-28, London, UK
+
|http://www.theblackandwhiteball.co.uk/
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 2008, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|}
+
  
== On-going / Continuous Training ==
+
===Sanitization===
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
Detect and diagnose sanitization attempts.
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Basic Computer Examiner Course
+
|Computer Forensic Training Online
+
|http://www.cftco.com
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|}
+
  
== Scheduled Training Courses ==
+
 
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
===[[AFF]] Enhancement===
|- style="background:#bfbfbf; font-weight: bold"
+
* Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
! Title
+
 
! Date/Location
+
* Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
! Website
+
 
! Limitation
+
* Improve the data recovery features of aimage.
|-
+
 
|Computer Network Investigations Training Program (CNITP)
+
* Replace AFF's current table-of-contents system with one based on B+ Trees.
|May 15-25, FLETC, Glynco, GA
+
 
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
==Timeline Analysis==
|Limited to Law Enforcement
+
Write a new timeline viewer that supports:
|-
+
* Logfile fusion (with offsets)
|AccessData Internet Forensics
+
* Logfile correlation
|May 22-24 , Solna, Sweden
+
* View logfiles in the frequency domain.
|http://www.accessdata.com/training
+
 
|-
+
==Carving==
|EnCase v5 Advanced Computer Forensics
+
===JPEG Validator===
|May 22-25, United Kingdom
+
Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.  
|http://www.guidancesoftware.com/training/schedule.asp
+
 
|-
+
 
|SARC Steganography Examiner Training
+
==Cell Phone Exploitation==
|May 23 - 24, Orlando, FL (National Center for Forensic Science)
+
===Imaging===
|http://www.sarc-wv.com/training.aspx
+
Develop a tool for imaging the contents of a cell phone memory
|-
+
===Interpretation===
|First Responder to Digital Evidence Program (FRDE)
+
* Develop a tool for reassembling information in a cell phone memory
|May 30-Jun 01, FLETC, Glynco, GA
+
 
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
 
|Limited to Law Enforcement
+
==Corpora Development==
|-
+
===Realistic Disk Corpora===
|Computer Forensics First Responder
+
There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).  
|May 31, Indianapolis, IN
+
 
|http://www.ifi-indy.org/ifi%20training/train.html
+
These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
|-
+
 
|AccessData BootCamp
+
From DFRWS 2005
|May 31-Jun 02, Myrtle Beach, SC
+
Frank Adelstein (ATC-NY), Yun Gao and Golden G. Richard III (University of New Orleans): Automatically Creating Realistic Targets for Digital Forensics Investigation http://www.dfrws.org/2005/program.shtml
|http://www.accessdata.com/training
+
 
|-
+
===Realistic Network Traffic===
|AccessData Windows Forensics
+
Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
|May 31-Jun 02, Myrtle Beach, SC
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Jun 04-07, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|Jun 05-07, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Advanced Data Forensics Topics
+
|Jun 11-13, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Jun 11-22, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Jun 12-14, SEARCH - Sacramento, CA
+
|https://www.e-fense.com/register.php
+
|-
+
|AccessData Internet Forensics
+
|Jun 12-14 , Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jun 19-21, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Jul 09-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Cyber Counterterrorism Investigations Training Program (CCITP)
+
|Jul 09-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Windows Data Forensics
+
|Jul 16-18, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Jul 16-27, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData BootCamp
+
|Jul 17-19, Boise, ID
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Jul 24-26, Albuquerque, NM
+
|http://www.accessdata.com/training
+
|-
+
|Network Forensics and Investigations Workshop
+
|Jul 25-27, Washington, DC
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Jul 31-Aug 02, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Aug 06-09, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Computer Network Investigations Training Program (CNITP)
+
|Aug 14-24, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Aug 13-15, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Network Forensics and Investigations Workshop
+
|Aug 13-15, Los Angeles, CA
+
|http://www.strozllc.com/trainingcenter/
+
|-
+
|Macintosh Forensic Survival Course
+
|Aug 13-17, Fredricksburg, VA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Internet Forensics
+
|Aug 14-16 , Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
+
|https://www.e-fense.com/register.php
+
|-
+
|SMART for Linux
+
|Sep 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Sep 11-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData Applied Decryption
+
|Sep 11-13, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Sep 17-19, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Macintosh Forensic Survival Course
+
|Sep 24-28, Santa Ana, CA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|AccessData Applied Decryption
+
|Sep 25-27, Chicago, IL
+
|http://www.accessdata.com/training
+
|-
+
|AccessData BootCamp
+
|Sep 25-27, Solna, SE
+
|http://www.accessdata.com/training
+
|-
+
|SMART for Linux
+
|Oct 01-04, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART Windows Data Forensics
+
|Oct 08-10, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART for Linux
+
|Nov 05-08, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData BootCamp
+
|Nov 06-08, Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Nov 06-08, Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|SMART Linux Data Forensics
+
|Nov 12-14, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|SMART for Linux
+
|Dec 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|AccessData Internet Forensics
+
|Dec 04-06 , Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Enterprise Data Forensics
+
|Dec 10-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|}
+

Revision as of 16:49, 14 May 2009

Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.

Disk Forensics

SleuthKit Enhancements

  • Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK. (I've already started on this if you want the code.)
  • Make SleuthKit handle Encrypted Files.
  • Modify SleuthKit to report the physical location on disk of compressed files.

Stream Forensics

Process the entire disk with one pass, or at most two, to minimize seek time.

Evidence Falsification

Automatically detect falsified digital evidence.

Sanitization

Detect and diagnose sanitization attempts.


AFF Enhancement

  • Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
  • Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
  • Improve the data recovery features of aimage.
  • Replace AFF's current table-of-contents system with one based on B+ Trees.

Timeline Analysis

Write a new timeline viewer that supports:

  • Logfile fusion (with offsets)
  • Logfile correlation
  • View logfiles in the frequency domain.

Carving

JPEG Validator

Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.


Cell Phone Exploitation

Imaging

Develop a tool for imaging the contents of a cell phone memory

Interpretation

  • Develop a tool for reassembling information in a cell phone memory


Corpora Development

Realistic Disk Corpora

There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).

These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of wear --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.

From DFRWS 2005 Frank Adelstein (ATC-NY), Yun Gao and Golden G. Richard III (University of New Orleans): Automatically Creating Realistic Targets for Digital Forensics Investigation http://www.dfrws.org/2005/program.shtml

Realistic Network Traffic

Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.