Difference between pages "Upcoming events" and "Gzip"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(Flags)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{expand}}
Events should be posted in the correct section, and in date order.  An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some conferences or training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming conferences and training events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
== File format ==
 +
The gzip file (.gz) format consists of:
 +
* a file header
 +
* optional extra headers, such as the original file name,
 +
* a body, containing a DEFLATE-compressed payload
 +
* an 8-byte footer, containing a CRC-32 checksum and the length of the original uncompressed data.
  
This listing is divided into four sections (described as follows):<br>
+
=== File header ===
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
The file header is 10 bytes in size and contains:
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
{| class="wikitable"
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
! align="left"| Offset
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locations.  This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Name, Date(s), Location(s), URL) (''note: this has been moved to its own page.'')<br></li></ol>
+
! Size
 
+
! Value
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. 
+
! Description
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
+
 
+
== Calls For Papers ==
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
 
|-
 
|-
|HTCIA/ASIS High Technology Crime Conference
+
| 0
|Dec 31, 2007
+
| 2
|http://htciatraining.org/papers.asp
+
| 0x1f 0x8b
 +
| Signature (or identification byte 1 and 2)
 
|-
 
|-
|International Association of Forensic Science Annual Meeting
+
| 2
|Jan 01, 2008
+
| 1
|http://www.iafs2008.com/abstracts/intro.asp
+
|
 +
| Compression Method
 
|-
 
|-
|Black Hat D.C. 2008 Briefings
+
| 3
|Jan 04, 2008
+
| 1
|https://cfp.blackhat.com/
+
|
 +
| Flags
 
|-
 
|-
|Usenix Annual Technical Conference
+
| 4
|Jan 07, 2008 (11:59PM PST)
+
| 4
|http://www.usenix.com/events/usenix08/cfp/
+
|
 +
| Last modification time <br> Contains a POSIX timestamp.
 
|-
 
|-
|6th International Conference on Applied Cryptography and Network Security
+
| 8
|Jan 14, 2008 (11:59PM EST)
+
| 1
|http://acns2008.cs.columbia.edu/cfp.html
+
|
 +
| Extra flags
 
|-
 
|-
|ADFSL 2008 Conference on Digital Forensics, Security and Law
+
| 9
|Jan 15, 2008 (11:59PM EST)
+
| 1
|http://www.digitalforensics-conference.org/callforpapers.htm
+
|
 +
| Operating system <br> Value that indicates on which operating system the gzip file was created.
 +
|}
 +
 
 +
==== Compression method ====
 +
 
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|17th USENIX Security Symposium
+
| 0 - 7
|Jan 30, 2008 (11:59 PM PST)
+
|  
|http://www.usenix.org/sec08/cfp/
+
| Reserved
 
|-
 
|-
|JDFSL - Special Issue on Security Issues in Online Communities
+
| 8
|Jan 31, 2008
+
| "deflate"
|http://www.jdfsl.org/cfp-special-issue.htm
+
| zlib compressed data
 +
|}
 +
 
 +
==== Flags ====
 +
 
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|Black Hat Europe 2008 Briefings
+
| 0x01
|Feb 01, 2008
+
| FTEXT
|https://cfp.blackhat.com/
+
|  
 
|-
 
|-
|IEEE/SADFE-2008
+
| 0x02
|Feb 01, 2008
+
| FHCRC
|http://conf.ncku.edu.tw/sadfe/sadfe08/cfp.html
+
|  
 
|-
 
|-
|Black Hat USA 2008 Briefings
+
| 0x04
|OPEN ON Feb 01, 2008
+
| FEXTRA
|https://cfp.blackhat.com/
+
|  
 
|-
 
|-
|Techno-Security 2008
+
| 0x08
|May 04, 2008
+
| FNAME
|http://www.techsec.com/html/TechnoPapers.html
+
| The file contains an original file name string.
 
|-
 
|-
|Digital Forensic Research Workshop (DFRWS) 2008
+
| 0x10
|Mar 17, 2008
+
| FCOMMENT
|http://www.dfrws.org/2008/cfp.shtml
+
|  
 
|-
 
|-
|Black Hat Japan 2008 Briefings
+
| 0x20
|OPEN ON May 01, 2008
+
|  
|https://cfp.blackhat.com/
+
| Reserved
 
|-
 
|-
 +
| 0x40
 +
|
 +
| Reserved
 +
|-
 +
| 0x80
 +
|
 +
| Reserved
 
|}
 
|}
  
== Conferences ==
+
==== Extra flags ====
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
If compression method is 8 the following extra flags can be defined:
|- style="background:#bfbfbf; font-weight: bold"
+
{| class="wikitable"
! Title
+
! align="left"| Value
! Date/Location
+
! Identifier
! Website
+
! Description
 
|-
 
|-
|SANS Security 2008
+
| 0x02
|Jan 11-19, New Orleans, LA
+
|
|http://www.sans.org/security08/
+
| compressor used maximum compression, slowest algorithm
 
|-
 
|-
|DoD Cyber Crime Conference 2008
+
| 0x04
|Jan 13-18, St. Louis, MO
+
|
|http://www.dodcybercrime.com/
+
| compressor used fastest algorithm
 +
|}
 +
 
 +
==== Operating System ====
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|e-Forensics 2008
+
| 0
|Jan 21-23, Adelaide, SA, Australia
+
|
|http://www.e-forensics.eu
+
| FAT filesystem (MS-DOS, OS/2, NT/Win32)
 
|-
 
|-
|4th Annual IFIP WG 11.9 International Conference on Digital Forensics
+
| 1
|Jan 27-30, Kyoto, Japan
+
|
|http://www.ifip119-kyoto.org/doku.php
+
| Amiga
 
|-
 
|-
|ShmooCon
+
| 2
|Feb 15-17, Washington, DC
+
|
|http://www.shmoocon.org/
+
| VMS (or OpenVMS)
 
|-
 
|-
|AAFS Annual Meeting 2008
+
| 3
|Feb 18-23, Washington, DC
+
|
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
| Unix
 
|-
 
|-
|Blackhat DC 2008 Briefings & Training
+
| 4
|Feb 18-21, Washington, DC
+
|
|http://www.blackhat.com/html/bh-link/briefings.html
+
| VM/CMS
 
|-
 
|-
|International Workshop on Digital Forensics (WSDF’08) in Conjunction with ARES 2008
+
| 5
|Mar 04–07, Polytechnic University of Catalonia, Barcelona, Spain
+
|
|http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=45
+
| Atari TOS
 
|-
 
|-
|CanSecWest Security Conference 2008
+
| 6
|Mar 19-21, Vanouver, BC, Canada
+
|
|http://cansecwest.com/
+
| HPFS filesystem (OS/2, NT)
 
|-
 
|-
|Blackhat Europe 2008 Briefings & Training
+
| 7
|Mar 25-28, Amsterdam, Netherlands
+
|
|http://www.blackhat.com/html/bh-link/briefings.html
+
| Macintosh
 
|-
 
|-
|ADFSL 2008 Conference on Digital Forensics, Security and Law
+
| 8
|Apr 23-25, Oklahoma City, OK
+
|
|http://www.digitalforensics-conference.org
+
| Z-System
 
|-
 
|-
|Microsoft Law Enforcement Tech Conference 2008
+
| 9
|Apr 28-30, Redmond, Washington
+
|
 +
| CP/M
 
|-
 
|-
|HTCIA/ASIS High Technology Crime Conference
+
| 10
|May 06-08, San Francisco, CA
+
|
|http://htciatraining.org/general_info.asp
+
| TOPS-20
 
|-
 
|-
|EuSecWest Security Conference 2008
+
| 11
|May 21-22, London, England
+
|
|http://eusecwest.com/
+
| NTFS filesystem (NT)
 
|-
 
|-
|Techno-Security 2008
+
| 12
|Jun 01-04, Myrtle Beach, SC
+
|
|http://www.techsec.com/html/Techno2008.html
+
| QDOS
 
|-
 
|-
|6th International Conference on Applied Cryptography and Network Security
+
| 13
|Jun 03-06, Columbia University, New York City, NY
+
|
|http://acns2008.cs.columbia.edu/
+
| Acorn RISCOS
|-
+
|Usenix Annual Technical Conference
+
|Jun 22-27, Boston, MA
+
|http://www.usenix.com/events/usenix08/
+
|-
+
|International Association of Forensic Sciences Annual Meeting
+
|Jul 21-26, New Orleans, LA
+
|http://www.iafs2008.com/
+
|-
+
|17th USENIX Security Symposium
+
|Jul 28-Aug 01, San Jose, CA
+
|http://www.usenix.org/events/sec08/
+
|-
+
|Blackhat USA 2008 Briefings & Training
+
|Aug 02-07, Las Vegas, NV
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|Defcon 16
+
|Aug 08-10, Las Vegas, NV
+
|http://www.defcon.org
+
|-
+
|Digital Forensic Research Workshop
+
|Aug 11-13, Baltimore, MD
+
|http://www.dfrws.org
+
 
|-
 
|-
 +
| 255
 +
|
 +
| unknown
 
|}
 
|}
  
== On-going / Continuous Training ==
+
== External Links ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
 
|- style="background:#bfbfbf; font-weight: bold"
+
* [http://www.gzip.org/format.txt The gzip file format], by the [http://www.gzip.org/ gzip project]
! Title
+
* [http://www.gzip.org/algorithm.txt The gzip compression algorithm], by the [http://www.gzip.org/ gzip project]
! Date/Location or Venue
+
* [http://tools.ietf.org/html/rfc1952 RFC1952: GZIP file format specification version 4.3], by [[IETF]]
! Website
+
* [http://en.wikipedia.org/wiki/Gzip Wikipedia: gzip]
|-
+
 
|Basic Computer Examiner Course - Computer Forensic Training Online
+
[[Category:File Formats]]
|Distance Learning Format
+
|http://www.cftco.com
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|SANS On-Demand Training
+
|Distance Learning Format
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|Third weekend of every month (Fri-Mon), Dallas, TX
+
|http://www.md5group.com
+
|-
+
|}
+
==[[Scheduled Training Courses]]==
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|January 17, 18, 19, 20  (Fri, Sat, Sun, Mon), Dallas, TX
+
All equipment and software supplied in our lab environment.
+
|http://www.md5group.com
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|February 15, 16, 17, 18  (Fri, Sat, Sun, Mon), Dallas, TX
+
All equipment and software supplied in our lab environment.
+
|http://www.md5group.com
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|March 14, 15, 16, 17  (Fri, Sat, Sun, Mon), Dallas, TX
+
All equipment and software supplied in our lab environment.
+
|http://www.md5group.com
+
|-
+

Revision as of 02:43, 28 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

File format

The gzip file (.gz) format consists of:

  • a file header
  • optional extra headers, such as the original file name,
  • a body, containing a DEFLATE-compressed payload
  • an 8-byte footer, containing a CRC-32 checksum and the length of the original uncompressed data.

File header

The file header is 10 bytes in size and contains:

Offset Size Value Description
0 2 0x1f 0x8b Signature (or identification byte 1 and 2)
2 1 Compression Method
3 1 Flags
4 4 Last modification time
Contains a POSIX timestamp.
8 1 Extra flags
9 1 Operating system
Value that indicates on which operating system the gzip file was created.

Compression method

Value Identifier Description
0 - 7 Reserved
8 "deflate" zlib compressed data

Flags

Value Identifier Description
0x01 FTEXT
0x02 FHCRC
0x04 FEXTRA
0x08 FNAME The file contains an original file name string.
0x10 FCOMMENT
0x20 Reserved
0x40 Reserved
0x80 Reserved

Extra flags

If compression method is 8 the following extra flags can be defined:

Value Identifier Description
0x02 compressor used maximum compression, slowest algorithm
0x04 compressor used fastest algorithm

Operating System

Value Identifier Description
0 FAT filesystem (MS-DOS, OS/2, NT/Win32)
1 Amiga
2 VMS (or OpenVMS)
3 Unix
4 VM/CMS
5 Atari TOS
6 HPFS filesystem (OS/2, NT)
7 Macintosh
8 Z-System
9 CP/M
10 TOPS-20
11 NTFS filesystem (NT)
12 QDOS
13 Acorn RISCOS
255 unknown

External Links