Difference between pages "Upcoming events" and "Zip"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Conferences)
 
m
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
{{expand}}
When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some events may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming events relevant to [[digital forensics]]. It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
.ZIP is an archive file format that supports lossless data compression.
  
This listing is divided into three sections (described as follows):<br>
+
<b>TODO</b> describe ZIP64
<ol><li><b><u>[[Upcoming_events#Calls_For_Papers|Calls For Papers]]</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>[[Upcoming_events#Conferences|Conferences]]</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>[[Training Courses and Providers]]</u></b> - Training </li><br></ol>
+
  
== Calls For Papers ==
+
== File format ==
Please help us keep this up-to-date with deadlines for upcoming conferences that would be appropriate for forensic research.
+
  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
{| class="wikitable"
|- style="background:#bfbfbf; font-weight: bold"
+
! align="left"| Characteristics
! width="30%|Title
+
! Description
! width="15%"|Due Date
+
! width="15%"|Notification Date
+
! width="40%"|Website
+
 
|-
 
|-
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
+
| Byte order
|Sep 02, 2013 (abstract)
+
| little-endian
|Sep 09, 2013 (abstract)<br>Dec 30, 2013 (final paper)
+
|http://academic-conferences.org/iciw/iciw2014/iciw14-call-papers.htm
+
 
|-
 
|-
|IFIP WG 11.9 International Conference on Digital Forensics
+
| Date and time values
|Sep 15, 2013
+
|  
|Oct 15, 2013
+
|http://www.ifip119.org/Conferences/WG11-9-CFP-2014.pdf
+
 
|-
 
|-
 +
| Character strings
 +
|
 
|}
 
|}
  
See also [http://www.wikicfp.com/cfp/servlet/tool.search?q=forensics WikiCFP 'Forensics']
+
=== Archived file header ===
 +
The (central directory) archived file header is variable of size and consists of:
  
== Conferences ==
+
{| class="wikitable"
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
! align="left"| Offset
|- style="background:#bfbfbf; font-weight: bold"
+
! Size
! width="40%"|Title
+
! Value
! width="20%"|Date/Location
+
! Description
! width="40%"|Website
+
 
|-
 
|-
|6th International Workshop on Digital Forensics (WSDF 2013)
+
| 0
|Sep 02-06<br>Regensburg, Germany
+
| 4
|http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=49&Itemid=95
+
| "PK\x01\x02"
 +
| Signature
 
|-
 
|-
|2013 HTCIA International Conference & Training Expo
+
| 4
|Sep 08-11<br>Summerlin, NV
+
| 2
|http://www.htciaconference.org/
+
|
 +
| Creator version
 
|-
 
|-
|New Security Paradigms Workshop (NSPW)
+
| 6
|Sep 09-12<br>The Banff Center, Canada
+
| 2
|http://www.nspw.org/current/
+
|
 +
| Extractor version
 
|-
 
|-
|Black Hat-Regional Summit
+
| 8
|Sep 10-12<br>Istanbul, Turkey
+
| 2
|https://www.blackhat.com/is-13/
+
|
 +
| Flags
 
|-
 
|-
|French-Speaking Days on Digital Investigations-Journées Francophones de l'Investigation Numérique (AFSIN)
+
| 10
|Sep 10-12<br>Neuchâtel, Switzerland
+
| 2
|https://www.afsin.org/
+
|
 +
| Last modification time
 
|-
 
|-
|5th International Conference on Digital Forensics & Cyber Crime
+
| 12
|Sep 25-27<br>Moscow, Russia
+
| 2
|http://d-forensics.org/2013/show/home
+
|
 +
| Last modification date
 
|-
 
|-
|VB2013 - the 23rd Virus Bulletin International Conference
+
| 14
|Oct 02-04<br>Berlin, Germany
+
| 4
|http://www.virusbtn.com/conference/vb2013/index
+
|
 +
| Checksum (CRC-32)
 
|-
 
|-
|8th International Conference on Malicious and Unwanted Software
+
| 18
|Oct 22-24<br>Fajardo, Puerto Rico, USA
+
| 4
|http://www.malwareconference.org/index.php?option=com_frontpage&Itemid=1
+
|
 +
| Uncompressed data size
 
|-
 
|-
|16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
+
| 22
|Oct 23-25<br>St. Lucia
+
| 4
|http://www.raid2013.org/
+
|
 +
| Compressed data size
 
|-
 
|-
|5th International Workshop on Managing Insider Security Threats
+
| 26
|Oct 24-25<br>Busan, South Korea
+
| 2
|http://isyou.info/conf/mist13/index.htm
+
|
 +
| File name size
 
|-
 
|-
|4th Annual Open Source Digital Forensics Conference (OSDF)
+
| 28
|Nov 04-05<br>Chantilly, VA
+
| 2
|http://www.basistech.com/about-us/events/open-source-forensics-conference/
+
|
 +
| Extra field size
 
|-
 
|-
|Paraben Forensic Innovations Conference
+
| 30
|Nov 13-15<br>Salt Lake City, UT
+
| 2
|http://www.pfic-conference.com/
+
|
 +
| File comment size
 
|-
 
|-
|8th International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE)
+
| 32
|Nov 21-22<br>Hong Kong, China
+
| 2
|http://conf.ncku.edu.tw/sadfe/sadfe13/
+
|
 +
| Segment file (disk) number
 
|-
 
|-
|Black Hat-Regional Summit
+
| 34
|Nov 26-27<br>Sao Paulo, Brazil
+
| 2
|https://www.blackhat.com/sp-13
+
|
 +
| internal file attributes
 
|-
 
|-
|29th Annual Computer Security Applications Conference (ACSAC)
+
| 36
|Dec 09-13<br>New Orleans, LA
+
| 4
|http://www.acsac.org
+
|
 +
| external file attributes
 
|-
 
|-
|IFIP WG 11.9 International Conference on Digital Forensics
+
| 40
|Jan 08-10<br>Vienna, Austria
+
| 4
|http://www.ifip119.org/Conferences/
+
|
 +
| local header offset <br> The offset of the local header relative to the start of the segment file it is stored in.
 
|-
 
|-
|AAFS 66th Annual Scientific Meeting
+
| 44
|Feb 17-22<br>Seattle, WA
+
| ...
|http://www.aafs.org/aafs-66th-annual-scientific-meeting
+
|
 +
| File name
 
|-
 
|-
|21st Network & Distributed System Security Symposium
+
| ...
|Feb 23-26<br>San Diego, CA
+
| ...
|http://www.internetsociety.org/events/ndss-symposium-2014/
+
|
 +
| Extra field
 
|-
 
|-
|9th International Conference on Cyber Warfare and Security (ICCWS-2014)
+
| ...
|Mar 24-25<br>West Lafayette, IN
+
| ...
|http://academic-conferences.org/iciw/iciw2014/iciw14-home.htm
+
|
 +
| File comment
 +
|}
 +
 
 +
==== Creator version ====
 +
The creator (or version made by) is 2 bytes of size and consists of:
 +
{| class="wikitable"
 +
! align="left"| Offset
 +
! Size
 +
! Value
 +
! Description
 
|-
 
|-
|2014 IEEE Symposium on Security and Privacy
+
| 0
|May 16-23<br>Berkley, CA
+
| 1
|http://www.ieee.org/conferences_events/conferences/conferencedetails/index.html?Conf_ID=16517
+
|
 +
| ZIP format version <br> The value is stored as: ( major number x 10 ) + minor number
 
|-
 
|-
|Techno-Security and Forensics Conference
+
| 1
|Jun 01-04<br>Myrtle Beach, SC
+
| 1
|http://www.techsec.com/html/Security%20Conference%202014.html
+
|
 +
| Creator system indicator
 +
|}
 +
 
 +
===== Creator system indicator =====
 +
{| class="wikitable"
 +
! align="left"| Value
 +
! Identifier
 +
! Description
 
|-
 
|-
|Mobile Forensics World
+
| 0
|Jun 01-04<br>Myrtle Beach, SC
+
|  
|http://www.techsec.com/html/MFC-2014-Spring.html
+
| MS-DOS and OS/2 (FAT / VFAT / FAT32 file systems) or compatible systems
 
|-
 
|-
|DFRWS 2014
+
| 1
|Aug 03-06<br>Denver, CO
+
|
|http://dfrws.org
+
| Amiga
 
|-
 
|-
 +
| 2
 +
|
 +
| OpenVMS
 +
|-
 +
| 3
 +
|
 +
| UNIX
 +
|-
 +
| 4
 +
|
 +
| VM/CMS
 +
|-
 +
| 5
 +
|
 +
| Atari ST
 +
|-
 +
| 6
 +
|
 +
| OS/2 H.P.F.S.
 +
|-
 +
| 7
 +
|
 +
| Macintosh
 +
|-
 +
| 8
 +
|
 +
| Z-System
 +
|-
 +
| 9
 +
|
 +
| CP/M
 +
|-
 +
| 10
 +
|
 +
| Windows NTFS
 +
|-
 +
| 11
 +
|
 +
| MVS (OS/390 - Z/OS)
 +
|-
 +
| 12
 +
|
 +
| VSE
 +
|-
 +
| 13
 +
|
 +
| Acorn Risc
 +
|-
 +
| 14
 +
|
 +
| VFAT
 +
|-
 +
| 15
 +
|
 +
| alternate MVS
 +
|-
 +
| 16
 +
|
 +
| BeOS
 +
|-
 +
| 17
 +
|
 +
| Tandem
 +
|-
 +
| 18
 +
|
 +
| OS/400
 +
|-
 +
| 19
 +
|
 +
| OS X (Darwin)
 +
|-
 +
| 20 - 255
 +
|
 +
| unused
 
|}
 
|}
  
==See Also==
+
==== Internal file attributes ====
* [[Training Courses and Providers]]
+
{| class="wikitable"
==References==
+
! align="left"| Value
* [http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm Computer Security Conference Ranking and Statistic]
+
! Identifier
* [http://www.kdnuggets.com/meetings/ Meetings and Conferences in Data Mining and Discovery]
+
! Description
* http://www.conferencealerts.com/data.htm Data Mining Conferences World-Wide]
+
|-
 +
| 0x01
 +
|
 +
| If set the uncompressed data needs to be treated as text instead of binary data. <br> This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
 +
|-
 +
| 0x02
 +
|
 +
| If set the file contains control fields for mainframe data transfer support.
 +
|}
 +
 
 +
== External Links ==
 +
 
 +
* [http://www.pkware.com/documents/casestudies/APPNOTE.TXT .ZIP File Format Specification], PKWARE Inc., September 1, 2012
 +
* [http://en.wikipedia.org/wiki/Zip_(file_format) Wikipedia: Zip (file format)]
 +
 
 +
[[Category:File Formats]]

Revision as of 02:11, 1 December 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

.ZIP is an archive file format that supports lossless data compression.

TODO describe ZIP64

File format

Characteristics Description
Byte order little-endian
Date and time values
Character strings

Archived file header

The (central directory) archived file header is variable of size and consists of:

Offset Size Value Description
0 4 "PK\x01\x02" Signature
4 2 Creator version
6 2 Extractor version
8 2 Flags
10 2 Last modification time
12 2 Last modification date
14 4 Checksum (CRC-32)
18 4 Uncompressed data size
22 4 Compressed data size
26 2 File name size
28 2 Extra field size
30 2 File comment size
32 2 Segment file (disk) number
34 2 internal file attributes
36 4 external file attributes
40 4 local header offset
The offset of the local header relative to the start of the segment file it is stored in.
44 ... File name
... ... Extra field
... ... File comment

Creator version

The creator (or version made by) is 2 bytes of size and consists of:

Offset Size Value Description
0 1 ZIP format version
The value is stored as: ( major number x 10 ) + minor number
1 1 Creator system indicator
Creator system indicator
Value Identifier Description
0 MS-DOS and OS/2 (FAT / VFAT / FAT32 file systems) or compatible systems
1 Amiga
2 OpenVMS
3 UNIX
4 VM/CMS
5 Atari ST
6 OS/2 H.P.F.S.
7 Macintosh
8 Z-System
9 CP/M
10 Windows NTFS
11 MVS (OS/390 - Z/OS)
12 VSE
13 Acorn Risc
14 VFAT
15 alternate MVS
16 BeOS
17 Tandem
18 OS/400
19 OS X (Darwin)
20 - 255 unused

Internal file attributes

Value Identifier Description
0x01 If set the uncompressed data needs to be treated as text instead of binary data.
This flag hints end-of-line conversion for cross-platform text files but does not enforce it.
0x02 If set the file contains control fields for mainframe data transfer support.

External Links