BlockQuery: Toward Forensically Sound Cryptocurrency Investigation

Tiffanie: Hi, my name is Tiffanie Edwards, and I’m gonna be presenting the paper “BlockQuery: Toward Forensically Sound Cryptocurrency Investigation”.

So this is a little bit of background on the authors of this paper. Tyler Thomas is a … Continue reading BlockQuery: Toward Forensically Sound Cryptocurrency Investigation

A Live Digital Forensics Approach for Quantum Mechanical Computers

Dayton Closser: Well, good evening, everyone. Thank you very much for coming to this speech today. It’s great to be back after the COVID pandemic. It’s great to see everyone in person. I’ve immensely enjoyed speaking with all of… Continue reading A Live Digital Forensics Approach for Quantum Mechanical Computers

Identifying Document Similarity Using a fast Estimation of the Levenshtein Distance

Frank: Warm welcome also from my side. This is a presentation or some work that I did together with Peter. He reached out to me. He is in the States and he reached out and said, “hey, I saw … Read more The post Identifying Document Similar… Continue reading Identifying Document Similarity Using a fast Estimation of the Levenshtein Distance

Prudent Design Principles for Digital Tampering Experiments

Mark: Okay. Good afternoon. Welcome to the next full paper session. We have three papers for you in this session on forensic methods. So, Janine will start shortly with a paper on evidence tampering, we have a paper on … Read more The post… Continue reading Prudent Design Principles for Digital Tampering Experiments

Knock, Knock, Log: Threat Analysis, Detection & Mitigation of Covert Channels in Syslog Using Port Scans as Cover

In this paper, Kevin Lamshöft describes how researchers performed a threat analysis for a covert Command and Control (C2) channel using port scans as cover and syslog as carrier for data infiltration.

Session Chair: So, Kevin is presenting Kno… Continue reading Knock, Knock, Log: Threat Analysis, Detection & Mitigation of Covert Channels in Syslog Using Port Scans as Cover

Distant Traces and Their Use in Crime Scene Investigation

Starting with a physical crime scene – a fire – Manon Fischer describes how IoT devices such as “smart” plugs and thermostats store “distant traces” remotely, and could be used to help reconstruct a fire’s origin, cause, and timeline.

Session … Continue reading Distant Traces and Their Use in Crime Scene Investigation

The Wisdom of the Heap: Mesh It up by Weaving Data Structures

In this short presentation, Trufflepig Forensics’ Aaron Hartel and Christian Müller present some early stage research about the volatility of data in memory as data structures change version to version.

Session Chair: We’re now going over … Continue reading The Wisdom of the Heap: Mesh It up by Weaving Data Structures

Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems

Winner of the Best Student Paper Award at DFRWS-EU 2022! Muhammad Haris Rais describes a step-wise approach to analyze the memory of specific PLCs, and subsequently find a generic framework applicable to all PLCs. By following a methodology that… Continue reading Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems

PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems

https://youtu.be/_pPxk5eTH_Y

Winner of the Best Paper Award at DFRWS-EU 2022, Nauman Zubair proposes a new memory acquisition framework to remotely acquire a programmable logic controller (PLC)’s volatile memory while the PLC is controlling a phys… Continue reading PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems