Collaborate Disseminate
Mark: Okay. Good afternoon. Welcome to the next full paper session. We have three papers for you in this session on forensic methods. So, Janine will start shortly with a paper on evidence tampering, we have a paper on … Read more The post… Continue reading Prudent Design Principles for Digital Tampering Experiments
In this paper, Kevin Lamshöft describes how researchers performed a threat analysis for a covert Command and Control (C2) channel using port scans as cover and syslog as carrier for data infiltration.
Session Chair: So, Kevin is presenting Kno… Continue reading Knock, Knock, Log: Threat Analysis, Detection & Mitigation of Covert Channels in Syslog Using Port Scans as Cover
Starting with a physical crime scene – a fire – Manon Fischer describes how IoT devices such as “smart” plugs and thermostats store “distant traces” remotely, and could be used to help reconstruct a fire’s origin, cause, and timeline.
Session … Continue reading Distant Traces and Their Use in Crime Scene Investigation
In this short presentation, Trufflepig Forensics’ Aaron Hartel and Christian Müller present some early stage research about the volatility of data in memory as data structures change version to version.
Session Chair: We’re now going over … Continue reading The Wisdom of the Heap: Mesh It up by Weaving Data Structures
Winner of the Best Student Paper Award at DFRWS-EU 2022! Muhammad Haris Rais describes a step-wise approach to analyze the memory of specific PLCs, and subsequently find a generic framework applicable to all PLCs. By following a methodology that… Continue reading Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems
https://youtu.be/_pPxk5eTH_Y
Winner of the Best Paper Award at DFRWS-EU 2022, Nauman Zubair proposes a new memory acquisition framework to remotely acquire a programmable logic controller (PLC)’s volatile memory while the PLC is controlling a phys… Continue reading PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems
In this video from DFRWS-EU 2022, Jenny Ottmann revisits the discussion on quality criteria for “forensically sound” acquisition of such storage and proposes a new way to capture the intent to acquire an instantaneous snapshot from a single targe… Continue reading Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing
In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM.
Session Chair: We are now in the topic of memory f… Continue reading Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application
Session Chair: So the next speaker is Timothy. It’s going to be online, so Timothy, are you ready?
Timothy: Hi, everyone. So I’m Timothy Bollé, I’m a PhD student at the University of Lausanne. And today I will … Read m… Continue reading Bridging the Gap: Standardizing Representation of Inferences in Diverse Digital Forensic Contexts
Aikaterini: I’m Aikaterini Kanta. I’m a PhD candidate with University College Dublin, and I’m really glad to be here today. I’m going to talk to you about my PhD research. So, about contextual based decryption.
So, the … Continue reading What Can You Tell Us About Your Password? A Contextual Approach