8th International Conference on Digital Forensics and Cyber Crime
<div class="separator" style="clear: both; text-align: center;"></div>
Location: Manhattan, New York, U.S.
Conference Date: September 28 - 30, 2016
Paper Submission: April 13, 2016
Notification: July 1, 2016
Camera-ready: August 1, 2016
See the full call for papers here.
The International Conference on Digital Forensics and Cyber Crime (ICDF2C) brings together leading researchers, practitioners, and educators from around the world to advance the state of the art in digital forensic and cyber crime investigation.
ICDF2C 2016 will be held September 28 - 30, 2016 in Manhattan, New York. We invite contributions for completed research papers, research-in-progress papers, industrial talks, panel and tutorial proposals, and round table discussions. Research papers are evaluated through a double-blind, peer-reviewing process and accepted research papers will be published in the Journal of Digital Forensics, Security and Law (JDFSL).
JDFSL is an open access journal with a solid indexing including Thomson Reuters ISI Web of Science. Accepted papers will be indexed in: a) Google Scholar b) DBLP c) ProQuest d) EBSCO Host just to name a few. Articles will be available for readers online at no cost given the open access nature of the journal. To learn more about JDFSL you can visit: http://www.jdfsl.org/.
This year, we have two themes that we intend to embrace. Authors are encouraged to submit papers relating to these themes:
<ul><li>Usage and implications of machine learning in digital forensics</li><li>Big data and digital forensics</li></ul>
The Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity. The increased complexity of global communication and networking infrastructure and devices makes investigation of cybercrimes difficult. Clues of illegal activities are often buried in large volumes of data that need to be sifted through in order to detect crimes and collect evidence. The field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance. Digital forensics and cybercrime investigations are multidisciplinary areas that encompasses law, computer science, finance, telecommunications, data analytics, policing and more. ICDF2C brings together practitioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees.
Reply to an email I received:<div class="separator" style="clear: both; text-align: center;"></div><div>
<div><div>Is it possible to use Linux live CDs (or open source software) without trouble in court?</div><div>
</div><div>The answer is yes, certainly.</div><div>
</div><div>First, there is precedent in North America and Europe. See this, relatively old article from Italy [http://nannibassetti.com/digitalforensicsreport2007.pdf].</div><div>
</div><div>For a full discussion about open source tools in court, I highly recommend the following paper: http://www.digital-evidence.org/papers/opensrc_legal.pdf</div><div>
</div><div>Very basically, to have evidence obtained using open source tools / Linux live CDs accepted in court, you need to prove that the tools give ‘correct’ results and do not modify potential evidence. Check local court rules for any additional standards that need to be met. If you need any help with tool testing, please contact me.</div><div>
</div><div>For example, if your courts already accept EnCase and you want to compare acquisition and hashing, you can do the following:</div><div>1) acquire the data with EnCase and create a hash of the data</div><div>2) acquire the data with an open source tool and create a hash of the data</div><div>3) compare the hashes of the suspect data (should be the same)</div><div>4) repeat with 5+ different exhibits to show that the same result is always found</div><div>
</div><div>If your courts accept EnCase, and you can demonstrate that an open source tool produces the same result, then the open source tool must also be accepted.</div><div>
</div><div>A procedure for tool testing should be created in your unit, if it does not already exist.</div><div>
</div><div>You might also be interested in the Open Source Digital Forensics Conference in the U.S.: http://www.osdfcon.org/</div><div>
</div><div>Please let me know if you need any help with testing, or if you have any further questions.</div></div></div></div>
If gmail is used with a local client (like Thunderbird, Outlook, etc.) then the email header should have the private IP address. Note that it is possible that some of the information is stripped by the client or client network before reaching the SMTP server. Take a look below:
—– Mail sent from Thunderbird using googlemail SMTP —–
Received: from [10.0.0.101] ([22.214.171.124]) <— here you can see the private (10.0.0.101) and public (126.96.36.199) IP address of the sender connecting to the SMTP server.
by smtp.googlemail.com with ESMTPSA id <– this line tells you that the message was received by SMTP
for <[email protected]>
Mon, 02 Nov 2015 23:01:38 -0800 (PST)
To: Joshua James <[email protected]>
From: “Joshua I. James” <[email protected]>
If the email is sent from the Gmail web interface (in the browser), the private IP address is NOT available. Google’s server only sees the suspect’s public IP address access the google web server.
——- Sent from gmail web interface ——
Received: by 10.50.10.233 with HTTP; <—- “with HTTP” means received via web interface on server 10.50.10.233 (google). The sender’s IP is not shown.
Date: Tue, 3 Nov 2015 16:08:03 +0900
From: “Joshua I. James” <[email protected]>
To: “Joshua I. James” <[email protected]>
If the header is only showing google’s address, then the suspect must have been accessing the web interface (check for “with HTTP”). In that case, google will only have the public IP of the suspect.
The 7th EAI International Conference on Digital Forensics & Cyber Crime will be held OCTOBER 6–8, 2015 in SEOUL, SOUTH KOREA.
The final program is now available at http://d-forensics.org/2015/show/program-final
Be sure to register so you don’t miss the exiting talks and tutorials!
Keynote speakers include Max Goncharov from Trend Micro, Inc, and Dr. Dave Dampier from Mississippi State University:
<div class="separator" style="clear: both; text-align: center;"></div>Max Goncharov is a senior security Virus Analyst with Trend Micro Inc., and is responsible for cybercrime investigations, security consulting to business partners (internal, external), creation of security frameworks, designing technical security architecture, overseeing the build out of an enterprise incident response process, and creation of the enterprise risk management program. During his 15 years with Trend Micro Inc, he has participated as a speaker in various conferences and training seminars on the topic of cybercrime and related issues. He has especially focues on cyberterrorism, cybersecurity, underground economy; such as DeepSec, VB, APWG, etc.
Dr. Dave Dampier is a Professor of Computer Science & Engineering at Mississippi State University specializing in Digital Forensics and Information Security. He currently serves as Director of the Distributed Analytics and Security Institute, the university level research center charged with Cyber Security Research. In his current capacity, Dr. Dampier is the university lead for education and research in cyber security. Prior to joining MSU, Dr. Dampier spent 20 years active duty as an Army Automation Officer. He has a B.S. Degree in Mathematics from the University of Texas at El Paso, and M.S. and Ph.D. degrees in Computer Science from the Naval Postgraduate School. His research interests are in Cyber Security, Digital Forensics and Software Engineering.
There will also be three tutorials on investigation, open source hardware for digital investigations and setting up a research environment for mobile malware research:
<ul><li>Tutorial 1: DUZON – Desktop Exercise: Crafting Information from Data</li><li>Tutorial 2: Pavel Gladyshev – FIREBrick; an open forensic device</li><li>Tutorial 3: Nikolay Akatyev – Researching mobile malware</li></ul><div>After the first day of the conference we are also holding a special discussion session with Seoul Tech Society called “Safe Cyberspace”, with the panel consisting of the winners of the ICDF2C/STS essay contest. Everyone is welcome to join!</div><div>
</div><div>I hope to see you at ICDF2C in Seoul, South Korea! Don’t miss this exciting opportunity.</div>
<iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/c4sHoDW8QU4" width="100%"></iframe>
EnCase & Python – Extending Your Investigative Capabilities
Date: Wednesday September 9th, 2015
Time: 11:00am PDT / 2:00pm EDT / 7:00pm BST
Presenters: Chet Hosmer, Founder of Python Forensics, Inc. and author of Python Forensics; James Habben, Master Instructor, Guidance Software Training; Robert Bond, Product Marketing Manager, Guidance Software
Digital forensic investigators are quickly becoming familiar with the power of Python. The open source programming language named after Monty Python has been around for approximately 20 years and is fairly simple to read and learn. While EnCase users have used the EnScripting language for 15 years to extend the capabilities of EnCase and create the 130+ EnScripts on EnCase App Central, Python has the ability to add additional powerful investigative capabilities.
In this webinar, Chet Hosmer, Founder of Python Forensics, Inc. and James Habben, Master Instructor at Guidance Software will demonstrate examples of those capabilities in an investigation demonstration using EnCase. Whether you are performing single-mortem investigation, executing live triage, extracting evidence from mobile devices or cloud services, or you are collecting and processing evidence from a network, Python forensic implementations can fill in the gaps.
Register now at https://encase.webex.com/encase/onstage/g.php?MTID=e8f1fdc29d4fc150f6c935f4ab3b9b95b
Also, FYI Autopsy 2 supports custom python extensions (and is awesome).