[CFP] ICDF2C 2015

Call for papers for the 7th International Conference on Digital Forensics and Cyber Crime (ICDF2C)

Conferece Dates: October 6 - 8, 2015
Location: Seoul, South Korea
Paper Submission: 30 March, 2015 (any time zone)

Website: d-forensics.org
<div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">
</div><div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">The International Conference on Digital Forensics and Cyber Crime (ICDF2C) brings together leading researchers, practitioners, and educators from around the world to advance the state of the art in digital forensic and cyber crime investigation. Keeping up with our international and collaborative nature at ICDF2C, we are proud to announce that ICDF2C 2015 will run jointly with the Korean Digital Forensic Society’s Annual Conference (KDFS 2015).</div><div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">ICDF2C 2015 will be held October 6 - 8, 2015 in Seoul, South Korea. We invite contributions for completed research papers, research-in-progress papers, industrial talks, panel and tutorial proposals, and round table discussions. Research papers are evaluated through a double-blind, peer-reviewing process and accepted research papers will be published in printed proceedings by Springer-Verlang.
</div><div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;"></div><h3>Special Themes</h3>This year, we have two themes that we intend to embrace. Authors are encouraged to submit papers relating to these themes:
<ul><li>Usage, implications and investigation of the “Dark Web”</li><li>Case studies and investigation techniques relating to cryptocurrencies</li></ul>
<h3>SCOPE</h3>The Internet has made it easier to perpetrate crimes by providing criminals an avenue for launching attacks with relative anonymity. The increased complexity of global communication and networking infrastructure and devices makes investigation of cybercrimes difficult. Clues of illegal activities are often buried in large volumes of data that need to be sifted through in order to detect crimes and collect evidence. The field of digital forensics and cybercrime investigation has become very important for law enforcement, national security, and information assurance. Digital forensics and cybercrime investigations are multidisciplinary areas that encompasses law, computer science, finance, telecommunications, data analytics, policing and more. ICDF2C brings together practitioners and researchers from diverse fields providing opportunities for business and intellectual engagement among attendees.
<ul><li>The following topics highlight the conference’s theme:</li><li>Anti Forensics and Anti-Anti Forensics</li><li>Big Data and Digital Forensics</li><li>Business Applications of Digital Forensics</li><li>Civil Litigation Support</li><li>Cloud Forensics</li><li>Cyber Crime Investigations</li><li>Cyber Criminal Psychology and Profiling</li><li>Cyber Culture & Cyber Terrorism</li><li>Data hiding and steganography</li><li>Database Forensics</li><li>Digital Forensic Science</li><li>Digital Forensic Tool Testing and validation</li><li>Digital Forensic Trends</li><li>Digital Forensics & Law</li><li>Digital Forensics and Error rates</li><li>Digital Forensics novel algorithms</li><li>Digital Forensics Process & Procedures</li><li>Digital Forensics Standardization & Accreditation</li><li>Digital Forensics Techniques and Tools</li><li>Digital Forensics Triage</li><li>e-Discovery</li><li>Hacking</li><li>Incident Response</li><li>Information Warfare & Critical Infrastructure Protection</li><li>Law Enforcement and Digital Forensics</li><li>Machine learning and Digital Forensics</li><li>Malware & Botnets</li><li>Mobile / Handheld Device & Multimedia Forensics</li><li>Money Laundering</li><li>Network forensics</li><li>New chip-off techniques</li><li>Novel Digital Forensics Training programs</li><li>Online Fraud</li><li>Programming Languages and Digital Forensics</li><li>SCADA Forensics</li><li>Sexual Abuse of Children on Internet</li><li>Software & Media Piracy</li><li>Theoretical Foundations of Digital Forensics</li><li>Traditional Criminology applied to Digital Forensics</li><li>Philosophical accounts for Cyber Crime and Digital Forensics</li></ul>
<h3>RESEARCH PAPERS</h3>Papers describing original unpublished research are solicited. Submissions must not be concurrently under review by a conference, journal or any other venue that has proceedings. Papers in the topic areas discussed are preferred, although contributions outside those topics may also be of interest. Please feel free at any time to contact the conference general chair if you have questions regarding your submission.
<h3>BEST PAPER AWARD</h3>The program committee may designate up to three papers accepted to the conference as ICDF2C Best Papers. Every submission is automatically eligible for this award.
<h3>OTHER SUBMISSION CATEGORIES</h3>Submissions can be made in a number of categories: Completed research papers, research-in-progress papers, industrial talks, panel and tutorial proposals, and round table discussions. Please follow the following guidelines in preparing your submission.
<ul><li>Completed Research Papers: No longer than 10 pages (including abstract, figures, tables and references).</li><li>Research in Progress Papers: No longer than 6 pages (including abstract, figures, tables and references).</li><li>Industrial Talk: Typically a 1,000 word description of the proposed talk. All talks must be vendor neutral.</li><li>Round Table Discussion: Typically a 1,000 word synopsis of the topic area.</li><li>Panel Proposals: Typically a 1,000 word description, identifying the panelists to be involved.</li><li>Tutorial Proposals: Typically a 1,000 word description of topic(s), potential speakers, program length, and potential audience. Also, include proposer resume(s).</li></ul>
<h3>SUBMISSION INSTRUCTIONS</h3>Paper submission will be handled electronically. Papers must be formatted using Springer LNICST Authors’ Kit (http://d-forensics.org/2015/show/authors-kit) and submitted only through Easychair.org by going here: https://www.easychair.org/conferences/?conf=icdf2c2015.
<div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">
All submitted papers will be judged based on their quality through double-blind reviewing. Authors’ names must not appear in the paper. All other submissions should be sent via email to the conference general chairs (Dr. Joshua I. James joshua at cybercrimetech dot com).
</div><h3>PUBLICATIONS</h3>Accepted papers will be published in the ICDF2C 2015 Conference Proceedings and by Springer-Verlag in the Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Tele-communications Engineering (LNICST) series.
<div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">
The proceedings will be available both as paper-based copies and via Springerlink, Springer’s digital library. In addition, the content of the proceedings will be submitted for inclusion in leading indexing services, including DBLP, Google Scholar, ISI Proceedings, EI, CrossRef and Zentralblatt Math, as well as ICST’s own EU Digital Library (EUDL).
</div><div style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;">
Further, we are partnering with Elsevier’s “Digital Investigation: The International Journal of Digital Forensics & Incident Response” to invite expanded versions of specially selected papers for inclusion in their SCI-indexed publication.
</div><h2 style="background-color: white; border: 0px; font-stretch: inherit; margin: 0px 0px 0.5em; padding: 0px; vertical-align: baseline;"></h2>

4 min read

Attacking Zip File Passwords from the Command Line

There was recently a question on SuperUser linking back to CybercrimeTech’s article about cracking passwords, with an issue about zip files using ZipCrypto, and never finding the password. I left an answer, saying that I guess zip2john does not know how to accurately extract the hash from zip files using that particular algorithm.

<div class="separator" style="clear: both; text-align: center;"></div>In such a case, you can either 1) figure out the data structure, and update zip2john (https://github.com/magnumripper/JohnTheRipper), or use the same approach that we have used before with LUKS to attack the file directly from the command line.

Definitely, attempting to crack the hash is faster, but if you are stuck and don’t have time to reverse engineer a new file type, this would eventually work for you.

See the code below as an example of having John generate the password then passing it to 7zip to try. This should work regardless of chosen encryption, unless you have to specify it when opening the archive. It is not clean, but it should be enough to illustrate.

    #!/bin/bash
    # Using john the ripper to brute-force a zip container
    startTime=$(date)
    if [ $(file $1 | grep -c "Zip archive data") ]; then
        john -i --stdout | while read i; do   # this is john generating password to stdout
            echo -ne "\rtrying \"$i\" "\\r
            7z -p$i -so e $1 2>&1> /dev/null     # this is your zip command
            STATUS=$?
            if [ $STATUS -eq 0 ]; then
                echo -e "\nPassword is: \"$i\""
                break                         # if successful, print the password and quit
            fi
        done
        echo "Start time $startTime"
        echo "End time $(date)"
    else
        echo "The file does not appear to be a zip file"
    fi


This approach should work when you are unable to extract the hash, but is much, much slower (not really practical for most applications). See the results below.

    ...
    trying "pmc"
    7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-1
    Processing archive: test.zip
    Extracting  Sample_memo.pdf     Data Error in encrypted file. Wrong password?
    **Sub items Errors: 1**
 
    trying "1234"
    7-Zip [64] 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
    Processing archive: test.zip
    Extracting  Sample_memo.pdf
    **Everything is Ok**
    Size:       60936
    Compressed: 51033
 
    Password is: "1234"
    Start time 2015. 01. 03. (토) 19:02:51 KST
    End time 2015. 01. 03. (토) 19:02:51 KST

2 min read

PRNewsWire Quotes CybercrimeTech

PRNewsWire, when writing about Passware’s new LUKS GPU-assisted brute force cracker, referenced our work on LUKS password cracking with John the Ripper.

<div class="separator" style="clear: both; text-align: center;"></div>Just to be clear, prior tests with JoT were with multi-CPU - not GPU - enabled password generation. Also, we basically had only one thread attempting to access the LUKS device. Multi-threading may be able to increase practical guessing to a few a second, but probably still not as many as Passware’s 300 guesses claim.

While their title is not exactly accurate, thanks for mentioning us!

Full article can be found here:

http://www.prnewswire.com/news-releases/passware-first-to-enable-computer-forensics-to-crack-linux-disk-encryption-luks-300004871.html

~1 min read

Korea Linux Forum 2014: Linux and Law Enforcement

On November 11, 2014 Joshua James of CybercrimeTech.com gave a presentation at the Korea Linux Forum on Linux and Law Enforcement: Challenges and Opportunities. Presentation slides can be found at the link.
<div>
A bit about the talk can be found below.

<div class="separator" style="clear: both; text-align: center;"></div>Overall, I thought the Korea Linux Forum 2014 was very interested. I’d never been to that kind of conference before, and I think it was not so usual to have a speaker talking about how criminals and Law Enforcement are using Linux / Open Source. I think most engineers were maybe not so interested, but I seemed to get a bit of interest from the legal side. All-in-all, definitely a conference I will try to attend next year.

</div><div>Linux and Law Enforcement: Challenges and Opportunities</div>
Abstract
Like all technology, Linux can be used for good or evil. Cybercrime and digital forensic investigators must be able to investigate Linux-based systems that have been attacked, or have been used for criminal purposes. While hackers have adopted Linux for its power and flexibility, Law Enforcement have mixed feelings about Linux and open source projects in general. This talk will discuss how both Law Enforcement and criminals are using Linux, current perceptions of Law Enforcement toward the use of Linux and community-developed software, and legal considerations about the use of open source tools in digital investigations.

Audience
All technologies are vulnerable to criminal abuse. This talk will help the community understand what Law Enforcement are doing about current cybercrime cases, and what role Linux (and the community) play in both supporting and preventing digital crime. It is hoped that if developers, administrators and users are more aware of the challenges Law Enforcement face, then not only can the security of the ecosystem be improved, but also justice when the ecosystem is criminally abused.

Experience Level
Any

Benefits to the Ecosystem
All technologies are vulnerable to criminal abuse. This talk will help the community understand what Law Enforcement are doing about current cybercrime cases, and what role Linux (and the community) play in both supporting and preventing digital crime. It is hoped that if developers, administrators and users are more aware of the perspective of Law Enforcement, then not only can the security of the ecosystem be improved, but also justice when the ecosystem is abused.

1 min read

World Forensic Festival, Digital Forensic Masters and the Korea Linux Forum


A pretty busy day preparing for the World Forensic Festival next week. If you are going, please be sure to catch me on Thursday and Friday for the Digital Forensics talk and singleer sessions. I will be talking about event reconstruction with no-prior information. Just a sort piece of work I touched on in my dissertation.

We also have an open house in SoonChunHyang University tomorrow to introduce potential students
to the Master’s in Digital Forensic Investigation. It is a combination degree with the SCH Graduate
School of Forensic Science. The session on digital forensics is short, but should be interesting. If you are in Asan tomorrow after, please let me know.

Finally, we are also getting ready for the Korea Linux Forum where we will talk about Linux in crime and criminal investigation. I’ve never been to the event before, but it should be interesting to meet developers and users. Hopefully I can give them some insight into how the Law Enforcement community (and criminals) is using their work. There are some interesting parallels between the idea of open source, and requirements by courts. Much of which was talked about by Brian Carrier a while ago in “Open Source Digital Forensic Tools - The Legal Argument”.

All together, a pretty interesting few months ahead.
<div>
</div>

1 min read

[CFP] DFRWS EU 2015 - Submission Deadline Approaching

Just a reminder that the submission deadline for DFRWS EU 2015 (hosted in Dublin, Ireland) is September 22nd, 2014!

<div class="separator" style="clear: both; text-align: center;"></div>Topics of Interest:

<ul><li>“Big data” approaches to forensics, including data collection, data mining, and large scale visualization</li><li>Addressing forensic challenges of Systems-on-a-chip</li><li>Anti-forensics and anti-anti-forensics</li><li>Case studies and trend reports</li><li>Data hiding and discovery</li><li>Data recovery and reconstruction</li><li>Database forensics</li><li>Digital evidence and the law</li><li>Digital evidence storage and preservation</li><li>Event reconstruction methods and tools</li><li>Incident response and live analysis</li><li>Interpersonal communications and social network analysis</li><li>Malware and targeted attacks: analysis, attribution</li><li>Memory analysis and snapshot acquisition</li><li>Mobile and embedded device forensics</li><li>Multimedia analysis</li><li>Network and distributed system forensics</li><li>Non-traditional forensic scenarios and approaches (e.g. vehicles, control systems, and SCADA)</li><li>Storage forensics, including file system and Flash</li><li>Tool testing and development</li><li>Triage, Prioritization, Automation: Efficiently processing large amounts of data in digital forensics</li><li>Virtualized environment forensics, with specific attention to the cloud and virtual machine introspection</li><li>The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience.</li></ul>
Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to: eu-papers dfrws org

~1 min read