http://conf.ncku.edu.tw/sadfe/sadfe10/
or contact
Dr. Endicott-Popovsky at endicott@u.washington.edu for additional information.
The SADFE
(Systematic Approaches to Digital Forensic Engineering) International Workshop
promotes systematic approaches to computer investigations, by furthering the
advancement of digital forensic engineering as a disciplined science and
practice.
Most previous SADFE papers have emphasized cyber crime investigations and
digital forensics tools. While these are still key topics of the meeting, we
also welcome digital forensics papers that do not necessarily involve either
crime or digital forensics tools. General attack analysis, the insider threat,
insurance and compliance investigations, similar forms of retrospective
analysis, and digital discovery are all viable topics. Digital forensic
engineering is the application of scientific principles to the collection and
analysis of digital artifacts, either for use within the legal system or to aid
in understanding past events with the goal of improving computer system
security.
Past speakers and attendees of SADFE have included computer and information
scientists, social scientists, digital forensic practitioners, IT professionals,
law enforcement, lawyers, and judges. The synthesis of science with practice and
the law with technology form the foundation of this conference.
Workshop
Topics
The field of digital
forensics faces many challenges, including scale, scope and presentation of
highly technical information in legal venues to nontechnical audiences.
Digital artifacts permeate our lives and are part of every crime and every case
of digital discovery. Digital artifacts may be extant for only nanoseconds or
for years; they may consist of a single modified bit, or huge volumes of data;
they may be found locally or spread globally throughout a complex digital
infrastructure on public or private systems.
Today's digital crime scene is an active network with network administrators
functioning as first responders, using tools and devices for collecting data
that were never designed to meet the admissibility standards of a courtroom.
"Although, many computer crimes [and
civil cases] have thus far been plea-bargained, eliminating exposure to
challenge in a courtroom, with the increasing cost of computer crimes and the
increasing criminal penalties associated with them, more cases will find their
way into the courtroom and challenges are inevitable" [Peter Sommer, London
School of Economics].
SADFE addresses the
gap between today practice and the establishment of digital forensics as a
science. To advance the field, SADFE-2010 solicits broad-based, innovative
approaches to digital forensic engineering in the following four areas:
Digital Data and
Evidence Management: advanced digital evidence discovery,
collection, and storage
- Identification,
authentication and collection of digital evidence
-
Post-collection handling of evidence and the preservation of data integrity and
admissibility
-
Evidence preservation, archiving and storage
-
Forensic ready and compliance ready architectures and processes, including
network processes
-
Managing geographically, politically and/or jurisdictionally dispersed data
artifacts
-
Data and web mining systems for identification and authentication of relevant
data
-
Botnet forensics
Scientific Principle-based Digital Forensic Processes:
systematic engineering processes supporting
digital evidence management which are sound on scientific, technical and legal
grounds
-
Legal and technical aspects of admissibility and evidence tests
-
Examination environments for digital data
-
Courtroom expert witness and case presentation
-
Case studies illustrating privacy, legal and legislative issues
-
Forensic tool validation: legal implications and issues
-
Legal and privacy implications for digital and computational forensic analysis
- Handling increasing volumes of digital discovery
Digital
Evidence Analytics: advanced
digital evidence analysis, correlation, and presentation
-
Advanced search, analysis, and presentation of digital evidence
-
Cyber crime scenario analysis and reconstruction technologies
-
Legal case construction & digital evidence support
-
Cyber-crime strategy analysis & modeling
-
Combining digital and non-digital evidence
-
Supporting qualitative or statistical evidence
-
Computational systems and computational forensic analysis
Forensic-support technologies: forensic-enabled
and proactive monitoring/response
-
Forensics of embedded or non-traditional devices (e.g. digicams, cell phones,
SCADA)
-
Innovative forensic engineering tools and applications
-
Proactive forensic-enabled support for incident response
-
Forensic tool validation: methodologies and principles
-
Legal and technical collaboration
-
Digital forensics surveillance technology and procedures
- "Honeypot"
and other target systems for data collection and monitoring
- Quantitative attack impact assessment
Instructions for Paper and Panel
Submissions
The SADFE-2010 Program
Committee invites three types of submissions:
Full papers
Full papers
present mature research results. Papers accepted for presentation at the
Workshop will be included in the SADFE-2010 proceedings, which we anticipate
will be published by IEEE Press. Full papers should be 8-12 pages when formatted
according to IEEE guidelines. Papers must include an abstract and a list of
keywords, and clearly indicate the corresponding author.
"Work-in-Progress"
short papers
These shorter
papers should describe interesting developing work or concepts in the field of
digital forensic engineering. These papers should emphasize the nature of the
problem they present, potential solution and implications/impacts to the field,
in such a way that it will engender community discussion. A selection of these
papers will be presented at SADFE-2010 in a Work-in-Progress session.
Work-in-Progress papers should be 3-5 pages long. Work-in-Progress papers will
be included as an appendix in the SADFE-2010 proceedings. Authors may
participate in only one Work-in-Progress paper (in the case of multiple
submissions, later submissions will be deleted).
Posters
Describing work
in progress and/or specific tools available without charge to the research
community (ie, no vendor posters should be submitted). Submissions must consist
of a one-page abstract. Posters will not be included in the proceedings. Authors
of selected posters will have an opportunity to briefly introduce their work
during the meeting.
Paper Acceptance
Each paper
submission will be reviewed by at least three SADFE-2010 Program Committee
members. The selection process will be based on review technical merits. Panel
and posters decisions will be made by the Program Chair with recommendations
from the Program Committee and Steering Committee.
Double
Submissions, Uniqueness & Presentation
SADFE-2010 is intended to support discussion and
publication of novel results. To meet this goal, submissions must not
substantially duplicate work that any of the authors has published elsewhere.
Work submitted in parallel to any other conference or workshop with proceedings
is explicitly excluded from participation. If the work has been submitted
elsewhere in a venue that does not include proceedings, the extent of the
replication and the nature of the other venue should be clearly indicated in a
cover letter submitted along with the paper. Finally, plagiarism has no place in
the scholarly community and the program committee reserves the right to notify
employers and/or others of any confirmed cases of plagiarism.
For accepted Full Papers, Posters,
and for the Work-in-Progress,
it is required that at least one of the authors attends the conference
to present the paper. The presenting author must be registered by the
date of the camera-ready submission. The
deadline for Work-in-Progress and Full papers is the same.
All submissions (papers & panel proposals) must be submitted electronically,
following the instructions to be provided on the website. Papers must list all
authors and their affiliations; in the case of multiple authors, the contact
author must be indicated.
Workshop
Format
The SADFE workshop will
consist of invited talks, paper presentations and panel discussions. All
presentations, talks and panel discussions will be made in English.
SADFE Steering
Committee
|
Deb Frincke,
co-chair
|
Pacific
Northwest National Lab
|
|
Ming-Yuh Huang, co-chair
|
The Boeing Company
|
|
Chi-Sung Laih
|
National Cheng Kung University
|
|
Michael Losavio
|
University of Louisville
|
|
Alec Yasinsac
|
Florida State University
|
Organizing Committee
|
General Co-Chair:
|
Carol
Taylor
Robert F. Erbacher
|
Eastern
Washington University
Utah State
University
|
|
Program Committee
Co-Chairs:
|
Barbara
Endicott-Popovsky
|
University of Washington
|
|
Wenke Lee
|
Georgia
Institute of Technology
|
| Submission Chair: |
Adel
Elmaghraby |
University of
Louisville |
| Website Host: |
Chi-Sung Laih |
National Cheng
Kung University |
Program Committee
|
Herve
|
Debar
|
France
Telecom R&D
|
|
Simson
|
Garfinkel
|
Naval
Postgraduate School
|
|
Brian
|
Hay
|
University
of Alaska, Fairbanks
|
|
Erin
|
Kenneally
|
University of
California, San Diego
|
|
Michael
|
Losavio
|
University of
Louisville
|
|
Kara
|
Nance
|
University of Alaska, Fairbanks
|
|
Sean
|
Peisert
|
University
of California, Davis
|
|
Mark
|
Pollitt
|
University of
Central Florida
|
|
Clay
|
Shields
|
Georgetown
University
|
|
Wietse
|
Venema
|
IBM T.J.
Watson Research Center
|
|
Brian
|
Levine
|
U Mass
Amherst
|
|
Christian
|
Seifert
|
Microsoft Corp
|
| (additional committee members will be added when confirmed) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
