Digital Forensics Conferences in 2015

Here are conferences or workshops focusing on digital forensics. It is interesting that a few stress a certain area – biometrics, cloud computing – combined with forensics.

Digital Forensics: Conferences / Workshops

  • DFRWS 2015: 15th Digital Forensic Research Workshop
  • SADFE 2015 : 10th International Conference on Systematic Approaches to Digital Forensic Engineering
  • WSDF 2015: The 8th International Workshop on Digital Forensics (w/ ARES)
  • IEEE WIFS 2015: 7th IEEE International Workshop on Information Forensics and Security
  • ICDF2C 2015: 7th International Conference on Digital Forensics and Cyber Crime (w/ KDFS)
  • IWCC 2015: 4th International Workshop on Cyber Crime (w/ ARES)
  • CEWE 2015: 3rd International Workshop on Cybercrimes and Emerging Web Environments
  • ISCC-SFCS 2015: 3rd International Workshop on Security and Forensics in Communication Systems
  • ISDFS 2015: The 3rd International Symposium on Digital Forensics and Security
  • IWBF 2015: 3rd International Workshop on Biometrics and Forensics
  • ISDF 2015: 2nd The International Conference in Information Security, and Digital Forensics
  • DigitalSec 2015 : 2nd Digital Security and Forensics
  • WCSF 2015: The International Workshop on Cloud Security and Forensics (w/ ARES)
  • BioFor 2015: International Workshop on Recent Advances in Digital Security: Biometrics and Forensics (w/ ICIAP)
  • CSDI 2015: The International Workshop on Cyber Security and Digital Investigation (w/ MobiSPC)
  • DiFER 2015: Inaugural Workshop on Digital Forensics Experiments and Results

Digital Forensics: Publications

  • JDFSL: Journal of Digital Forensics, Security and Law (2006-)
  • TIFS: IEEE Transactions on Information Forensics and Security (2006-)
  • IJDCF: International Journal of Digital Crime and Forensics (2009-)
  • Digital Forensics: Digital Forensics (2005-)
  • IMF: International Conference on IT-Incidents Management & IT-Forensics (2003-)
  • WIFS: International Workshop on Information Forensics and Security (2009-)

Demystifying Registry (2)

레지스트리는 마이크로소프트 윈도우 시스템에서 사용하는 거대한 데이터베이스다. 디지털 포렌식에서 상당히 유용한 정보로 활용하는 레지스트리 정보만 세부적으로 잘 알아도 조사에 큰 도움을 준다. 작년에 이어 – 좀 많이 늦긴 했지만 – 전체적으로 내용을 정리해 봤다. 더 많은 정보가 있겠지만 이를 토대로 증거를 확장해 찾을 수 있다. (개인용이나 학습용은 얼마든지 출처만 밝힌다면 사용하거나 배포/재배포해도 좋다. 영업용이나 강의용이라면 먼저 연락 부탁드린다. kevinkoo001 AT gmail DOT com.)

Registry is the vast database used by Microsoft Windows system. It provides investigators with a bunch of information during digital forensic process. I have organized useful artifacts residing in registry. There should be more, however you are able to dig into them based upon those evidence. (You may want to make use of, distribute or redistribute this material for the personal use and/or study unless you forget to remain the original source. For commercial use (including a lecture), please contact me: kevinkoo001 AT gmail DOT com.)

자료 내용은 아래를 참고하자.
The below shows brief contents to cover.

1. What is Registry?
2. Location and Components
3. Root Keys
4. Hive Structure
5. Windows Registry Artifacts
. Basic System Information
. Installed Software List
. MRU List
. USB Information
. Mounted Devices
. Timezone information
. Shared Resources
. Mapped Network Drives
. Startup Services
. Internet Explorer
. Wireless SSIDs
. Network Interfaces
. SAM
. UserAssist (Application Usage)
. Shellbags
. Explorer Searches
. RDP Connection Information
. Hardware Information
. Restore Point

Click here to download the material.

 

NTFS Fundamentals

NTFS는 마이크로소프트 윈도우 시스템에서 사용하는 파일 시스템이다. 그냥 보기엔 복잡하고 기능도 많아 보인다. 이 자료를 통해 NTFS를 처음 접하는 사람도 쉽게 이해할 수 있으면 하는 바램이다. (개인용이나 학습용은 얼마든지 출처만 밝힌다면 사용하거나 배포/재배포해도 좋다. 영업용이나 강의용이라면 먼저 연락 부탁드린다. kevinkoo001 AT gmail DOT com.)

NTFS is the file system used in Microsoft Windows. At first glance, its design might overwhelm you due to complexity and many features. I hope this material helps for those who attempt to understand NTFS for the first time. (You may want to make use of, distribute or redistribute this material for the personal use and/or study unless you forget to remain the original source. For commercial use (including a lecture), please contact me: kevinkoo001 AT gmail DOT com.)

자료 내용은 아래를 참고하자.
The below shows brief contents to cover.

1. Information with tools
2. NTFS Layout
3. MBR
4. VBR
5. MFT
. MFT Entry/Attributes
. Cluster Runs
. LCN&VCN,
. Sparse/Compression
. Resident/Non-resident

Click here to see download the material.