Preliminary CFP CFP: Systematic Approaches to Digital Forensic Engineering
SADFE-2009: Fourth International Workshop on Systematic Approaches to
Digital Forensic Engineering
May 21, 2009, Oakland, CA, USA
The SADFE (Systematic Approaches to Digital Forensic Engineering)
International Workshop promotes systematic approaches to computer
investigations, by furthering the advancement of digital forensic
engineering as a disciplined practice.

Most previous SADFE papers have emphasized cyber crime investigations,
and this is still a key focus of the meeting.  However, we also welcome
papers on forensics that do not necessarily involve a crime:  
general attack analysis, insider threat, insurance and compliance
investigations, and similar forms of retrospective analysis are all
viable topics. Digital forensic engineering is characterized by the
application of scientific and mathematical principles to the
investigation and establishment of facts or evidence, either for use
within a court of law or to aid in understanding past events on a
computer system.

Past speakers and attendees of SADFE have included computer scientists,
social scientists, forensic practitioners, law enforcement, lawyers, and
judges. The synthesis of hard technology and science with social science
and practice forms the foundation of this conference.

Workshop Topics

The field of digital forensics faces many challenges, including scale,
scope and presentation or reintegration of primarily technical
information and conclusions into a non-technical societal framework.

Digital information now permeates cyber-crimes and cyber-enabled
crimes.  It may be available for only nanoseconds or for years; it may
involve only a single bit that has been modified, or huge volumes of
data that may be found locally or spread globally throughout a variety
of infrastructures. Correlating large amounts of digital information,
establishing relevance and reliability and authenticating electronic
evidence may be exceptionally difficult across geographically
dispersed public and proprietary platforms.

To advance the state of the art, SADFE-2009 solicits broad-based,
innovative digital forensic engineering technology, techno-legal and
practice-related submissions in the following four areas:

Digital Data and Evidence Management: advanced digital evidence
discovery, collection, and storage

 *  Identification, authentication and collection of digital evidence
 *  Post-collection handling of evidence and the preservation of data integrity
 *  Evidence preservation and storage
 *  Forensic-enabled architectures and processes, including network processes
 *  Managing geographically, politically and/or jurisdictionally dispersed data
 *  Data and web mining systems for identification and authentication of 
    relevant data      
Principle-based Digital Forensic Processes: systematic engineering
processes supporting digital evidence management which are sound on
scientific, technical and legal grounds

 *  Legal and technical aspects of admissibility and evidence tests
 *  Examination environments for digital data
 *  Courtroom expert witness and case presentation
 *  Case studies illustrating privacy, legal and legislative issues
 *  Forensic tool validation: legal implications and issues
 *  Legal and privacy implications for digital and computational 
    forensic analysis

Digital Evidence Analytics: advanced digital evidence analysis, correlation,
    and presentation 

 *  Advanced search, analysis, and presentation of digital evidence
 *  Progressive cyber crime scenario analysis and reconstruction technology
 *  Legal case construction & digital evidence support
 *  Cyber-crime strategy analysis & modeling
 *  Combining digital and non-digital evidence
 *  Supporting qualitative or statistical evidence
 *  Computational systems and computational forensic analysis
Forensic-support technologies: forensic-enabled and proactive 

 *  Forensics of embedded or non-traditional devices (e.g. digicams, 
    cell phones, SCADA)
 *  Innovative forensic engineering tools and applications
 *  Forensic-enabled support for incident response
 *  Forensic tool validation: methodologies and principles
 *  Legal and technical collaboration
 *  Digital Forensics Surveillance Technology and Procedures
 *  "Honeypot" and other target systems for data collection and monitoring
Instructions for Paper and Panel Submissions  

The SADFE-2009 Program Committee invites three types of submissions: 

Full papers

Submission deadline: January 17, 2009

Full papers present mature research results. Papers accepted for
presentation at the Workshop will be included in the SADFE-2009
proceedings, which we anticipate will be published by IEEE Press. Full
papers should be 8-12 pages when formatted according to IEEE
guidelines.  Papers must include an abstract and a list of keywords,
and clearly indicate the corresponding author.
"Work-in-Progress" short papers

These shorter papers should describe interesting developing work or
concept in the field of digital forensic engineering. These papers
should emphasize the nature of the problem they present, potential
solution and implications/impacts to the field, in such a way that it
will engender community discussion. A selection of these papers will
be presented at SADFE-2009 in a Works-in-Progress
session. Work-in-Progress papers should be 3-5 pages
long. Work-in-Progress papers will be included as an appendix in the
SADFE-2009 proceedings. Authors may participate in only one
Work-in-Progress paper (in the case of multiple submissions, later
submissions will be deleted).


Describing work in progress and/or specific tools available without
charge to the research community (ie, no vendor posters should be
submitted). Submissions must consist of a one-page abstract. Posters
will not be included in the proceedings. Authors of selected posters
will have an opportunity to briefly introduce their work during the

Each paper submission will be reviewed by at least three SADFE-2009
Program Committee members. The selection process will be based on
review technical merits. Panel and posters decisions will be made by
Program Chair with recommendations from Program Committee and Steering

Double Submissions, Uniqueness & Presentation

SADFE-2009 is intended to support discussion and publication of novel
results. To meet this goal, submissions must not substantially
duplicate work that any of the authors has published elsewhere. Work
submitted in parallel to any other conference or workshop with
proceedings is explicitly excluded from participation. If the work has
been submitted elsewhere in a venue that does not include proceedings,
the extent of the replication and the nature of the other venue should
be clearly indicated in a cover letter submitted along with the
paper. Finally, plagiarism has no place in the scholarly community and
the program committee reserves the right to notify employers and/or
others of any confirmed cases of plagiarism.

For accepted Full Papers, Posters, and for the Work-in-Progress, it is
required that at least one of the authors attends the conference to
present the paper. The presenting author must be registered by the
date of the camera-ready submission. The deadline for Work-in-Progress
and Full papers is the same.

All submissions (papers & panel proposals) must be submitted
electronically, following the instructions to be provided on the
website. Papers must list all authors and their affiliations; in case
of multiple authors, the contact author must be indicated

Workshop Format

The SADFE workshop will consist of invited talks, paper presentations
and panel discussions. All presentations, talks and panel discussions
will be made in English.

Organizing Comittee:

  General Chair: Rob Erbacher (Utah State University)
  Program Committee Co-Chairs: Matt Bishop (UC Davis) and 
                               Sean Peisert (UC Davis)

Program Committee:

Becky Bace                              Infidel, Inc.
Matt Bishop                             University of California, Davis
Brian Carrier                           Basis Corp.
Charisse Castagnoli                     Independent Consultant
Peter Chen                              University of Michigan
Herve Debar                             France Telecom R&D
Barbara Endicott-Popovsky               University of Washington
Deb Frincke                             Pacific Northwest National Labs
Simson Garfinkel                        Naval Postgraduate School
Carrie Gates                            CA Labs
Brian Hay                               University of Alaska, Fairbanks
Erin Kenneally                          University of California, San Diego
Chi Sung Laih National                  Cheng Kung University
Michael Losavio                         University of Louisville
Keith Marzullo                          University of California, San Diego
Kara Nance                                      University of Alaska, Fairbanks
Sean Peisert                            University of California, Davis
Mark Pollitt                            University of Central Florida
Christian Probst                        Technical University of Denmark
Clay Shields                            Georgetown University
Abe Singer                              California Institute of Technology
Fred Chris Smith                        Former Assistant U.S. Attorney
Tye Stallard                            University of California, Davis
Bill Tafoya                             University of New Haven
Wietse Venema                           IBM T.J. Watson Research Center
Giovanni Vigna                          University of California, Santa Barbara
Avishai Wool                            Tel Aviv University