Preliminary CFP
SADFE-2009: Fourth International Workshop on Systematic Approaches to Digital Forensic Engineering http://conf.ncku.edu.tw/sadfe/sadfe09/ May 21, 2009, Oakland, CA, USA The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined practice. Most previous SADFE papers have emphasized cyber crime investigations, and this is still a key focus of the meeting. However, we also welcome papers on forensics that do not necessarily involve a crime: general attack analysis, insider threat, insurance and compliance investigations, and similar forms of retrospective analysis are all viable topics. Digital forensic engineering is characterized by the application of scientific and mathematical principles to the investigation and establishment of facts or evidence, either for use within a court of law or to aid in understanding past events on a computer system. Past speakers and attendees of SADFE have included computer scientists, social scientists, forensic practitioners, law enforcement, lawyers, and judges. The synthesis of hard technology and science with social science and practice forms the foundation of this conference. Workshop Topics The field of digital forensics faces many challenges, including scale, scope and presentation or reintegration of primarily technical information and conclusions into a non-technical societal framework. Digital information now permeates cyber-crimes and cyber-enabled crimes. It may be available for only nanoseconds or for years; it may involve only a single bit that has been modified, or huge volumes of data that may be found locally or spread globally throughout a variety of infrastructures. Correlating large amounts of digital information, establishing relevance and reliability and authenticating electronic evidence may be exceptionally difficult across geographically dispersed public and proprietary platforms. To advance the state of the art, SADFE-2009 solicits broad-based, innovative digital forensic engineering technology, techno-legal and practice-related submissions in the following four areas: Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage * Identification, authentication and collection of digital evidence * Post-collection handling of evidence and the preservation of data integrity * Evidence preservation and storage * Forensic-enabled architectures and processes, including network processes * Managing geographically, politically and/or jurisdictionally dispersed data * Data and web mining systems for identification and authentication of relevant data Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds * Legal and technical aspects of admissibility and evidence tests * Examination environments for digital data * Courtroom expert witness and case presentation * Case studies illustrating privacy, legal and legislative issues * Forensic tool validation: legal implications and issues * Legal and privacy implications for digital and computational forensic analysis Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation * Advanced search, analysis, and presentation of digital evidence * Progressive cyber crime scenario analysis and reconstruction technology * Legal case construction & digital evidence support * Cyber-crime strategy analysis & modeling * Combining digital and non-digital evidence * Supporting qualitative or statistical evidence * Computational systems and computational forensic analysis Forensic-support technologies: forensic-enabled and proactive monitoring/response * Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA) * Innovative forensic engineering tools and applications * Forensic-enabled support for incident response * Forensic tool validation: methodologies and principles * Legal and technical collaboration * Digital Forensics Surveillance Technology and Procedures * "Honeypot" and other target systems for data collection and monitoring Instructions for Paper and Panel Submissions The SADFE-2009 Program Committee invites three types of submissions: Full papers Submission deadline: January 17, 2009 Full papers present mature research results. Papers accepted for presentation at the Workshop will be included in the SADFE-2009 proceedings, which we anticipate will be published by IEEE Press. Full papers should be 8-12 pages when formatted according to IEEE guidelines. Papers must include an abstract and a list of keywords, and clearly indicate the corresponding author. "Work-in-Progress" short papers These shorter papers should describe interesting developing work or concept in the field of digital forensic engineering. These papers should emphasize the nature of the problem they present, potential solution and implications/impacts to the field, in such a way that it will engender community discussion. A selection of these papers will be presented at SADFE-2009 in a Works-in-Progress session. Work-in-Progress papers should be 3-5 pages long. Work-in-Progress papers will be included as an appendix in the SADFE-2009 proceedings. Authors may participate in only one Work-in-Progress paper (in the case of multiple submissions, later submissions will be deleted). Posters Describing work in progress and/or specific tools available without charge to the research community (ie, no vendor posters should be submitted). Submissions must consist of a one-page abstract. Posters will not be included in the proceedings. Authors of selected posters will have an opportunity to briefly introduce their work during the meeting. Each paper submission will be reviewed by at least three SADFE-2009 Program Committee members. The selection process will be based on review technical merits. Panel and posters decisions will be made by Program Chair with recommendations from Program Committee and Steering Committee. Double Submissions, Uniqueness & Presentation SADFE-2009 is intended to support discussion and publication of novel results. To meet this goal, submissions must not substantially duplicate work that any of the authors has published elsewhere. Work submitted in parallel to any other conference or workshop with proceedings is explicitly excluded from participation. If the work has been submitted elsewhere in a venue that does not include proceedings, the extent of the replication and the nature of the other venue should be clearly indicated in a cover letter submitted along with the paper. Finally, plagiarism has no place in the scholarly community and the program committee reserves the right to notify employers and/or others of any confirmed cases of plagiarism. For accepted Full Papers, Posters, and for the Work-in-Progress, it is required that at least one of the authors attends the conference to present the paper. The presenting author must be registered by the date of the camera-ready submission. The deadline for Work-in-Progress and Full papers is the same. All submissions (papers & panel proposals) must be submitted electronically, following the instructions to be provided on the website. Papers must list all authors and their affiliations; in case of multiple authors, the contact author must be indicated Workshop Format The SADFE workshop will consist of invited talks, paper presentations and panel discussions. All presentations, talks and panel discussions will be made in English. Organizing Comittee: General Chair: Rob Erbacher (Utah State University) Program Committee Co-Chairs: Matt Bishop (UC Davis) and Sean Peisert (UC Davis) Program Committee: Becky Bace Infidel, Inc. Matt Bishop University of California, Davis Brian Carrier Basis Corp. Charisse Castagnoli Independent Consultant Peter Chen University of Michigan Herve Debar France Telecom R&D Barbara Endicott-Popovsky University of Washington Deb Frincke Pacific Northwest National Labs Simson Garfinkel Naval Postgraduate School Carrie Gates CA Labs Brian Hay University of Alaska, Fairbanks Erin Kenneally University of California, San Diego Chi Sung Laih National Cheng Kung University Michael Losavio University of Louisville Keith Marzullo University of California, San Diego Kara Nance University of Alaska, Fairbanks Sean Peisert University of California, Davis Mark Pollitt University of Central Florida Christian Probst Technical University of Denmark Clay Shields Georgetown University Abe Singer California Institute of Technology Fred Chris Smith Former Assistant U.S. Attorney Tye Stallard University of California, Davis Bill Tafoya University of New Haven Wietse Venema IBM T.J. Watson Research Center Giovanni Vigna University of California, Santa Barbara Avishai Wool Tel Aviv University