Note: Proceedings will be published by IEEE. Author notifications will be in mid-February, several weeks before the deadline for DFRWS. CFP: Systematic Approaches to Digital Forensic Engineering
Call For Papers

IEEE/SADFE-2010: Fifth International Workshop on Systematic Approaches
to Digital Forensic Engineering
 In conjunction with the IEEE Security and Privacy Symposium, Oakland,
 CA, USA, May 20, 2010

Paper submissions due: January 16, 2010 or contact
Dr. Endicott-Popovsky at for additional

The SADFE (Systematic Approaches to Digital Forensic Engineering)
International Workshop promotes systematic approaches to computer
investigations, by furthering the advancement of digital forensic
engineering as a disciplined science and practice.

Most previous SADFE papers have emphasized cyber crime investigations
and digital forensics tools. While these are still key topics of the
meeting, we also welcome digital forensics papers that do not
necessarily involve either crime or digital forensics tools. General
attack analysis, the insider threat, insurance and compliance
investigations, similar forms of retrospective analysis, and digital
discovery are all viable topics. Digital forensic engineering is the
application of scientific principles to the collection and analysis of
digital artifacts, either for use within the legal system or to aid in
understanding past events with the goal of improving computer system

Past speakers and attendees of SADFE have included computer and
information scientists, social scientists, digital forensic
practitioners, IT professionals, law enforcement, lawyers, and
judges. The synthesis of science with practice and the law with
technology form the foundation of this conference.

Workshop Topics

The field of digital forensics faces many challenges, including scale,
scope and presentation of highly technical information in legal venues
to nontechnical audiences.

Digital artifacts permeate our lives and are part of every crime and
every case of digital discovery. Digital artifacts may be extant for
only nanoseconds or for years; they may consist of a single modified
bit, or huge volumes of data; they may be found locally or spread
globally throughout a complex digital infrastructure on public or
private systems.

Today's digital crime scene is an active network with network
administrators functioning as first responders, using tools and
devices for collecting data that were never designed to meet the
admissibility standards of a courtroom.

"Although, many computer crimes [and civil cases] have thus far been
plea-bargained, eliminating exposure to challenge in a courtroom, with
the increasing cost of computer crimes and the increasing criminal
penalties associated with them, more cases will find their way into
the courtroom and challenges are inevitable" [Peter Sommer, London
School of Economics].  .

SADFE addresses the gap between today’s practice and the
establishment of digital forensics as a science. To advance the field,
SADFE-2010 solicits broad-based, innovative approaches to digital
forensic engineering in the following four areas:

Digital Data and Evidence Management: advanced digital evidence
discovery, collection, and storage

        * Identification, authentication and collection of digital evidence

        * Post-collection handling of evidence and the preservation of
            data integrity and admissibility
        * Evidence preservation, archiving and storage

        * Forensic ready and compliance ready architectures and
            processes, including network processes

        * Managing geographically, politically and/or jurisdictionally
                dispersed data artifacts
        * Data and web mining systems for identification and
                authentication of relevant data
        * Botnet forensics

Scientific Principle-based Digital Forensic Processes: systematic
engineering processes supporting digital evidence management which are
sound on scientific, technical and legal grounds

        *       Legal and technical aspects of admissibility and evidence tests
        *       Examination environments for digital data
        *       Courtroom expert witness and case presentation
        *       Case studies illustrating privacy, legal and legislative issues
        *       Forensic tool validation: legal implications and issues
        *       Legal and privacy implications for digital and computational
                forensic analysis
        *       Handling increasing volumes of digital discovery

Digital Evidence Analytics: advanced digital evidence analysis,
correlation, and presentation

        *       Advanced search, analysis, and presentation of digital evidence
        *       Cyber crime scenario analysis and reconstruction technologies
        *       Legal case construction & digital evidence support
        *       Cyber-crime strategy analysis & modeling
        *       Combining digital and non-digital evidence
        *       Supporting qualitative or statistical evidence
        *       Computational systems and computational forensic analysis

Forensic-support technologies: forensic-enabled and proactive monitoring/response
        *       Forensics of embedded or non-traditional devices 
                (e.g. digicams, cell phones, SCADA)
        *       Innovative forensic engineering tools and applications
        *       Proactive forensic-enabled support for incident response
        *       Forensic tool validation: methodologies and principles
        *       Legal and technical collaboration
        *       Digital forensics surveillance technology and procedures
        *       "Honeypot" and other target systems for data collection and
        *       quantitative attack impact assessment

Instructions for Paper and Panel Submissions

The SADFE-2010 Program Committee invites three types of submissions:

Full papers

Full papers present mature research results. Papers accepted for
presentation at the Workshop will be included in the SADFE-2010
proceedings, which we anticipate will be published by IEEE Press. Full
papers should be 8-12 pages when formatted according to IEEE
guidelines.  Papers must include an abstract and a list of keywords,
and clearly indicate the corresponding author.

"Work-in-Progress" short papers

These shorter papers should describe interesting developing work or
concepts in the field of digital forensic engineering. These papers
should emphasize the nature of the problem they present, potential
solution and implications/impacts to the field, in such a way that it
will engender community discussion. A selection of these papers will
be presented at SADFE-2010 in a Work-in-Progress
session. Work-in-Progress papers should be 3-5 pages
long. Work-in-Progress papers will be included as an appendix in the
SADFE-2009 proceedings. Authors may participate in only one
Work-in-Progress paper (in the case of multiple submissions, later
submissions will be deleted).


Describing work in progress and/or specific tools available without
charge to the research community (ie, no vendor posters should be
submitted). Submissions must consist of a one-page abstract. Posters
will not be included in the proceedings. Authors of selected posters
will have an opportunity to briefly introduce their work during the

Paper Acceptance

Each paper submission will be reviewed by at least three SADFE-2010
Program Committee members. The selection process will be based on
review technical merits. Panel and posters decisions will be made by
the Program Chair with recommendations from the Program Committee and
Steering Committee.

Double Submissions, Uniqueness & Presentation

SADFE-2010 is intended to support discussion and publication of novel
results. To meet this goal, submissions must not substantially
duplicate work that any of the authors has published elsewhere. Work
submitted in parallel to any other conference or workshop with
proceedings is explicitly excluded from participation. If the work has
been submitted elsewhere in a venue that does not include proceedings,
the extent of the replication and the nature of the other venue should
be clearly indicated in a cover letter submitted along with the

For accepted Full Papers, Posters, and Work-in-Progress papers, it is
required that at least one of the authors attends the conference to
present the paper. The presenting author must be registered by the
date of the camera-ready submission deadline. The deadline for
Work-in-Progress and Full papers is the same.

All submissions (papers & panel proposals) must be submitted
electronically, following the instructions to be provided on the
website. Papers must list all authors and their affiliations; in the
case of multiple authors, the contact author must be indicated.

Workshop Format

The SADFE workshop will consist of invited talks, paper presentations
and panel discussions. All presentations, talks and panel discussions
will be made in English.

Steering Committee:

        Deb Frincke, co-chair           Pacific Northwest National Labs
        Ming-Yuh Huang, co-chair        The Boeing Company
        Chi Sung Laih                   National Cheng Kung University
        Michael Losavio                 University of Louisville
        Alec Yasinsac                   University of South Alabama

Organizing Committee:

General Co-Chairs:
        Carol Taylor
                                                (Eastern Washington University)
        Robert Erbacher
                                                (Utah State University)
        Program Committee Co-Chairs:    Barbara Endicott-Popovsky
                                                (University of Washington)
        Wenke Lee
                                                (Georgia Institute of Technology)
        Submission Chair:               Adel Elmaghraby
                                                (University of Louisville)
        Website Host:                   Chi Sung Laih
                                                (National Cheng Kung University)