SADFE 2021

Call for Papers
May 27, 2021

The SADFE (Systematic Approaches to Digital Forensic Engineering)
International Workshop brings together researchers and practitioners
focused on the state-of-the-art and emerging topics of interest in
digital forensics. The 2021 SADFE Workshop will be held remotely in
conjunction with the 42nd IEEE Symposium on Security and Privacy.

The workshop promotes systematic approaches to digital forensic
investigation on the vulnerabilities of today’s cyber systems and
networks, digital exploitation and manipulation, and on the emerging
methods for how to detect, track, and prevent digital threats. SADFE
embraces Digital Forensic Engineering (DFE) advancement as a
disciplined and holistic scientific practice.

Namely, the workshop focuses on the topics of AI-generated falsified
media (e.g. DeepFakes), cloud forensics, emerging and non-traditional
methods (e.g. digital currency forensics, contact tracing, digital
evidence management and analysis), forensics of embedded and
non-traditional forensics, and related legal, ethical and technical

The 2021 SADFE Workshop is calling for paper and poster submissions as
well as panel proposals in the broad field of Digital Forensics from
both practitioner and researcher perspectives. With the dynamic change
and rapid expansion of the types of electronic devices, networked
applications, and investigation challenges, systematic approaches for
automating the process of gathering, analyzing and presenting digital
evidence are in unprecedented demand. The SADFE Workshop aims to
promote solutions to these and related problems.

Submission Instructions

Paper and poster submissions should be made at: . Panel submissions
should be emailed directly to the Co-Chairs (Edmon Begoli -
and John (Vinnie) Monaco -

Review Process

Papers will be double-blind reviewed using the EasyChair Submission
system. Each paper will receive no less than three professional peer
reviews with results used for acceptance determination.

Submissions Guidelines

Call for Papers:

All paper submissions must be original work; authors must dearly
document any overlap with previously published or simultaneously
submitted papers from any of the authors. We seek submissions of 5 to
10 pages, excluding references and supplementary
materials. Submissions must be in PDF format using the IEEE conference
proceedings templates. Failure to adhere to the page limit and
formatting requirements are grounds for rejection without review.

We encourage authors to submit papers of appropriate length for the
research contribution. If your research contributions only require 5-7
pages, please only submit 5-7 pages (plus references). Shorter papers
will be reviewed like any other paper and not penalized. Papers
shorter than 5 pages or longer than 10 pages {excluding references)
will not be considered. Submitting supplementary material that adds
depth to the contribution and/or contributes to the submission's
replicability is strongly encouraged.

Papers must be submitted in a form suitable for anonymous review: no
author names or affiliations may appear on the title page, and papers
should avoid revealing author identities in the text. When referring
to your previous work, do so in the third person, as though it were
written by someone else. Only blind the reference itself in the
(unusual) case that a third-person reference is
infeasible. Publication as a technical report or in an online
repository does not constitute a violation of this policy. Contact the
program chairs if you have any questions. Papers that are not properly
anonymized may be rejected without review.

Accepted papers will be published in the 42nd IEEE Symposium on
Security & Privacy Workshop (SPW) Proceedings published by IEEE
Computer Society Press (CPS). Authors of select papers will be invited
to submit an extended version of their paper for publication in a
journal special issue (venue to be determined).

Call for Posters:

We encourage submission of poster proposals for a chance to present
your work interactively. Posters can cover preliminary or exploratory
work, smaller research projects, projects that are showing promising
results but aren't quite ready for a full publication, or any other
work that would benefit from open forum discussion. Topics of interest
are the same as those for papers as well as any other current digital
forensics topics. We are particularly interested in work that shares
real-life experiences including actual system or product
implementation, deployment, and lessons learned. Poster proposals
should be at most 2 pages in length and should briefly describe the
objectives of the current work, any accomplishments to date, and
future plans. Poster proposal submissions should not be anonymized;
ensure that, you include author information (name, affiliation,
country) in your proposal. If accepted, you are expected to attend the
virtual poster session. Posters are not considered to be a prior

Panel proposals:

We encourage submission of panels on the topics suggested below. A
panel submission should be 1 page (US letter) in PDF format, listing
the panel moderator and affiliation, as well as potential panelists
and the panel topic. The length of a panel is typically 1 hour. Panel
submissions should not be anonymized.

Important Dates for SADFE 2021 (all deadlines are AoE time)

    Paper submission deadline: January 19, 2021
    Paper decisions: February 24, 2021
    Paper ready for publication: March 15, 2021
    Poster submissions: February 28, 2021
    Poster decisions: March 31, 2021
    Panel poposals: February 28, 2021
    Panel decisions: March 31, 2021

Topics of Interest

Topics to be addressed by submissions include, but are not limited to:

 AI-Generated Falsified Media and Falsified Digital Content Detection,
 Prevention and Forensics

        Modalities, sources, and variations of AI-generated falsified
        digital media and content (i.e. DeepFakes images, audio,
        video, speech, text, signals, etc.)

        Processes, systems and methods for content analysis and
        verification (e.g., verification of anatomical correctness,
        background and setting validation, examination of physical
        conditions, speech patterns, likelihood of appearance, etc.)

        Content and model watermarking, content protection, and
        tamperproofing methods

        Identification, attribution, and source tracking of falsified
        digital media

        Use of falsified media to spread misinformation and “fake
        news” and its political, societal, social, legal, and
        psychological implications

        Legal and law enforcement implications and issues

    Cloud Forensics

        Collection and management of evidence on distributed and
        dynamically allocated assets

        Issues related to physical location (e.g., locating evidence
        or data, determining user location, and estimating device

        Tracking the source and spread of misinformation and
        politically-motivated campaigns

        Legal issues unique to cloud computing, such as digital crime
        spanning multiple jurisdictions and data obtained through an
        unverifiable chain of custody

        Detection and analysis of covert communication channels,
        including the circumvention of sandbox and isolation methods

        Live cloud forensics, including the analysis of distributed
        and volatile systems

    Emerging and Non-traditional Methods

        Digital Quantum Forensics

        Nano-scale and ultra-trace forensics at the material level

        Human-computer interaction forensics, including deception
        detection, user profiling, and the detection of illicit
        activities based on keyboard, mouse, touchscreen, and other

        Behavior-based authentication and identification of users and devices

        Novel methods of evidence collection in digital forensic
        investigations (e.g., evidence obtained through side-channels)

        Unconventional sensing methods (e.g., evidence obtained
        through gyroscopic, electromagnetic, or ambient light sensors)

    Digital Currency Forensics

        Tracking currency origin, destination, and flow

        Address clustering (i.e., resolving multiple addresses to a
        single entity)

        Detection of illicit activities (e.g., tax evasion, sale of
        illicit goods, laundering services)

        Transaction attribution and authentication

        Cross-platform forensics (e.g., linking addresses on Bitcoin
        and Ethereum)

        Analysis of transaction logs leveraging external sources
        (e.g., social media accounts)

    Digital Contact Tracing

        Forensic reconstruction of transmission networks, including
        contact event acquisition, storage, and promulgation

        Applications and research related to COVID-19 infection
        containment, and other disease tracking applications

        Privacy, policy, ethical, and legal issues of contact tracing

        Advancements in mobile and proximity-based tracing

        Novel sensing modalities (e.g., visual, acoustic, RF) and
        devices (e.g., home assistants, wearable devices)

        CEvaluations of contact tracing protocol accuracy, integrity,
        usage, effects, and societal impact

    Digital Evidence Management, Data Integrity, and Analytics

        Digital evidence identification, authentication, collection,
        analysis, and presentation

        Identification and redaction of personally identifying
        information and other forms of sensitive information

        Cyber-crime scenario analysis, modeling, and reconstruction

        Combining different forms digital evidence (e.g.,
        digital/non-digital, qualitative/statistical)

        Digital evidence in the face of encryption

        Post-acquisition handling of evidence and the preservation of
        data integrity and admissibility

    Forensics of embedded and non-traditional devices (e.g. digicams,
    SCADA, obsolete storage media)

        PInnovative forensic engineering tools and applications
        Proactive forensic-enabled support for incident response
        Legal and technical collaboration
        Digital forensics surveillance technology and procedures
        “Honeypot” and other target systems for data collection and monitoring
        Quantitative attack impact assessment

    Legal, Ethical, and Technical Challenges

        Examination environments for digital data, including forensic
        tool validation

        Admissibility and evidence tests

        Courtroom expert witness and case presentation

        Case studies illustrating privacy, legal and legislative issues

        New Evidence Decisions, e.g., United States v. Jones (2012)
        and United States v. Kotterman (9th Cir. 2013)

        Transnational Investigations/Case Integration under the
        Convention on Cybercrime of the Council of Europe