Research | Practice





[How to] Create and verify a mutli-part disk image with FTK Imager

Tuesday, October 04, 2016 Posted by Joshua James , , No comments
This video shows how to make a disk image using FTK Imager on a Windows system.

FTK Imager is an easy to use tool for copying data from suspect disks, and has other functions such as verification features and a hex view. It is a simple, stable tool that is a useful part of the beginning of an investigation.


[CFP] Digital Investigation: Special Issue on Volatile Memory Analysis

Monday, July 18, 2016 Posted by Joshua James , , No comments
Deadline for submissions is 31 August 2016.
Memory analysis is a hot research topic with wide applications on many fronts - from malware detection and analysis, to recovery of encryption keys, to user activity reconstruction. As advanced contemporary malware increasingly reduces its on-disk footprint, and adopts increasingly sophisticated host detection subversion mechanisms, memory analysis is currently mainstreaming as a valuable technique for detection and response.
While memory analysis presents many new opportunities, it also presents new complications and challenges, ranging from reliance on undocumented program internals, to atomicity of acquisition methodologies. As memory analysis becomes the status quo methodology the use of directed anti-forensics is also becoming prevalent.
This special issue of the Journal of Digital Investigation invites original research papers that report on state-of-the-art and recent advancements in this rapidly expanding area of enquiry, with a particular emphasis on novel techniques and practical applications for the forensic and incident response community.
Topics of interest include but are not limited to:
  • Malware detection in memory
  • Live memory analysis
  • Live system introspection
  • Memory acquisition
  • Memory analysis of large systems
  • Userspace and application specific memory analysis
  • Cryptographic analysis, key recovery
  • Execution history analysis
  • Data fusion between memory/disk/network


[CFP] CLOUDFOR extended submission deadline

Saturday, July 16, 2016 Posted by Joshua James , , No comments
CLOUDFOR 2016: Workshop on Cloud Forensics
In conjunction with the 9th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), Tongji University, Shanghai, China.
6-9 December 2016

Scope and Purpose
As a consequence of the sharp growth in the Cloud Computing market share, we can expect an increasing trend in illegal activities involving clouds, and the reliance on data stored in the clouds for legal proceedings. This reality poses many challenges related to digital forensic investigations, incident response and eDiscovery, calling for a rethink in traditional practices, methods and tools which have to be adapted to this new context. 
This workshop aims to bring researchers and practitioners together as a multi-disciplinary forum for discussion and dissemination of ideas towards advancing the field of Cloud Forensics. 

Topics of interest comprise, but are not limited to:
* Digital evidence search and seizure in the cloud
* Forensics soundness and the cloud
* Cybercrime investigation in the cloud 
* Incident handling in the cloud
* eDiscovery in the cloud
* Investigative methodologies for the cloud
* Forensics readiness in the cloud
* Challenges of cloud forensics
* Legal aspect of cloud investigations
* Tools and practices in cloud forensics
* Case studies related to cloud forensics
* Forensics-as-a-Service
* Criminal profiling and reconstruction in the cloud
* Data provenance in the cloud
* Law enforcement and the cloud
* Big data implications of cloud forensics
* Economics of cloud forensics
* Current and future trends in cloud forensics
* Grid forensics 

Important dates
* Paper submission: 15 August 2016 (extended deadline)
* Notification of acceptance: 05 September 2016 
* Camera-ready submission:  21 September 2016

Workshop chairs
Virginia N. L. Franqueira
University of Derby, UK

Kim-Kwang Raymond Choo
University of South Australia, AU

Tim Storer 
University of Glasgow, UK

Andrew Jones
University of Hertfordshire, UK 

Raul H. C. Lopes
Brunel University (GriPP & CMS/CERN), UK

Program Committee
George Grispos, The Irish Software Research Centre (LERO), IE
Andrew Marrington, Zayed University, AE
Kiran-Kumar Muniswamy-Reddy, Amazon Web Services, US
Joshua I. James, Hallym University, KR
Geetha Geethakumari, BITS Pilani, IN
Shams Zawoad, Visa Inc., US
Olga Angelopoulou, University of Hertfordshire, UK
Vrizlynn Thing, Institute for Infocomm Research, SG
Theodoros Spyridopoulos, University of the West of England, UK
Vassil Roussev, University of New Orleans, US
Yijun Yu, Open University, UK
Ibrahim Baggili, University of New Haven, US
Martin Schmiedecker, SBA Research, AT
Ben Martini, University of South Australia, AU
Hein S. Venter, University of Pretoria, ZA
Ruy de Queiroz, Federal University of Pernambuco, BR
Martin Herman, National Institute of Standards and Technology, US 
Mark Scanlon, University College Dublin, IE

Authors are invited to submit original, unpublished work which will be reviewed by three committee members. Submission should be blind, i.e., with no stated authors, or self-references. Papers should comply with the IEEE format, and have a maximum of 6 pages; guidelines are available at:
All accepted papers will be published in the IEEE conference proceedings – provided they are presented at the workshop.
Submission will be handled through EasyChair:


Facebook Capture the Flag Platform Now Available

Friday, May 13, 2016 Posted by Joshua James , , No comments
Facebook's hacking education platform and capture the flag is now available. See their release post here. Their goal is to educate about different types of web attacks by giving access to CTF infrastructure and letting more groups run hacking competitions. From their github repository:

  • Organize a competition. This can be with as few as two participants, all the way up to several hundred. The participants can be physically present, active online, or a combination of the two.
  • Follow setup instructions below to spin up platform infrastructure.
  • Enter challenges into admin page
  • Have participants register as teams
    • If running a closed competition:
      • In the admin page, generate and export tokens to be shared with approved teams, then point participants towards the registration page
    • If running an open competition:
      • Point participants towards the registration page
  • Enjoy!
I'm playing with it now, but it looks like it will be an amazing resource for students.