Sponsored by
2015 Program
| Time | Track 1 | Track 2 |
|---|---|---|
| 8:00 am | Registration and Breakfast | |
| 9:00 am | Welcome and Conference Overview | |
| 9:10 am | Autopsy: Wait, there are still more features? speaker: Brian Carrier (slides) |
|
| 9:45 am | Feasting off the Hunt speakers: The Volatility Development Team (slides) |
|
| 10:20 am | Break | |
| 10:35 am | Python Autopsy: A Quick Intro to Scripting Autopsy speaker: Brian Carrier (slides) |
|
| 11:10 am | Autopsy Module Challenge Results | |
| 11:40 am | Lunch – Live Forensics Lunch Recording with David Cowen (video) | |
| 12:40 pm | Collaborative Autopsy: Enterprise Open Source Forensics speaker: Richard Cordovano (slides) |
NTFS Unstuck in Time speakers: Jon Stewart, Zack Weger (slides) |
| 1:15 pm | Break | |
| 1:20 pm | Inferring Past Activity from Partial Digital Artifacts speaker: Jim Jones (slides) |
Turbinia: Cloud-scale forensics speakers: Cory Altheide and Johan Berggren |
| 1:55 pm | Break | |
| 2:00 pm | Rapid Recognition of Blacklisted Files and Fragments on Secondary Storage Media speakers: Michael McCarrin and Bruce Allen (slides) |
FIDO: Automated Security Incident Response speaker: Rob Fry (slides) |
| 2:35 pm | Break | |
| 2:55 pm | Introducing SQUID: A tool to ‘fuzzy match’ SQLite databases; don’t miss evidence because the app updated! speakers: Ryan Benson (slides) |
Live Response Collection Overview speakers: Brian Moran (slides) |
| 3:30 pm | Break | |
| 3:35 pm | Forensic Artifact Correlation via Elastic speakers: Matthew Seyer & David Cowen (slides) |
Short Updates from Previous Speakers |
| 4:10 pm | Break | |
| 4:15 pm | New generation timeline tools: A case study and Plaso Parser Workshop speakers: Daniel White (slides) |
|
| 4:50 pm | Lightning Talks | |
| 5:15 pm | Networking Cocktail Reception | |