Call For Papers


Visitor Information


2nd International Workshop on

Systematic Approaches to Digital Forensic Engineering

April 10-12, 2007

Bell Harbor International Conference Center
Seattle, Washington, USA

Argosy Cruises Banquet



Call for Paper

The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to cyber crime investigation, by furthering the advancement of digital forensic engineering as a disciplined practice.  Unlike ad-hoc computer forensics, digital forensic engineering is characterized by the application of scientific and mathematical principles to the investigation and establishment of facts or evidence, either for use within a court of law or to aid understanding of cyber crimes or cyber-enabled crimes.  Advancing digital forensics engineering requires the expertise of technologists, analysts, and legal experts to produce sound computer systems and sound forensic practices which will meet the needs of courtroom presentation as well as minimizing negative effects on the cyber-system original purpose.

This workshop brings together top digital forensic researchers, advanced tool/product builders, and expert law enforcement representatives from around the world for information exchange and R&D collaboration.

Workshop Topics

There are many challenges involved in establishing a true engineering discipline in digital forensics, including scale, scope and presentation or reintegration of primarily technical information and conclusions into a non technical societal framework.

Digital information useful in understanding cyber-crimes and cyber-enabled crimes involves the gamut of possible scales in time, volume, and location: it may be available for only nanoseconds, or over the course of several years; it may involve only a single bit that has been modified, or huge volumes of data; it may be found within the smallest components of a system, or spread globally throughout a variety of infrastructures. Correlating large amounts of digital information, establishing their relevance in the context of crime scenario construction, as well as presenting the complete picture in a court of law, are all hard challenges.

The complexity and scope of cyber crimes and cyber-enabled crimes is increasing, and the objectives of the cyber-criminal are broad. While the cyber equivalent of breaking and entering may be the public perception of cyber criminal activity, more subtle and better organized crimes such as click-fraud, DDoS based extortion; illegal intercept and identity theft are all far more damaging than a typical web site defacement or compromise. These cyber crimes originate from multiple hosts involving multiple countries and may combine multiple crimes against multiple targets in a single act.

Digital forensic evidence has a human side: legal and technical teams must work together, and the result of their efforts normally will be presented to non-specialists who render a decision within the societal framework of a court of law. Regulatory and societal issues, from corporate to local through national to international, often drive the forensic process and the use of forensic results as much as technological issues.

Early forays into use of digital forensic evidence tended to be based on tool application and evidence gathering, with little foresight or consideration of sound engineering and legal principles. These approaches do not scale, are burdensome societally and technologically, and are often ineffective. To advance the state of the art, SADFE 2007 solicits broad-based, innovative digital forensic engineering technology, practical experience & process related submissions in the following four areas:

Digital Evidence Management: advanced digital evidence discovery, collection, and storage
  • Identification and collection of digital evidence
  • Post-collection handling of evidence
  • Evidence preservation and storage
  • Forensic-enabled architectures and processes
  • Managing geographically, politically and/or jurisdictionally dispersed data
Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on both technical and legal grounds
  • Legal and technical aspects of admissibility and evidence tests
  • Examination environments for digital data
  • Courtroom expert witness and case presentation
  • Case studies illustrating privacy, legal and legislative issues
  • Forensic tool validation: legal implications and issues
Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
  • Advanced search, analysis, and presentation of digital evidence
  • Progressive cyber crime scenario analysis and reconstruction technology
  • Legal case construction & digital evidence support
  • Cyber-crime strategy analysis & modeling
  • Combining digital and non-digital evidence
  • Supporting qualitative or statistical evidence
Forensic-support technologies: forensic-enabled and proactive monitoring/response
  • Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA)
  • Innovative forensic engineering tools and applications
  • Forensic-enabled support for incident response
  • Forensic tool validation: methodologies and principles
  • Legal and technical collaboration
  • Digital Forensics Surveillance Technology and Procedures

Instructions for Paper and Panel Submissions

The SADFE 2007 Program Committee invites four types of submissions:

  • Full papers

  • Full papers present mature research results. Papers accepted for presentation at the Workshop will be included in the SADFE 2007 proceedings, which we anticipate will be published by IEEE Press. Full papers should be 8-12 pages when formatted according to IEEE guidelines.  Papers must include an abstract and a list of keywords, and clearly indicate the corresponding author.

  • "SADFE Challenge" papers

  • Shorter papers posing fundamental challenges that have not yet been tackled or resolved by the digital forensics community. These papers should emphasize the nature of the problem they present, especially why the problem is important and difficult, in such a way that it will engender community discussion.  A selection of these papers will be presented at SADFE in an informal round-table forum by a single paper representative. Challenge papers should be one page long. Challenge papers will be included as an appendix in the SADFE 2007 proceedings. Authors may participate in only one Challenge paper (in the case of multiple submissions, later submissions will be deleted).

  • Panel proposals

  • Emphasizing an integrated approach to particular themes in digital forensics. The panel proposals should emphasize the rationale behind the panel, and list likely panel participants (plus bios). Panels should allow time for general discussion and questions/answers between the panelists and the audience, and fit within a 90 minute time slot. Panel topics likely to lead to lively discussion are preferred.

  • Posters

  • Describing work in progress and/or specific tools available without charge to the research community (ie, no vendor posters should be submitted). Submissions must consist of a one-page abstract.  Posters will not be included in the proceedings. Authors of selected posters will have an opportunity to briefly introduce their work during the meeting.

    Double Submissions and Uniqueness:

    SADFE is intended to support discussion and publication of novel results. To meet this goal, submissions must not substantially duplicate work that any of the authors has published elsewhere. Work submitted in parallel to any other conference or workshop with proceedings is explicitly excluded from participation. If the work has been submitted elsewhere in a venue that does not include proceedings, the extent of the replication and the nature of the other venue should be clearly indicated in a cover letter submitted along with the paper. Finally, plagiarism has no place in the scholarly community and the program committee reserves the right to notify employers and/or others of any confirmed cases of plagiarism.

    For accepted Full Papers, Posters, and for the SADFE Challenge papers, it is required that at least one of the authors attends the conference to present the paper. The presenting author must be registered by the date of the camera-ready submission. The deadline for Challenge and Full papers is the same.

    All submissions (papers & panel  proposals) must be submitted electronically, following the instructions to be provided on the website. Papers must list all authors and their affiliations; in case of multiple authors, the contact author must be indicated (SADFE does not support anonymous submissions).

    Tutorial - (High Tech Case Management Life Cycle)

    The SADFE workshop will be preceded by a one-day tutorial session. Tutorial registration is separated from workshop registration, and will be limited to 30 participants.

    The tutorial will focus on the real-life processes of today's digital forensic investigations. Participants will have the opportunity to perform multiple case material analysis, compare findings, and then perform additional analysis to further the investigation process. When completed, participants will format and discuss the findings with their team attorneys for case construction, presentation & critiques. Along with the hands-on exercises, there will also be intermittent lectures from experienced computing forensics investigators and real-life lawyers/attorneys to discuss the issues, concerns, and solutions for presenting and testifying digital evidences in civil and criminal trials. To conclude the tutorial, teams will have the opportunity to present their case - with examination and cross-examination from attorneys.

    Course requirements:
    • Laptop computer running Windows 2000 or newer O/S
    • Tutorial application, with CV/Resumé describing skill sets/level and tool knowledge
    • Participants are encouraged to bring their own computer forensics analysis tools for the exercises. If not, a demo analysis tool will be provided.
     Class configuration:
    • Participants will be grouped into small teams consist of mixed skill levels and digital forensic expertise (e.g. practitioner, researcher, law professional/enforcement, tool vendor) to reflect the real-life teaming.
    • Each team will be given a specific case material with guidance on what analysis to perform.
    • Each team will also have an assigned coach to assist in the forensics analysis tools usage.
    Tutorial outline:
    1. Data collection
      1. Evidence seizure and controls
      2. Disk acquisition
      3. PDA acquisition
      4. Cell phone acquisition
    2. Data analysis
      1. How to proceed with an analysis
      2. Hands-on analysis of assigned case scenarios
      3. Compiling data findings
      4. Hands-on report generating of findings of recovered evidence
    3. Cross link analysis
      1. Cataloging data using office applications
      2. Hands-on loading findings into office application product
      3. Hands-on of comparative analysis of findings
    4. Legal analysis & case construction
      1. Present findings
      2. Hands-on organizing findings & case construction for legal presentation
      3. Identifying needed elements to justify prosecution
      4. Peer review of other examiner work
      5. Hands-on peer review of other case scenarios
    5. Case Presentation
      1. Hands-on building presentation material of court display
    6. Cross-examination & Critique
      1. Hands-on presentation of findings followed by legal critique
      2. Hands-on examination and cross-examination by lawyers

    Workshop Format

    The SADFE workshop will consist of invited talks, paper presentations and panel discussions. All presentations, talks and panel discussions will be made in English. Each presentation is limited to 20 minutes plus ten minutes for Q&A, with panels 60-90 minutes.


    In order for a paper to appear in the published proceedings, the authors must present his/her own paper. Accepted papers will be published by IEEE Computer Society. Instructions for authors are available at IEEE Computer Society Conference Publishing Services. (Book Trim Size: 6" x 9" ).

    Organizing Committee

    General Chair: Ming-Yuh Huang The Boeing Company
    Program Chair: Deborah Frincke Pacific Northwest National Lab
    Publication Co-Chair: Rob Erbacherr Utah State University
    Publication Co-Chair: J D Fluckiger Pacific Northwest National Lab
    Tutorial Chair: Bill Nelson The Boeing Company
    Publicity Chair: Alec Yasinsac Florida State University
    Submission Chair: Yong Guan Iowa State University
    Sponsorship Chair: Barbara Endicott-Popovsky University of Washington
    Website Host:
    Chi Sung Laih National Cheng Kung University

    Program Committee

    Sudhir Aggarwal
    (Florida State University, USA) 
    Phil Attfield (Idelix, Canada)
    Kirk Bailey
    (University of Washington, USA)
    Matt Bishop (University of California, Davis, USA)
    Brian Carrier (Basis Technologies, USA)
    Patrick S. Chen (Tatung University, Taiwan)
    K. P. Chow (University of Hong Kong, Hong Kong)
    Andrew Clark (Queensland University of Technology, Australia)
    Dave Dampier (Mississippi State University, USA)
    Rob Erbacher (Utah State University, USA)
    J D Fluckiger (Pacific Northwest National Lab, USA)
    Dario Forte (University of Milano at Crema and DFLabs, Italy)
    Yong Guan
    (Iowa State University, USA)
    Paolo Gubian
    (Universita' Degli Studi di Brescia, Italy)
    Bernard Jouga
    (Supélec, France)
    Chi Sung Laih
    (Taiwan Information Security Center at National Cheng Kung University, Taiwan)
    Jung-Shian Li (National Cheng Kung University, Taiwan)
    Michael Losavio (University of Louisville, USA)
    George Mohay (Queensland University of Technology, Australia)
    Bill Nelson (The Boeing Company, USA)
    David Nicol
    (University of Illinois, Urbana/Champaign, USA)
    Mark Pollitt (University of Central Florida, USA)
    Mark Rogers
    (Purdue University, USA)
    Antonio Savoldi (Universita' Degli Studi di Brescia, Italy)
    Steven Schroeder (Seattle University, USA)
    Mike Simon
    (Creation Logic, USA)
    Tzong-Chen Wu (National Taiwan University of Science and Technology, Taiwan)
    Alec Yasinsac (Florida State University, USA)

    Important dates

    We are making a final extension of the SADFE full paper submission deadline to Dec 15. Submissions for Panel Proposals, one page Challenge Papers, and Posters are also due at that time.

    Deadline for full papers and "SADFE Challenge" papers: December 15, 2006 (extended again)
    Deadline for panel proposals: December 15, 2006 (extended)
    Notification of acceptance or rejection: December 21, 2006
    Deadline for final paper camera ready copy: January 17, 2007 (updated)
    Deadline for poster session abstracts: February 15, 2007
    SADFE-2007 tutorial date: April 10, 2007
    SADFE-2007 conference dates: April 11-12, 2007

    Corporate Sponsors

    We solicit interested organizations to serve as sponsors for SADFE-2007, particularly in sponsorship of student travel and other expenses for SADFE. Please contact University of Washington Sponsorship Chair,
    Barbara Endicott-Popovsky, for information regarding corporate sponsorship of SADFE-2007.


    Detailed registration information (including fees, suggested hotels, and travel directions) will be provided at the SADFE-2007 web site.

    For further information, please contact the Program Chair (Deborah Frincke) or the General Chair (Ming-Yuh Huang).