Oakland, California, U.S.A.



Call For Papers




you will need to enroll your contact information in REG-SITE if you have not used it before



via IEEE Symposium on Privacy and Security




Visitor Information

Previous Workshops



Fifth International Workshop on
Systematic Approaches to Digital Forensic Engineering
In conjunction with the IEEE Security and Privacy Symposium,
The Claremont Resort, Oakland, CA, USA
May 20, 20

Call for Papers

Important dates

Paper submission Due:(Extended)

February 1, 2010

or contact Dr. Endicott-Popovsky at for additional information.


The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice.

Most previous SADFE papers have emphasized cyber crime investigations and digital forensics tools. While these are still key topics of the meeting, we also welcome digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Digital forensic engineering is the application of scientific principles to the collection and analysis of digital artifacts, either for use within the legal system or to aid in understanding past events with the goal of improving computer system security.

Past speakers and attendees of SADFE have included computer and information scientists, social scientists, digital forensic practitioners, IT professionals, law enforcement, lawyers, and judges. The synthesis of science with practice and the law with technology form the foundation of this conference.

Workshop Topics

The field of digital forensics faces many challenges, including scale, scope and presentation of highly technical information in legal venues to nontechnical audiences.

Digital artifacts permeate our lives and are part of every crime and every case of digital discovery. Digital artifacts may be extant for only nanoseconds or for years; they may consist of a single modified bit, or huge volumes of data; they may be found locally or spread globally throughout a complex digital infrastructure on public or private systems.

Today's digital crime scene is an active network with network administrators functioning as first responders, using tools and devices for collecting data that were never designed to meet the admissibility standards of a courtroom.

"Although, many computer crimes [and civil cases] have thus far been plea-bargained, eliminating exposure to challenge in a courtroom, with the increasing cost of computer crimes and the increasing criminal penalties associated with them, more cases will find their way into the courtroom and challenges are inevitable" [Peter Sommer, London School of Economics].

SADFE addresses the gap between today practice and the establishment of digital forensics as a science. To advance the field, SADFE-2010 solicits broad-based, innovative approaches to digital forensic engineering in the following four areas:

Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage

  • Identification, authentication and collection of digital evidence 
  • Post-collection handling of evidence and the preservation of data integrity and admissibility
  • Evidence preservation, archiving and storage
  • Forensic ready and compliance ready architectures and processes, including network processes
  • Managing geographically, politically and/or jurisdictionally dispersed data artifacts
  • Data and web mining systems for identification and authentication of relevant data
  • Botnet forensics

Scientific Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds 

  • Legal and technical aspects of admissibility and evidence tests 
  • Examination environments for digital data 
  • Courtroom expert witness and case presentation 
  • Case studies illustrating privacy, legal and legislative issues 
  • Forensic tool validation: legal implications and issues
  • Legal and privacy implications for digital and computational forensic analysis
  • Handling increasing volumes of digital discovery

Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation

  • Advanced search, analysis, and presentation of digital evidence 
  • Cyber crime scenario analysis and reconstruction technologies 
  • Legal case construction & digital evidence support 
  • Cyber-crime strategy analysis & modeling 
  • Combining digital and non-digital evidence 
  • Supporting qualitative or statistical evidence
  • Computational systems and computational forensic analysis


Forensic-support technologies: forensic-enabled and proactive monitoring/response

  • Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA) 
  • Innovative forensic engineering tools and applications 
  • Proactive forensic-enabled support for incident response
  • Forensic tool validation: methodologies and principles 
  • Legal and technical collaboration 
  • Digital forensics surveillance technology and procedures
  • "Honeypot" and other target systems for data collection and monitoring
  • Quantitative attack impact assessment

Instructions for Paper and Panel Submissions

The SADFE-2010 Program Committee invites three types of submissions:

Full papers

Full papers present mature research results. Papers accepted for presentation at the Workshop will be included in the SADFE-2010 proceedings, which we anticipate will be published by IEEE Press. Full papers should be 8-12 pages when formatted according to IEEE guidelines. Papers must include an abstract and a list of keywords, and clearly indicate the corresponding author.

"Work-in-Progress" short papers

These shorter papers should describe interesting developing work or concepts in the field of digital forensic engineering. These papers should emphasize the nature of the problem they present, potential solution and implications/impacts to the field, in such a way that it will engender community discussion. A selection of these papers will be presented at SADFE-2010 in a Work-in-Progress session. Work-in-Progress papers should be 3-5 pages long. Work-in-Progress papers will be included as an appendix in the SADFE-2010 proceedings. Authors may participate in only one Work-in-Progress paper (in the case of multiple submissions, later submissions will be deleted).


Describing work in progress and/or specific tools available without charge to the research community (ie, no vendor posters should be submitted). Submissions must consist of a one-page abstract. Posters will not be included in the proceedings. Authors of selected posters will have an opportunity to briefly introduce their work during the meeting.

Paper Acceptance

Each paper submission will be reviewed by at least three SADFE-2010 Program Committee members. The selection process will be based on review technical merits. Panel and posters decisions will be made by the Program Chair with recommendations from the Program Committee and Steering Committee.

Double Submissions, Uniqueness & Presentation
SADFE-2010 is intended to support discussion and publication of novel results. To meet this goal, submissions must not substantially duplicate work that any of the authors has published elsewhere. Work submitted in parallel to any other conference or workshop with proceedings is explicitly excluded from participation. If the work has been submitted elsewhere in a venue that does not include proceedings, the extent of the replication and the nature of the other venue should be clearly indicated in a cover letter submitted along with the paper.

For accepted Full Papers, Posters, and for the Work-in-Progress, it is required that at least one of the authors attends the conference to present the paper. The presenting author must be registered by the date of the camera-ready submission. The deadline for Work-in-Progress and Full papers is the same.


All submissions (papers & panel proposals) must be submitted electronically, following the instructions to be provided on the website. Papers must list all authors and their affiliations; in the case of multiple authors, the contact author must be indicated.

Workshop Format

The SADFE workshop will consist of invited talks, paper presentations and panel discussions. All presentations, talks and panel discussions will be made in English. 

SADFE Steering Committee

Deb Frincke, Co-Chair

Pacific Northwest National Lab

Ming-Yuh Huang, Co-Chair

Northwest Security Institute(NWSI)

Chi-Sung Laih 

National Cheng Kung University 

Michael Losavio

University of Louisville

Alec Yasinsac

University of South Alabama


Organizing Committee

General Co-Chair:

Carol Taylor

Robert F. Erbacher

Eastern Washington University

Utah State University

Program Committee Co-Chairs:

Barbara Endicott-Popovsky

University of Washington

Wenke Lee

Georgia Institute of Technology

Submission Chair: Adel Elmaghraby University of Louisville
Website Host: Chi-Sung Laih National Cheng Kung University

Program Committee 



Infidel, Inc.



Basis Corp.



Independent Consultant



University of Michigan



France Telecom R&D



Pacific Northwest National Labs



Naval Postgraduate School



University of Alaska, Fairbanks



University of California, San Diego



National Cheng Kung University



University of Louisville



University of California, San Diego



University of Alaska, Fairbanks



University of California, Davis



University of Central Florida



Technical University of Denmark



Georgetown University



California Institute of Technology

Fred Chris


Former Assistant U.S. Attorney



University of California, Davis



University of New Haven



Tel Aviv University



U Mass Amherst



Iowa State University



University of South Alabama