8:30 - 9:00 | Empfang und Kaffee | |||
---|---|---|---|---|
Raum 1 | Raum 2 | Raum 3 | ||
9:00 - 9:50 | Intelligence sharing in Forensic Investigations Nuix |
Cloud Data Extraction and Analysis Oxygen Forensics |
Re-Engineering the Digital Forensic Process Tracks Inspector |
|
10:00 - 10:50 | Memory Analysis BlackBag Technologies |
Advanced Hardware Solutions for Mobile Forensics Teel Technologies Canada |
Efficient Decryption with Passware Passware |
|
10:50 - 11:20 | Kaffeepause | |||
11:20 - 12:10 | Introduction to AXIOM Teil 1 Magnet Forensics |
Best practices and new features for pictures and video analyses with LACE Bluebear |
Mobilgeräteforensik vom Tatort bis zum Beweisvortrag vor Gericht MSAB |
|
13:00 - 13:50 | Introduction to AXIOM Teil 2 Magnet Forensics |
Neuheiten bei Cellebrite Arina AG |
Best Practices in EnCase Forensic 8 Guidance Software |
|
13:50 | Offizielle Verabschiedung durch BMI und ARINA AG |
Description
Die Zeiten links neben den Beschreibungen gelten nur für den 13. Oktober 2016 |
|
---|---|
10:00 - 11:00 (Raum 1) |
Memory Analysis Speaker: Stuart Hutchinson, Director, International Business Development, BlackBag Technologies Session description This interactive workshop will explore the analysis of physical memory. In this workshop, we will identify the presence of malware within a raw memory dump, processes and libraries which the malware uses, locate the configuration file to establish the instructions for the malware and find additional evidence of its activities. |
10:00 - 11:00 (Raum 2) |
Cloud Data Extraction and Analysis Speaker: Tanya Pankova, Marketing Manager, Oxygen Forensics Session description During the workshop you will learn how to extract user data from all popular cloud services and storages with Oxygen Forensic Detective software for forensic purposes. First you need to acquire credentials and tokens from mobile device (Android, iOS, Windows Phone). Then you can use acquired login information to retrieve additional evidence from cloud: iCloud, Google, Microsoft, E-mail Server, Facebook, Dropbox, etc). After that you can analyze extracted cloud data: see all events in a robust timeline view, visualize geo coordinates on Oxygen Forensic Maps and determine connections between contacts. And finally you can generate a data report for the court |
10:00 - 11:00 (Raum 3) |
Re-Engineering the Digital Forensic Process Speaker: Frank Coggrave, Joint Founder and Director of Sales, Tracks Inspector Session description Traditionally, digital forensics has been the preserve of the highly trained specialist. These specialists needed extensive training in sophisticated techniques to squeeze the last drop of evidence out of digital artefacts. In fact, they spend so much time on the detail that it’s a struggle for them to see the evidence required to solve the case. They often don’t have any real connection to the actual investigator or the crime being solved. And that’s not surprising, it’s a hard job with an unremitting workload driven by the importance of digital evidence nowadays and the explosion of that data. So how can we help? Tracks Inspector is a collaborative tool that enables the investigator and specialist to work together. The evidence (mobile phone, hard drive, USB pen etc.) are easily loaded into Tracks Inspector and the investigator can immediately start looking at that data, without waiting on the specialist. The specialist is free to focus, when needed, on the more complex bits like encryption etc. Tracks Inspector enables multiple people to look at multiple evidence devices across multiple cases all at the same time, tag and annotate their findings and produce reports for the courts. Tracks Inspector helps solve the problem of too much forensic data, not enough specialists and not enough time. Re-engineer your forensic process with Tracks Inspector. |
11:20 - 12:20 (Raum 1) |
Intelligence sharing in Forensic Investigations Speaker: Carl Barron, Senior solution Consultant, Nuix Session description Sometimes it’s hard enough just keeping in mind all the details of the case you’re working on right now. But what if the key to your current case is lying in a file you worked on last year? What if it’s in a matter one of your colleagues or another agency is investigating? This session will discuss the value and practical details of extracting, sharing and cross-referencing intelligence from multiple cases. It will explore the state of intelligence gathering, examine various scenarios and look at obstacles to - and best practices for - effective collaboration. We will also demonstrate some brilliant features introduced by Nuix 7 such as the ability to index data to Elasticsearch. This will allow you to investigate even larger datasets while retaining the power, defensibility and speed of Nuix. Join our session to find out: • Why intelligence is an important part of digital investigations • How to use technology to extract and consolidate vital intelligence that could be the key to your next investigations • How easy it is to miss critical evidence if you don't share intelligence • More about the Nuix Engine with Elasticsearch and graph database |
11:20 - 12:20 (Raum 2) |
Best practices and new features for pictures and video analyses with LACE Speaker: Jeffrey Nash, Product director, Bluebear Session description The presentation will include a brief summary of some of the new Lace features and how to apply those features for best effect and benefit. • GUI Enhancements • Performance Enhancements • Feature Enhancements Handle larger cases in less time with less effort. Allow more investigators to work together on large time sensitive cases. |
11:20 - 12:20 (Raum 3) |
Efficient Decryption with Passware Speaker: Dmitry Sumin, CEO, Passware Session description Decryption of electronic evidence is a common problem for many computer examiners. New challenges of getting access to encrypted evidence will be covered - from now-standard full disk encryption for Windows and Mac OS X to new TrueCrypt successors. This session will cover new ways of getting the data decrypted – data acquisition from locked computers, encryption triage, leveraging live memory analysis, distributed network attacks and hardware acceleration. Data acquisitions from both Desktop, Mobile (images and backups) and Cloud platforms will be covered. Extraction of encryption keys, accounts and passwords, cloud authorization tokens from live memory images and hibernation files will be demonstrated. |
14:00 - 15:00 (Teil 1) 15:10 - 16:10 (Teil 2) (Raum 1) |
Introduction to AXIOM Speaker: Steve Gregory, Manager Forensic Technology, Magnet Forensics Session description One of the biggest hurdles in an investigation is getting to the evidence quickly so you can conduct your analysis. To achieve this you need a platform that automates evidence discovery, and gives you new ways of looking at, verifying, and interacting with the data. Introducing Magnet AXIOM, a complete digital investigation platform with the processing power of IEF. The presentation will show how Magnet AXIOM allows a user to seamlessly acquire, analyze, and share digital evidence from computers, smartphones, and tablets. All in one tool! |
14:00 - 15:00 (Teil 1) 15:10 - 16:10 (Teil 2) (Raum 2) |
Advanced Hardware Solutions for Mobile Forensics Speaker: Bob Elder, CEO-Partner, Teel Technologies Session description In this presentation, Bob Elder will provide an overview of the Teel Tech force continuum of hardware tools to access mobile phones for forensics examinations. The discussion will introduce advanced techniques of acquiring mobile devices including the Bootloader/Flasher Box; JTAG; ISP eMMC; and Chipoff processes. |
14:00 - 15:00 (Raum 3) |
Mobilgeräteforensik vom Tatort bis Beweisvortrag vor Gericht Speaker: Gerhard Gunst, MSAB Area Sales Manager DACH, MSAB Session description Ausgangslage: 1. Mobiltechnologie verändert die Welt. 2. Es gibt bereits mehr Mobilgeräte als Menschen. 3. Mobilgeräte sind schnell zu den meistgenutzten Werkzeugen Krimineller und derer Organisationen geworden. 4. Handys in allen Kategorien von Verbrechen Mobilgeräte hinterlassen Spuren. Mobilgeräte-Forensik ist unabdingbar geworden. 5. “Das Handy ist wahrscheinlich das wichtigste Beweisstück, das Sie heutzutage an einem Tatort finden“ Herausforderungen: 1. Es werden täglich mehr Geräte sichergestellt, dies führt zu Rückstand in der Abarbeitung. 2. Jedes neue Gerät ist einzigartig mit unterschiedlichen Konfigurationen auch auf gemeinsamen OS. 3. Untersuchungszeiten erhöhen sich mit größer werdenden Gerätespeichern. 4. Die Analyse dauert länger als je zuvor aufgrund der Datenmengen. 5. Kommunikation verändert sich: Wichtige Informationen findet man heutzutage in Apps. 6. Es wird immer schwieriger, Zugang zu den Daten zu erhalten. 7. Hochwertige Ausbildung und Unterstützung für Forensiker erforderlich Folgerung: Mobilgeräteforensik als Ecosystem vom Tatort über die Polizeistation, die forensischen Labore und Analysestellen bis zum Beweisvortrag vor Gericht: Vortrag und Diskussion zu folgenden Themen: • Aktuelle Herausforderungen und deren Lösung • MSAB Ecosystem • Aktuelle Softwarelösungen (praktische Demo) • Hardwareplattformen • Schulungsmaßnahmen für Forensiker, Ermittler und Analysten. |
15:10 - 16:10 (Raum 3) |
Best Practices in EnCase Forensic 8 Speaker: Jim Hardy, Product Advisor, Guidance Software Session description Whether you're new on the job, a certified forensic investigator or anywhere in-between, you've probably used EnCase Forensic. So, you asked "what's next for EnCase?" We brought together the best practices and most common investigator requests into the newest release of EnCase Forensic 8. Built with feedback from our forensic community, you will learn new ways as we explore new performance capabilities, new navigation and best practices for everything EnCase Forensic. Plus, we will share what’s next in our roadmap for EnCase Forensic. Bring your questions and suggestions! |
16:20 - 17:20 (Raum 2) |
Obtaining and Analyzing Mobile Data Speaker: Tanya Pankova, Marketing Manager, Oxygen Forensics Session description Several years ago, forensic software manufacturers prided themselves on the amount of device profiles they supported. Nowadays what really matters is the amount of supported applications. Beyond all doubt, all the vital evidence is stored in apps: contacts, group and private chats, geo coordinates, cache and much more. But it is not enough to parse apps databases: in many cases you need to decrypt and retrieve securely stored data in apps, like Snapchat, Telegram, etc. Moreover, you need the software that can fully recover deleted evidence. During the workshop you will learn how to obtain complete evidence set from mobile devices with Oxygen Forensic Detective. |