Agenda, 21. June 2016
View Previous Conferences
| Description | |
|---|---|
| Keynote 9:10 - 10:00 (Belvoir Saal) |
Cyber-Malware: Anatomy, Technical feasibility and borders Speaker: Prof. Dr. Bernhard M. Hämmerli, Head of Cyber Security, SATW [read more...] Session description Before Snowden many security experts were considered as doomsday prophecy makers. Analyzing Snowden’s and similar material we created a landscape to identify technical feasibility of malware and its construction plans. This leads to crystal clear statements on risks associated with cyber. Both general attacks and attacks generated in collaboration between supplier and governments will be presented. Recognizing the poor protection options and capabilities “cyber resilience = protect detect respond” concept includes additional layer of monitoring and preparedness, because protection is insufficient. With collaborative efforts such as information sharing we can improve protection and detection, but interesting new questions will confront us on both the personnel side and the next level attack scenario. |
| 10:00 - 10:15 (Belvoir Saal) |
Case Study: Investigation of the Panama Papers Speaker: Carl Barron - Senior Solutions Consultant, Nuix Session description This case study about the Panama Papers will give you interesting insights into the technology used by Süddeutsche Zeitung to conduct the investigation of 11.5 million documents, totaling 2.6 terabytes of data. |
| 10:45 - 11:30 (Belvoir Saal) |
Advanced Memory Forensics Speaker: Tim Thorne, Forensic Analyst & Instructor, BlackBag Technologies Session description More Than You Ever Wanted To Know About Paging Works in Windows: A Forensics and IR Perspective The Windows paging subsystem is incredibly complex. If only it were so simple as “when there’s memory pressure pages are sent to disk.” We will take a ride through the paging system’s working in depth with an emphasis on the implications for memory analysis for digital forensics and incident response. Takeaways: • Why you need to know more about paging system • An enhanced understanding of the Windows paging in general • How this understanding can benefit memory forensics/incident response • Tools and techniques to support above • Why you never want to write a complex paging system. |
| 10:45 - 11:30 (Charles Darwin) |
Only Protecting against attacks from outside your firewall, think again... Speaker: Rick Hemsley, Vice President, Enterprise Security & Risk Management, Stroz Friedberg Session description Nearly every week, news of cyber attacks dominate the headlines. But there is another growing area of risk that often goes overlooked: insider attacks. Disgruntled employees and malicious internal actors involved in criminality, fraudulent activities, intellectual property theft and data leaks can endanger a company's financial and reputational health. Our presentation will discuss the current insider risk landscape. Learn how your organisation can identify and manage insider risk and the many associated challenges. |
| 13:00 - 13:45 (Belvoir Saal) |
How Magnet Forensics products can be used in your investigative workflo Speaker: Steve Gregory, Manager Forensics Technology EMEA, Magnet Forensics Session description Magnet Forensics automates the discovery of digital forensic evidence, so you can spend less time processing data and more time building cases. The modern digital investigator has to investigate a large quantity of devices ranging from computers to smartphones and tablets. This session will provide an insight into how the latest suite of Magnet Forensic products used in your investigative workflow can reduce that backlog, whether it involves a targeted approach at the scene, or building an integrated and comprehensive view of a person’s digital activities regardless of device type or operating system, back in the lab. |
| 13:00 - 13:45 (Marie Curie) |
Mobile and Cloud Forensics: Challenges in Obtaining, Analyzing and Applying Speaker: Galina Rabotenko, Marketing director, Oxygen Forensics Session description Several years ago, forensic software manufacturers prided themselves on the amount of device profiles they supported. Nowadays what really matters is the amount of supported applications. Beyond all doubt, all the vital evidence is stored in apps: contacts, group and private chats, plans, geo coordinates, cache and much more. But it is not enough to parse apps databases: in many cases you need to decrypt and retrieve securely stored data in apps, like Snapchat, Telegram, etc. Moreover, the situation with apps is constantly changing: popular apps are updated almost every week and forensic software manufacturers have to catch up with it adding support for newer versions. A variety of supported applications also matters: criminals prefer to choose unknown apps to communicate that is why support for popular apps is not enough. |
| 13:00 - 13:45 (Charles Darwin) |
The Importance of Cyber Resilience Speaker: Simon Viney, Director, Cyber Resilience, Stroz Friedberg Session description In this talk we will share our perspectives on the importance of organisations becoming ‘cyber resilient’. We will explore the differences between thinking about cyber security versus cyber resilience and how cyber resilient organisations can manage the seeming inevitability of all organisations suffering a cyber attack at some point. |
| 13:00 - 13:45 (Max Planck) |
Reducing Data Volumes for Review Speaker: Carl Barron, Senior solution Consultant, Nuix Session description Unstructured data, and email in particular, is the biggest component of the discovery process, making up to 80% of all business ESI (electronically stored information). This session will cover the use of machine analysis to analyse and group content to reduce the volume to be reviewed and optimise the effectiveness of review. This includes: • The technology used by Nuix • The benefits of incorporating machine analysis • How to view and export the information • Alternative uses of the technology |
| 14:00 - 14:45 (Belvoir Saal) |
Re-engineering the digital forensic process Speaker: Frank Coggrave, Joint Founder and Director of Sales, Tracks Inspector Session description Traditionally digital forensics has been the preserve of the highly trained specialist. These specialists needed extensive training in sophisticated techniques to squeeze the last drop of evidence out of digital artefacts. In fact, they spend so much time on the detail that it’s a struggle for them to see the evidence required to solve the case. They often don’t have any real connection to the actual investigator or the crime being solved. And that’s not surprising, it’s a hard job with an unremitting workload driven by the importance of digital evidence nowadays and the explosion of that data. So how can we help? Tracks Inspector is a collaborative tool that enables the investigator and specialist to work together. The evidence (mobile phone, hard drive, USB pen etc.) are easily loaded into Tracks Inspector and the investigator can immediately start looking at that data, without waiting on the specialist. The specialist is free to focus, when needed, on the more complex bits like encryption etc. Tracks Inspector enables multiple people to look at multiple evidence devices across multiple cases all at the same time, tag and annotate their findings and produce reports for the courts. Tracks Inspector helps solve the problem of too much forensic data, not enough specialists and not enough time. Re-engineer your forensic process with Tracks Inspector. |
| 14:00 - 14:45 (Marie Curie) |
Windows Event Log analysis – Reloaded! Speaker: Roman Locher, CTO, Arina AG Session description The Windows event Log is a great place to find useful information, stored in a human readable format. In this workshop we focus on two case examples: RDP session tracking and a general workflow of a potential data leakage case. You will learn how to find, acquire, load, analyze and search collected event Logs from a Windows computer. Don't be surprised, if in the future you are spending much more time analyzing event Logs, instead of browsing through abstruse registry keys. |
| 14:00 - 14:45 (Charles Darwin) |
Mock Cyber Attack: Are you Prepared? Speaker: Nico Van der Beken, Managing Director, Stroz Friedberg Session description Cyber incidents continue to hit the headlines, whether from the risk of data being stolen, “ransomware” attacks or payment fraud. In our experience, the degree of incident preparedness can significantly alter the impact of a cyber incident. Cyber incident response can be overwhelming but there are steps you can take to plan for managing the impact of an incident. In this interactive session, we will share our experiences of working with organisations dealing with cyber incidents. Participants will engage in a mock cyber breach exercise that will demonstrate how to ensure you have the proper people, process and technology in place to safeguard your organisation. Cyber experts will analyse the scenario and share insights on best practises in cyber incident response preparedness. |
| 14:00 - 14:45 (Max Planck) |
Tomorrow’s Technology Today – Audio and Chat Speaker: Nick Rich, Vice President, Stroz Friedberg Session description Ten years ago, email, spreadsheets, and slideware were still emerging file types, which often contained the most incriminating matter evidence. Most lawyers then only knew to print, manually review, and produce them in hard copy form whereas, today, they routinely review and analyze those files and their metadata in electronic format vastly reducing costs and improving accuracy. In 2016, companies and their employees routinely use chat and audio recordings (voicemail, call centre recordings, trading desks) to communicate and capture their communications, and, yet, lawyers often revert to using antiquated and costly methods to review those critical file types. There’s a better way. Why wait 10 years to find out? |
| 15:00 - 15:45 (Belvoir Saal) |
Efficient Decryption with Passware Speaker: Dmitry Sumin, CEO, Passware Session description Decryption of electronic evidence is a common problem for many computer examiners. New challenges of getting access to encrypted evidence will be covered - from now-standard full disk encryption for Windows and Mac OS X to new TrueCrypt successors. This session will cover new ways of getting the data decrypted – data acquisition from locked computers, encryption triage, leveraging live memory analysis, distributed network attacks and hardware acceleration. Data acquisitions from both Desktop, Mobile (images and backups) and Cloud platforms will be covered. Extraction of encryption keys, accounts and passwords, cloud authorization tokens from live memory images and hibernation files will be demonstrated. |
| 15:00 - 15:45 (Marie Curie) |
Mobile Data – A Goldmine for Investigators Speaker: Joachim Müller, Sales Engineer - Mobile Forensics, Cellebrite Session description Apps have turned mobile phones into multipurpose devices, storing incredible amounts of user data. With the UFED series, Cellebrite has established a product range that gives investigators the broadest access to user data from mobile devices. Attending this session, you will get an idea of the sophisticated capabilities of the latest generation of UFED Touch/ UFED 4PC and UFED Physical Analyzer. |
| 15:00 - 15:45 (Charles Darwin) |
Analyzing Purpose-built Malware Used for Strategic Targeted Attacks Speaker: Mike Wood, CounterTack Session description CounterTack is the leading provider of real-time, Big Data endpoint detection and response (EDR) technology for the enterprise. CounterTack provides unprecedented visibility and context around operating system and binary behaviors to detect zero-days attacks, rootkits, targeted malware and advanced persistent threats, enabling customers to improve incident response and advanced threat detection across the enterprise. Over 200+ customers leverage CounterTack’s next-generation endpoint security solutions globally, across a rapidly growing ecosystem including resellers, MSSP’s and professional services partners. CounterTack’s Responder PRO solution is the industry's leading physical memory and advanced malware analysis tool used by incident responders and cybersecurity forensics specialists. Responder is powered by Digital DNA (DDNA), a behavior based scoring engine, letting the user look beyond signatures at binary in-memory behaviors and techniques for volatile memory acquisition and analysis on threat data around Windows and Linux systems. |
| 15:00 - 15:45 (Max Planck) |
Bridging the Divide – Navigating Cross Border Data Matter and Management Speaker: Seth Berman, Executive Managing Director, Stroz Friedberg Session description Managing discovery projects across multiple jurisdictions has always been a challenge. The tangle of local data privacy laws, language barriers, government restrictions, cultural considerations, differing office network configurations, and myriad data sources can impact efficiencies and increase costs. The European Court of Justices’ 2015 Schrems’ decision invalidating European Directive 95/46/EC (the so-called “Safe Harbor” provision) have exacerbated these challenges. Now, more than ever, lawyers must find ways to extract, harvest, process, host and redact sensitive client data locally in Europe before transferring to the US or elsewhere. In this session, we will discuss how to work within and around these constraints in practical, yet legally defensible, ways. |
| 16:00 - 16:45 (Belvoir Saal) |
EnCase Forensic - What's New, What's Changed, What's Next Speaker: Rob Batzloff, Product Manager, Guidance Software Session description Please join Guidance Software as we introduce and demonstrate the new features and improvements of EnCase Forensic v8 - Project VIC integration, new workflow Guidelines, and a list of customer-driven enhancements that include new columns, faster hash analysis and filtering, persistent blue checks, bookmark improvements, and more. We will walk attendees through the updated UX and present briefly on what's still to come for both EnCase Forensic and Tableau. |
| 16:00 - 16:45 (Marie Curie) |
Cellebrite and the future of Mobile Forensics Speaker: Joachim Müller, Sales Engineer - Mobile Forensics, Cellebrite Session description Mobile Forensics these days represents a tough environment, with new challenges for examiners and investigators emerging almost every day. More and more encryption and device locks, exploding data volumes and a high velocity of social media usage increasingly cause gaps between the forensics organization needs and actual supply. Cellebrite addresses those needs with new solutions that pave the way for the future. Access to multiple data sources, cross-case and cross-team collaboration, process automation and sophisticated analytics capabilities - those are just some of the ingredients that provide the efficiency which is required for mobile forensic organizations to cope with the ever increasing pace in their daily business. |
| 16:00 - 16:45 (Charles Darwin) |
User and Entity Behavior Analysis – the next level of IT security! Speaker: Andreas Kunz, Channel Manager DACH & EE, Dtex Systems Session description Think Your Organization is Protected Against Insider Threats? Don’t Be So Sure. Enterprises are shocked at what they find when they gain visibility into user behavior. Whether their actions are criminal or negligent, we’ve uncovered a lot of activity that puts the security of their employers at risk. From financial services to manufacturing, and everything in between, we’ve seen it all. In the course of this 45 minute, we expose the threats and blind spots that we’ve uncovered at leading global organizations and dive into: • What is the need and benefit for having a User and Entity Behavior Analysis solution in place and monitoring end user activities • What are the methods used for identifying insider threats and drilling into the security alerts quickly • 100% transparency into user activity on the endpoint to fill gaps within misconfigured security tools • Real-world examples of where sophisticated and mature security programs have failed to detect data theft • Find under-utilised software and hardware assets with Dtex to provide significant cost savings |
| 16:00 - 16:45 (Max Planck) |
Managed Services – Treat The Cause...Not The Symptoms Speaker: Stephen Whetstone, Electronic Discovery & Disclosure Leader, Stroz Friedberg Session description Successful companies abide by a fundamental business principle… “If you can’t measure it, you can’t manage it.” Lawyers and electronic discovery professionals, however, have been slow to adopt this key business principle, relying instead on more reactive and subjective approaches. As regulatory requirements, data volumes and types, and budget pressures mount, proactively and programmatically managing litigation portfolios can provide huge differentiated value. In this session we will discuss how a sophisticated managed services discovery program and real-time reporting levers pre-defined and legally defensible processes and fosters faster identification of responsive and critical information and far more efficient and predictable spending. |
Back to top Conference Archives Digital Investigations Conference 2015 Digital Investigations Conference 2014 Digital Investigations Conference 2013