Agenda 2013



Exhibiton Hall Auditorium Mascot workshop 1 Trophy workshop 2
8:30 - 9:00 Welcome coffee
9:00 - 9:10 Welcome & introduction
9:10 - 10:10 Advanced Persistent Threats: a Challenge to Forensic Investigations
10:10 - 10:30 Break
10:30 - 11:30 Verizon - Data Breach Investigations Report
11:30 - 13:00 Lunch
13:00 - 13:45 Accelerating investigations using Advanced eDiscovery techniques Optimization of the new Encase v7 Evidence Processor and Workflow Crime Scene Smartphone / Spionage becomes mobile
14:00 - 14:45 Threat Landscape Performance and Collaboration - Building a more efficient investigation workflow DOs and Don'Ts for successful logging on the network
15:00 - 15:45 Taking Control of your Network Incident Response, Old Techniques for New Issues plus news: EnCase Analytics Next Generation Threat Protection with Live Demo
16:00 - 16:45 Adding temporal component to memory forensics Intelligent Investigation Techniques for the Age of Big Data Challenges in Mobile Phone Forensics
16:45 - 17:15 Goodbye
and happy hour
Description
Keynote 1
(Auditorium)
Advanced Persistent Threats: a Challenge to Forensic Investigations
Compass Security AG - Stephan Rickauer, IT Security Analyst

Session description
APT (Advanced Persistent Threats) became a real-world scenario not just since Stuxnet hit the news. Exfiltration of sensitive information is a major concern of today's business, authorities and the military. Standard Forensic investigation procedures often tend to fail on targeted attacks in complex networks and IT infrastructures. Compass Security will shed some light on real-life investigation examples, their difficulties and recommended approaches.
Keynote 2
(Auditorium)
Verizon - Data Breach Investigations Report
Speaker: Rainer Stecken, Head of Security Services

Session description
Verizon’s 2013 Data Breach Investigations Report (DBIR) provides truly global insights into the nature of data breaches that can help organizations of all sizes to better understand the threat and take the necessary steps to protect themselves. The breadth and depth of data represented in this year’s DBIR is unprecedented. It combines the efforts of 19 global organizations: law enforcement agencies, national incident-reporting entities, research institutions, and a number of private security firms — all working to study and combat data breaches. Very few of the breaches that we see each year surprise us. It’s rare that we see something completely new, it’s usually just variations on familiar themes. Well established threats shouldn’t be ignored — many are increasingly prevalent and present an ongoing danger. It’s still traditional assets (laptops, desktops and servers) that are most at risk — not the new web applications that you might be spending your time worrying about. Unapproved hardware (such as handheld card skimmers and personal storage devices) accounts for 41% of the cases of misuse in the report.
Workshop 13:00 - 13:45
(Auditorium)
Nuix - Accelerating investigations using Advanced eDiscovery techniques
Speaker: Paul Slater, Director of Forensic Solutions, Nuix

Session description
Digital forensics and eDiscovery have traditionally been regarded as separate methodologies, but when analysed closely there are a lot of similarities that become apparent. There are many ways in which eDiscovery techniques and software tools can save investigators considerable human time and effort. When investigations involve large amounts of data, conventional investigations methods are often expensive and time-consuming. eDiscovery technologies and methods can be used successfully by investigators to triage, process, analyze, correlate and bring to the surface critical evidence from all available data sets quickly and efficiently, regardless of the geographical location, repository, file type or size.

This session will review conventional investigation methods and discuss how advanced eDiscovery techniques can accelerate digital investigations answering questions such as What’s a near-duplicate and how does it help? and How can word ‘shingles’ increase search relevance?
Workshop 13:00 - 13:45
(Mascot)
Guidance - Optimization of the new Encase v7 Evidence Processor and Workflow
Speaker: Ken Mizota - Guidance Software Product Manager

Session description
The increasing amount of evidence and diversity of artefacts continues to be a problem in digital investigations. The improved functionality of Encase v7 enables the distribution and management of evidence processing, across multiple EnCase Processors, an attractive option for examiners dealing with the backlog of evidence.
Workshop 13:00 - 13:45
(Trophy)
Cellebrite - Crime Scene Smartphone / Spionage becomes mobile
Speaker: Marko Rogge - Chief Forensik & Investigation, Conturn Analytical Intelligence Group

Session description
The daily life of the mobile forensic law enforcement and investigative agencies.

• Recent attacks on smartphones
• Who is attacking and why?
• Bypassing security mechanisms in smartphones
• PIN & Patternlock -> unlocked
• How secure is encryption in practice?
Workshop 14:00 - 14:45
(Auditorium)
FireEye - Threat Landscape
Speaker: Andy Norton, Senior FireEye Security Architect

Session description
Cybercrime, Hacktivism, Spearfishing and APT. FireEye Labs shares the latest findings from modern attacks.
Workshop 14:00 - 14:45
(Mascot)
DELL - DO's and DON’Ts for successful logging on the network
Speaker: Thomas Bürgis, SonicWALL

Session description
• What opportunities and risks arise through modern logging methods?
• Which data has to be collected and analyzed?
• Become more aware about how intelligent sensors in networks and the network borders influence validity of your network picture.
• How do we get a holistic network picture combining modern and common sensors
• How to deal with identity related logging data, anonymization, access rights and legal aspects
Workshop 14:00 - 14:45
(Trophy)
AccessData - Performance and Collaboration - Building a more efficient investigation workflow with technology
Speaker: Zeki Turedi, AccessData

Session description
Backlogs and not enough technical resources have become a huge issue within the digital forensic industry. By implementing the correct technologies and workflows within your environment we can harness the resources already available to you, to combat these issues head-on! Join me in a discussion and demonstration of AccessData Lab, a forensic investigation platform that brings collaboration and faster processing to your digital forensic lab.
Workshop 15:00 - 15:45
(Auditorium)
AccessData - Taking Control of your Network
Speaker: Zeki Turedi, AccessData

Session description
PCI, Malware, Remediation, Data Protection...
A workshop discussing and demonstration on how to take control of your network from daily modern IT security threats, from Malware to PCI compliance
Workshop 15:00 - 15:45
(Mascot)
Guidance - Incident Response, Old Techniques for New Issues plus news: EnCase Analytics
Speaker: Michael Felber, Pre-Sales Manager DACH

Session description
Increase response times using new technologies for rapid collection, assessment and remediation
Workshop 15:00 - 15:45
(Trophy)
FireEye - Next Generation Threat Protection with Live Demo
Speaker: Thomas Cueni, Senior FireEye Consultant

Session description
Learn how FireEye appliances detect and analyse targeted attacks and malware, even if they are unknown and cannot be identified using signatures.
Workshop 16:00 - 16:45
(Mascot)
Nuix - Intelligent Investigation Techniques for the Age of Big Data
Speaker: Carl Barron, Senior Solutions Consultant, Nuix

Session description
This workshop will examine an intelligent, efficient approach to investigating large volumes of data across multiple data sources. You will learn how you can use the latest technologies to:
• Demonstrate how Nuix handles large amounts of data
• Connect and investigate multiple sources of data.
• Investigate vast data sets rapidly to correlate and extract intelligence
• Gain additional intelligence based on previously found items using Near Dupe and Shingling technology
• Streamline investigations through automated workflows and task distribution
• Find items of interest based on predefined Named Entity extraction
• Increase search accuracy by supplementing keywords with contextual phrases
Workshop 16:00 - 16:45
(Auditorium)
Adding temporal component to memory forensics
Speaker: Dr. Endre Bangerter, Professor of Computer Science

Session description
Memory forensics has gained importance recently and is considered to be a key technique for analyzing cyber-incidents (i.e., malware and hacking attacks), and to a lesser extent crime and incidents in the physical world.

In this talk we present some novel techniques in the field of memory forensics and in particular malware analysis. The core idea underlying our techniques is to record memory dumps with a high temporal frequency (e.g., 50 memory dumps / second), yielding a series of memory dumps that reflect system behavior. We will show how these series of dumps give rise to powerful malware analysis techniques, and illustrate them with practical examples. Moreover, we will also discuss our high frequency memory acquisition engine.
Workshop 16:00 - 16:45
(Trophy)
Cellebrite - Challenges in Mobile Phone Forensics
Speaker: Peter Warnke, Sales Director

Session description
This session will cover topics such as Device Complexity, Device Security and Encryption for mobile phone examiners in the coming years.

Devices complexity and security –
Devices will continue to get better in closing vulnerabilities and blocking forensics hacking for passwords bypass or physical extractions, limiting the forensics professionals maneuverability and data richness levels.

Encryption – going forward we can expect to see tighter encryption methods applied to mobile devices resulting with limited access to device data.

Variety – the variety of devices is not expected to drop – meaning more work in understanding how to pull out the data and decode it.

Legal Scrutiny – Legal defense system will get better in understanding and hence scrutinizing digital evidence forcing LE and Prosecutors to tighten their work and make sure all is by the book.

Formalization and standardization – Also related to previous items, effectiveness, budgets cuts and legal scrutiny will all call for standardizations and formalizations of work processes so that things will be measured against something ('The process' or 'The standard')

Back to top