Agenda, 20. June 2017
View Previous Conferences
| Description | |
|---|---|
| Keynote 09:10 - 09:55 (Belvoir Saal) |
artificial intelligence, my implausible reality (or how I learnt to love my robot overload) Speaker: Gregory P. Bufithis, founder and CEO of GB MEDIA Session description >> click for more details << |
| 09:55 - 10:15 (Belvoir Saal) |
When Molehills become Mountains Speaker: Cyrill Brunschwiler, Managing Director, Compass Security Schweiz AG Session description A story on how a trivial bug in a DSL router turned into a vendor’s nightmare. The nightmare penultimately resulting in negative press coverage, involving the Swiss MELANI/GovCERT, and finally attracting the US Federal Trade Commision (FTC) to investigate into the case. The talk is not only about how the vulnerability was disclosed and handled, but provides details on the serious discoveries that came with it and some take aways - for all bug hunters, incident handlers and vendors. |
| 10:45 - 11:30 |
Forensics in a mobile world Speaker: Daniel Jones, Solutions Consultant, Nuix Session description Mobile devices are important evidence sources in most criminal investigations. Current mobile forensic tools only allow analysis and investigation of mobile devices in isolation of the rest of the digital evidence. This makes it hard to draw links between evidence sources, and results in individual investigations per device type, rather than a holistic view of the case. Learn how to: - Combine traditional computer forensics, mobile forensics and cloud forensics. - Use advanced analytical techniques to find critical evidence. - Collaborate with other investigators to reduce backlogs |
| 10:45 - 11:30 |
Deep Diving for Forensic Gold – Applications and Deleted Data Speaker: Tanya Pankova, Marketing Manager, Oxygen Forensics Session description Several years ago, forensic software manufacturers prided themselves on the amount of device profiles they supported. Nowadays what really matters is the amount of supported applications. Beyond all doubt, all the vital evidence is stored in apps: contacts, group and private chats, plans, geo coordinates, cache and much more. But it is not enough to parse apps databases: in many cases you need to decrypt and retrieve securely stored data in apps, like Whatsapp, Snapchat, Telegram,Threema, etc. Moreover, the situation with apps is constantly changing: popular apps are updated almost every week and forensic software manufacturers have to catch up with it adding support for newer versions. A variety of supported applications also matters: criminals prefer to choose unknown apps to communicate which is why support for popular apps is not enough. |
| 10:45 - 11:30 |
Houston, we have a problem Speaker: Spencer Lynch, Managing Director, Stroz Friedberg Session description “I think we have a problem… I just received a call from the regulator,” is one of legal counsel’s and risk managements' most-feared phrases. If confronted with this situation, you will want to keep the company reputation and profits intact, but in the heat of a crisis, can you also keep it out of the media and the regulator on your side? As new information emerges, and facts rapidly evolve, how do you make the right decisions at -- and in -- the right time? This talk will analyse what it takes to tackle high pressure and dynamic work crises and the vital first steps needed start an investigation. It will also cover potential strategies and tactics to an investigation, when to use them, available tools, and likely timeframes. Perhaps most important, this presentation will help you keep an investigation on track, costs under control, and achieve best results in reasonable timeframes. |
| 10:45 - 11:30 |
GDPR makes data governance controls a matter of millions Speaker: Simon Viney, Vice President, Stroz Friedberg / Alex Carte, Managing Director, Stroz Friedberg Session description While the current EU Data Protection Directive has required organisations processing personal data in the EU to consider data privacy issues, the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, goes much further. Two of the most talked about changes are the requirement for mandatory data breach notifications (within 72 hours of discovery) and the substantial financial penalties (up to €20m or 4% of an organisation’s global annual turnover), which can apply for breaches of the GDPR principles. This talk will look at the key data governance controls that organisations should be considering ahead of the regulations coming into force, including data collection and retention, data transfers and security. It will highlight the importance of understanding what data you have, where it is stored and how it is managed, so that you can maintain compliance with regulations, such as GDPR but also derive wider business benefits by more effective and efficient use of data within your systems. |
| 13:00 - 13:45 |
Analyzing Systems Hardware for Forensic Software Optimization Speaker: Jim Borecki, Business Development, Digital Intelligence Session description Based on thorough testing on a range of processors, RAM quantities, and storage media (mechanical and solid state drives, PCI/NVME media, and RAID options) in a forensic system, we will discuss the testing methodology and various hardware configurations that will have the most impact on the performance of the forensic software. Digital Intelligence is currently focusing on EnCase (testing complete), FTK (testing ongoing), and NUIX software (future) as the basis of this systematic testing. |
| 13:00 - 13:45 |
The New Age of Mobile Forensics: Cloud Data Acquisition Speaker: Olga Koksharova, Marketing Director, Elcomsoft Session description Physical and local data acquisitions are still important, however mobile forensic is not all about mobile hardware. You may do perfectly well without even laying your hands on the actual smartphone. Backups, clouds and synced bits and pieces are often much more important than the content of the device. Over-The-Air acquisition helps dealing with locked and encrypted devices and may succeed where all other methods fail. We’ll learn how to obtain and analyse data stored in popular cloud services. |
| 13:00 - 13:45 |
Lessons from the Red Team Trenches Speaker: Justin Clarke-Salt, Managing Director, Gotham Digital Science Session description Designed to simulate a concerted breach by a group of professional hackers - with all the myriad human factors that can come into play - Red Team security testing is fast becoming a key tool in assessing an organisation’s security posture and ability to detect and respond to an attack. With organisations across all sectors under increasing pressure to demonstrate that they can respond adequately to a breach, and many facing regulatory obligations to do so, this session takes a deep dive into the GDS Red Team, discussing real scenarios from our last year of testing. We'll introduce what Red Team testing is and why you may want to consider doing it. Discussing some of the effective defences we have encountered, we'll share examples from what we've seen in the field and shed light on some of our attack strategies. |
| 13:00 - 13:45 |
Evolving Data, Revolutionary Approaches Speaker: Nick Rich, Vice President, Stroz Friedberg Session description The volume of data an employee now generates in a day’s work is enormous, so try visualising the mountains of data at issue in corporate, litigation and regulatory investigations that span months or year. A decade ago, most office workers used desktop computers to generate modest amounts of email and documents. Today, we have desktops, laptops, tablets and mobile devices, which generate emails, text messages, social media postings, audio and video recordings, and other potentially key sources of vital data. Data volumes have mushroomed [or skyrocketed or exploded] … common data types have multiplied, and organisational data traffic flows has accelerated – but investigative budgets and timescales haven’t nearly kept pace. With the clock ticking against you, can traditional methods of interrogating data still stand the test of time? This session will highlight how innovative technology solutions can help outside counsel, to add value to their client pitches and how in-house lawyers and risk managers tackle today’s myriad of complex digital challenges. It's time to trust experts to speed-up investigations and bring down costs, using a range of tools to find the proverbial ‘needle in a haystack,’ without blowing your entire annual budget. |
| 14:00 - 14:45 |
FS Events Speaker: Tim Thorne, Forensic Analyst & Instructor, BlackBag Technologies Session description The OSx file system ‘flight recorder’. We will take a detailed look at the potential goldmine of evidence that is recorded by OSx 10.7 and later on any volume to which it can write. |
| 14:00 - 14:45 |
Analytics (how to analyze big data with Cellebrite UFED Analytics solutions) Speaker: Alexander Schuetterle, Business Development, Cellebrite Session description To work cases faster, SIO's and their teams need direct access to all digital forensic evidence. The Cellebrite UFED Analytics Platform automates digital data analysis and case management tasks. A virtual partner, it automatically merges multiple disparate data sources, even historical case extractions, to help SIO's and their teams document all forensics artifacts. Advanced user and case-level permission management controls ensure authorized stakeholders can view data independently or collaboratively as needed throughout the investigative process. |
| 14:00 - 14:45 |
Penetration Testing: Hybrid Security Assessments Speaker: Andrew Hainault, Managing Consultant, Gotham Digital Science Session description "Should I opt for an Application Penetration Test or a Code Review?" In the real world everyone faces time and cost constraints, and will want to find the most cost effective way to gain security assurance for their systems. Whether you are coming from a boardroom, technical or compliance background, the question is always "how can we get a high level of security assurance and also be cost effective?" This talk will discuss a process of security testing that the GDS team refers to as 'Hybrid Security Assessments'. We will go through some real-life examples of security issues identified during earlier assessments, which would likely have been missed in the usual black-box penetration testing engagement. There will also be an opportunity to explore some of the tools and techniques we have developed, which enable us to provide clients with maximum coverage within limited timescales. |
| 14:00 - 14:45 |
How To Build A Better eDiscovery Program: Measure Twice, Discover Once Speaker: Stephen Whetstone, Executive Managing Director & Mark Brannigan, Vice President, Stroz Friedberg Session description The volume of data an employee now generates in a day’s work is enormous, so try visualising the mountains of data at issue in corporate, litigation and regulatory investigations that span months or year. A decade ago, most office workers used desktop computers to generate modest amounts of email and documents. Today, we have desktops, laptops, tablets and mobile devices, which generate emails, text messages, social media postings, audio and video recordings, and other potentially key sources of vital data. Data volumes have mushroomed [or skyrocketed or exploded] … common data types have multiplied, and organisational data traffic flows has accelerated – but investigative budgets and timescales haven’t nearly kept pace. With the clock ticking against you, can traditional methods of interrogating data still stand the test of time? This session will highlight how innovative technology solutions can help outside counsel, to add value to their client pitches and how in-house lawyers and risk managers tackle today’s myriad of complex digital challenges. It's time to trust experts to speed-up investigations and bring down costs, using a range of tools to find the proverbial ‘needle in a haystack,’ without blowing your entire annual budget. |
| 15:00 - 15:45 |
Efficient Decryption with Passware Speaker: Dmitry Sumin, President, Passware Session description Decryption of electronic evidence is a common problem for many computer examiners. New challenges of getting access to encrypted evidence will be covered - from now-standard full disk encryption for Windows and macOS to new TrueCrypt successors. This session covers new ways of getting the data decrypted – data acquisition from locked computers, encryption triage, leveraging live memory analysis, distributed network attacks and hardware acceleration, using data acquired to improve decryption success rates. |
| 15:00 - 15:45 |
Taking mobile forensics to the next level Speaker: Gerhard Gunst, Area Sales Manager DACH, MSAB Session description XAMN Spotlight 2.0 is the next level of mobile forensics. It is a powerful and intuitive tool that helps you find and analyze data faster, easier, with greater precision. You need a lot of investigative power to search through millions of artifacts. XAMN Spotlight has that, as it simply lets you get through massive amounts of data faster. Find out for yourself just how fast, powerful and easy to use XAMN Spotlight 2.0 is, discover how flexible and scalable XAMN can be to match your individual and organizational needs with an unprecedented performance-vs-investment-ratio. |
| 15:00 - 15:45 |
Forensic Artifacts in Windows 10 Speaker: Roman Locher. CTO, Arina AG Session description Let’s face it: To keep up to date with all the changes in forensic artifacts, is a really hard, if not impossible, task for many investigators and forensic experts. To help you out on this challenge on the Windows operating system part, we provide this workshop that will focus on the forensically interesting areas in the Windows 10 operating system. You will learn about newly gained forensic artifacts, but also about the ones we might have lost compared to Windows 7/8. Among other topics we will talk about the new Microsoft Edge browser, the Recycle Bin, Prefetch Files, Thumbnails, and many more. |
| 16:00 - 16:45 |
Bringing smartphone and computer forensics together for the greater good Speaker: Martin Barrow, Sales Engineer EMEA, Magnet Forensics Session description We need to bring together the examination of computers, smartphones and other media devices that are involved in a case. Traditionally, smartphones and computers are analyzed separately with different tools, by different people, sometimes in different labs! This lack of integration could mean that data that is correlated is overlooked. Forensics experts will discuss the need for holistic forensic tools and seamless integration with existing solutions. See how using integrated and complete tools can show the big picture more completely and help drive accurate and trustworthy finding. |
| 16:00 - 16:45 |
eMMC Chip Off – Benefits and Risks Workshop (AUTHORITIES ONLY!) Speaker: Martin Westman, Product Specialist, MSAB Session description This workshop delves into a study of eMMC memory chips on digital devices, which revealed widespread repurposing of used eMMC chips. The standardization of eMMC memory makes it straightforward to reuse them in a different device. As a result, new digital devices can contain data from the previous owner of a reused eMMC chip. This prior data can be extracted using chip off techniques and the lack of data sanitization presents significant risks. Recycling eMMC saves production costs for manufacturers and is positive for the environment, but must be performed responsibly to protect privacy. In the meantime, digital forensic examiners must deal with the reality of new devices potentially containing data from a prior life of the eMMC memory chips. This workshop addresses these issues, and discusses strategies for addressing the risk. The process and equipment of performing eMMC chip off is demonstrated, and the results are presented and analysed. Forensic examiners need to be aware of these issues and take it into account when dealing with devices that contain reused eMMC chips. This workshop also raises awareness of potential digital privacy risks associated with reused eMMC chips. |
Back to top Conference Archives Digital Investigations Conference 2016 Digital Investigations Conference 2015 Digital Investigations Conference 2014 Digital Investigations Conference 2013