Agenda, 20. June 2018



View Previous Conferences


08:00 - 09:00 Network breakfast
09:00 - 09:15 Welcome & Introduction
09:15 - 09:55 Darknet - A Look at the Digital Underground
09:55 - 10:15 Attacks and their development in an increasing digitized world
10:15 - 10:45 Break
Forensics Track #1 Forensics Track #2 Hacker's Paradise Future thinking, managing your risks
10:45 - 11:30 New features and decryption best practices
[Passware]
Cellebrite Analytics - Harness the Power of Digital Data
[Cellebrite]
You've been hacked! Behind the scenes of a cybercrime investigation
[Oneconsult]
The Future of Investigative Analytics
[Brainspace]
11:45 - 13:00 Lunch
13:00 - 13:45 Tableau TX1 and EnCase Forensic – the efficient way to conduct digital investigations
[Opentext]
The technology traps of modern vehicles and the associated opportunities for investigation - reports from the field
[BK Österreich]
WannaCry: Disrupting Your Business
[KPMG]
The Evolution of Digital Forensics: Past, Present, and Future
[University Bern]
14:00 - 14:45 Investigating the new Apple File System
[BlackBag]
Drone Forensics – How to deal with the new threat
[Oxygen]
Countering innovative sandbox evasion techniques used by malware
[VMRay]
Digital Transformation: The Era of Cognitive Computing and its Impact on Digital Investigations
[KPMG]
15:00 - 15:45 Cloud Forensics: Where the opportunities are
[Magnet Forensics]
File Carving Workshop
[NUIX]
Leveraging OSINT to Attack an Organization
[KPMG]
Bitcoin Investigation
[Forinco]
16:00 - 16:45 Windows 10 Registry Hot Spots
[Arina AG]
NIMBUS - Revolutionary Case Management, Digital Forensic Automation & Intelligence Solution
[Blackrainbow]
Malware/attack risks and impacts for industrial control systems and Internet of Things (IoT)
[KPMG]
GDPR violation and non-compliance
[KPMG]
16:45 - 17:15 Happy hour sponsored by Oneconsult AG
Description
Keynote
09:15 - 09:55
(Belvoir Saal)
Darknet - A Look at the Digital Underground
Speaker: Marc Ruef, co-founder, scip AG

>> read more <<
09:55 - 10:15
(Belvoir Saal)
Attacks and their development in an increasing digitized world
Speaker: Marc Henauer, Head of the MELANI Operation and Information Centre

>> read more <<
10:45 - 11:30
New features and decryption best practices
Speaker: Toni Pärn, Director of Sales, Passware

Session description
We will present the new version of Passware 2018 and share the latest features we have added to our flagship product. We will provide best methods for decryption of files, memory images and full disk encryption.
10:45 - 11:30
Cellebrite Analytics - Harness the Power of Digital Data
Speaker: Martin Pfeiffer, Sales Engineer, Cellebrite

Session description
To reduce case cycle times, investigators, prosecutors, analysts and examiners need simple, intuitive tools that help them see the big picture of an investigation and find actionable evidence fast. Cellebrite Analytics leverages powerful and unique text and media analytic engines that can filter, categorize and reveal critical evidence from disparate digital data sources.
10:45 - 11:30
You've been hacked! Behind the scenes of a cybercrime investigation
Speaker: Adrian Schoch, Head of Incident Response & IT Forensics, Oneconsult AG

Session description
When your organization is faced with a case of hacking, fraud, extortion, sabotage or a data breach this may become the worst day of your life. Supporting people in this situation is our mission. Get an exciting insight into the job of an incident responder. Stories and anecdotes from the most exciting and curious missions of a professional incident response team. Find out what happened to other companies and prevent it from happening to you.
10:45 - 11:30
The Future of Investigative Analytics
Speaker: Steven Rapp, Director of Sales, Brainspace (A Cyxtera Company)

Session description
With the growth of data facing organizations and timelines, team sizes and budget remaining unchanged we need a new approach, one that accelerates insight and understanding exponentially. Through dynamic visuals, machine learning and both unsupervised and supervised learning the human expert interacts with data to make smarter, faster and more informed decisions. In this session, you will learn how tools like Brainspace 6 can deliver productivity increases and analyst/attorney efficiency, cost reduction and automated workflows to manage your project.
13:00 - 13:45
Tableau TX1 and EnCase Forensic – the efficient way to conduct digital investigations
Speaker: Neguiel Hicks, Senior Solutions Consultant, Opentext

Session description
Tableau TX1 provides a robust portable alternative to forensic workstations when it comes to imaging or cloning of devices. EnCase Forensic, the Gold Standard in Digital Investigations, improves your productivity when conducting forensic investigations with powerful processing, improved performance, simple workflow and an enhanced EnCase indexing engine. This allows you to process and search for your evidence more quickly and intuitively than ever before, bringing efficiency to your investigation
13:00 - 13:45
The technology traps of modern vehicles and the associated opportunities for investigation - reports from the field
Speaker: Armin Rauchbüchl, BK Österreich - IT Beweissicherung / KFZ-Forensik

Session description
Analyzing Cars:
Download information, Stored information, Freeze-frame, Timestamps, Infotainment and telematics (routes, waypoints), Connected phones (SMS, mails, contacts, etc.), Crash data, Serial numbers, stored VIN

Understanding the different ways how to steal a car - HOW it works in real live:
Keyless Go Range Extender, Hacking tools / devices, Immobilizer hacks

Digital VIN Manipulation:
detect manipulated VINs, identify the real VIN / car

Keys:
Key cloning, Information from keys (mileage, timestamps, etc.)

GPS Hack
13:00 - 13:45
WannaCry: Disrupting Your Business
Speaker: Lars Jacobs, Forensic, KPMG Netherlands

Session description
Cyber incidents are occurring every day, and from time to time something highly disruptive like WannaCry drops by. With heavy disruption to IT and business operations, multiple organizations came to a complete stop of their core business processes during the WannaCry incident. In this session we’ll go through a WannaCry incident and look at it from the perspective of multiple stakeholders, including both technical but also from a business perspective.
13:00 - 13:45
The Evolution of Digital Forensics: Past, Present, and Future
Speaker: Prof. D. Bruce Nikkel, Bern University of Applied Sciences, Division of Computer Science

Session description
This talk looks at the history of digital forensics, how it has evolved over the past few decades, and the motivation for various changes in the field. The current digital forensics landscape will be discussed, including currently active areas of research. Some predictions of where digital forensics is heading as a scientific disciple will also be made.
14:00 - 14:45
Investigating the new Apple File System
Speaker: Stuart Hutchinson, VP International Sales, Blackbag

Session description
New Apple Computers are shipping with APFS causing the industry a lot of concern as traditional forensic tools cannot effectively investigate these devices. We will run through the complications APFS brings to an investigation and the BlackBag approach to overcoming these challenges.
14:00 - 14:45
Drone Forensics – How to deal with the new threat
Speaker: Tanya Pankowa, Marketing Manager, Oxygen Forensics

Session description
With so many drones that are flying around the world, the potential for terror, implications to airlines, and other obvious issues that can arise, the LE needs to find out as much as they can about these drones. The data storage could be the on-board internal card, external SD card, a mobile application, the embedded drone's chip and even cloud. All these drone storages and the GPS locations showing valuable route data to the examiner are really needed to be properly investigated.
14:00 - 14:45
Countering innovative sandbox evasion techniques used by malware
Speaker: Carsten Willems, CEO, VMRay

Session description
Sandbox systems for automated detection and analysis of cyber attacks are an essential component of modern security concepts in all larger enterprises, government agencies and similar organisations. Consequently, malware authors are developing increasingly sophisticated methods for evading such systems in order to avoid detection and analysis. This presentation introduces the currently used evasion techniques, explains them with many real-world examples and discusses possible countermeasures that could and should be applied by sandbox vendors and users.
14:00 - 14:45
Digital Transformation: The Era of Cognitive Computing and its Impact on Digital Investigations
Speaker: Prafull Sharma, Partner, Digital Transformation, KPMG Switzerland

Session description
The “digital labor” enabled by cognitive automation will dramatically impact the way work and business is done today. While the market for digital labor is still in its infancy, new risk areas already start to emerge in the digital threat landscape. The custodians in the digital investigations of today are humans, and the investigations are driven by human actions and decisions. As human interaction and thought processes are being simulated, the custodians of tomorrow will be bots and machines, whose actions are driven by software and data. Digital investigators need to start thinking about how to find the “evidence of the future”, while organizations develop a clearer understanding of what digital transformation means for their business.
15:00 - 15:45
Cloud Forensics: Where the opportunities are
Speaker: Marco Klockenkämper, Sales Engineer, Magnet Forensics

Session description
With the onset of countless connected devices, apps and media, the need for storage and access to stored data grows every day. The answer seems to be the cloud. Companies are pouring resources into cloud infrastructures to have access to the storage that a connected world requires. Forensic examiners need to better understand what can be accessed and how to make sense of the volumes of accessible data. Join us for this session, where we'll discuss the most popular types of cloud services and what the implications of those services are on evidence acquisition and examination. We'll look at how apps utilize the cloud and how to make connections between cloud app usage and computer evidence. See how to quickly sort, filter and make sense of cloud application data.
15:00 - 15:45
File Carving Workshop
Speaker: Nick Sharples, Nuix Senior Solutions Consultant, Nuix EMEA

Session description
File carving is a process that recovers the content of deleted files from unallocated clusters. This is an important process to undertake for many investigations as the remains of deleted files may persist in unallocated space for some time. Following a gentle introduction to the subject, this will be a hands-on workshop during which participants will carve deleted files to gain an understanding of how file-carving works within Nuix and what results to expect from different file-systems.
15:00 - 15:45
Leveraging OSINT to Attack an Organization
Speaker: Michele Daryanani, Senior Manager, Information Protection and Business Resilience, KPMG Switzerland

Session description
Historically, dumpster-diving was seen as the way to get information on companies. While not entirely deprecated, there are easier ways. Open-source intelligence (OSINT) is data collected from publicly available sources. These can be used to profile staff within a company, gather information, and subsequently launch an attack. During this presentation, we will walk you through a sample information gathering exercise, profile a company and one of their directors and use that information to compromise corporate data. Subsequently, we’ll discuss what companies can do to mitigate this risk.
15:00 - 15:45
Bitcoin Investigation
Speaker: Pavel Mishchenko, Lead Crystal Analyst, Bitfury Group & Ralph Windholz, CEO, FORINCO AG

Session description
The growing use of cryptocurrencies will present new challenges to law enforcement, tax authorities and financial institutions. Whether it’s about tracking bitcoin transactions, determining relationships between actors or validating transactions of known entities, they are all complex and timeconsuming. The comprehensive new toolkit Crystal from Bitfury Group simplifies the data analysis and advances the investigation. Crystal provides comprehensive blockchain analytics and supports transaction visualization and tracking. Based on the risk scoring feature relevant addresses or connections can be identified.
16:00 - 16:45
Windows 10 Registry Hot Spots
Speaker: Roman Locher, CTO, Arina AG

Session description
I call the Windows Registry the "old lady" of traditional computer forensics. It is probably around for longer than anyone of us can call himself a "digital forensic investigator". However, even in Windows 10, the Registry is still an absolute goldmine that contains a wealth of information. In this workshop we will summarize the most important keys that you should look at in your next investigation and we highlight the changes that were made to the Windows 10 Registry. We will also dive into a brief summary of how the different forensic tools are parsing the registry. Let's find out who currently leads the pack in this area of investigations!
16:00 - 16:45
NIMBUS - Revolutionary Case Management, Digital Forensic Automation & Intelligence Solution
Speaker: Carl Barron, Head of Technology & Innovation, BlackRainbow

Session description
An interactive look at how a brand new revolutionary tool, NIMBUS, can be used to track all your case work (including geolocation data, notes, training records and suspect information) as well as standardise and automate any digital forensic tool anywhere on your network.
A Case Study will be also presented about how has been adopted within a National Police Force, allowing for a collaborative and consistent solution across multiple locations.
16:00 - 16:45
Presentation malware/attack risks and impacts for industrial control systems and Internet of Things (IoT)
Speaker: Carlos Anastasiades, Senior Consultant (Information Protection and Business Resilience), KPMG Switzerland

Session description
To be done.
16:00 - 16:45
GDPR violation and non-compliance
Speaker: Thomas Bolliger, Partner, Information Governance and Compliance KPMG

Session description
On May 25, 2018 the EU-General Data Protection Regulation [GDPR] has entered into force. In view of the currently circulating stories in the media about the misuse of data for business and political purposes, the question arises what the consequence of a data protection violation under the GDPR will be. The presentation uses examples to show how non-compliance and data protection violations could have an effect.

Back to top

Conference Archives
Digital Investigations Conference 2017
Digital Investigations Conference 2016
Digital Investigations Conference 2015
Digital Investigations Conference 2014
Digital Investigations Conference 2013