Agenda 2014
| Description | |
|---|---|
| Keynote 1 (Auditorium) |
Recent Trends and Changes Affecting Cyber-Criminal Activity Speaker: Bruce Nikkel, Head of Cyber-Crime / IT Investigation & Forensics, UBS AG Session description A combination of changes across various industries and groups is beginning to affect the current cyber-crime landscape. This talk discusses recent trends and behavior changes in the hardware/software industry, ISPs and hosting providers, the banking industry, government and law enforcement agencies, the media and general public, and the criminal underground community. It identifies positive trends, shifts in criminal focus, and things to watch out for in the near future. |
| Keynote 2 (Auditorium) |
The 5 thinking mistakes about cybersecurity Speaker: Gerben Schreurs, Partner / KPMG Forensic Switzerland and EMA Leader KPMG Forensic Technology Session description In the media a contribution is made to the culture of fear and uncertainty that cyber incidents are everywhere. Reports often fail to distinguish between opportunistic fraudsters on eBay and organized criminal groups with strategies for systematically stealing intellectual property. Based on the lessons learned from conducting cyber incident response investigations we will use case studies to help answer questions such as; What type of attackers are there? How do you communicate with top management to ensure sufficient budget for prevention and response in the cyber domain? What is your role as an investigator to help prevent future incidents? In the form of 5 thinking mistakes this session will lead you through these questions and will reset some of the `traditional thinking` about cyber. |
| 13:00 - 13:45 (Auditorium) |
Guidance - The Enemy Within: Managing Insider Threats Speaker: Heinz Mäurer, Senior Account Executive D-A-CH, Guidance Software Inc. Session description Managing Insider Threats from End-to-Endpoint: - Detecting Anomalous Activity by Insiders - Locating & Wiping Unauthorized Storage of Sensitive Data |
| 13:00 - 13:45 (Trophy) |
Passware - Encrypted evidence discovery and mobile forensics Speaker: Nataly Koukoushkina, Marketing Manager, Passware Inc. Session description What's important is most likely encrypted. And vice versa: what's encrypted is most likely important. Encryption - is one of the serious obstacles computer forensics have to overcome in evidence discovery. Passware, the developer of the leading password recovery and decryption solutions, shares its tips and tricks in encrypted electronic evidence analysis, starting from discovering, proceeding to decryption and ending with analyzing results. You will see how to decrypt TrueCrypt containers within minutes, recover strong passwords for RAR archives, extract Facebook passwords from computer memory, break into an iPhone backup, and many more! |
| 13:00 - 13:45 (Uetliberg) |
Nuix - One Window into your Investigation Speaker: Jie Chen, Solution Consultant, Nuix Session description The types electronic evidence involved in a case is becoming ever-more varied and complex, stretching traditional forensic tools to capacity. This session will show how to manage the various devices and data involved in a case to give you a comprehensive representation of the evidence, and the links between them, at any time. |
| 14:00 - 14:45 (Auditorium) |
Tracks Inspector - Digital investigation in a distributed workplace
Speaker: Dr. Hans Henseler , Director and Co-Founder of Tracks Inspector Session description Professor in E-Discovery at the Amsterdam University of Applied Sciences and founder of the Forensic Computer Investigation Department at the Netherlands Forensic Institute It is time for a change in the way organisations work with digital forensic evidence. Every investigator needs to be able to quickly and easily analyze digital forensic evidence related to their cases: from photos, videos, email, social media and Internet usage to audio and documents. Each day that a computer or mobile device sits in a backlog waiting to be processed is one that a potential offender remains at large. Electronic devices routinely contain evidence related in some way to the planning, coordination, commission or witnessing of crimes. And the digital information contained in seized devices is typically sent to specialists in digital forensics laboratories to be processed. Today digital forensics laboratories alone can no longer manage the sheer volume of digital evidence in criminal cases. The backlog of caseloads has grown from weeks to months worldwide. Digital forensic specialists cannot be trained fast enough and the number of specialists required to analyze the mountains of digital evidence in common crimes is simply beyond budget constraints. A paradigm change is required to allow the digital evidence to be available to front line investigators quickly, accurately and in a controlled way. Digital forensic experts need to manage this new process but not be a bottleneck. By allowing the extended investigating team intuitive access, in a secure forensic way, to the data enables quicker investigation, faster convictions and a better collaborative working environment for all. Tracks Inspector enables investigators to immediately analyze digital evidence stored in forensic copies to determine which items are relevant and if further analysis by digital forensics experts is necessary. The software provides an intuitive web-based interface and alerts users about the existence of specific digital traces using built-in rules that can be customized by digital forensics experts. |
| 14:00 - 14:45 (Trophy & Mascot) |
Guidance - Effective Forensics: EnCase and Tableau Speaker: Steve Gregory, Forensic Solutions Specialist, Guidance Software Inc. Session description Understanding the features of the latest release of EnCase Forensic and the newest Tableau products will improve your overall forensic investigation effectiveness. This session will bring you up to date on the latest Tableau and EnCase products. |
| 14:00 - 14:45 (Uetliberg) |
Cellebrite - Shorten your investigation times: Learn How to Turn Raw Data into Actionable Intelligence in the Early Hours of any Investigation
Speaker: Peter Warnke, Sales Director, Cellebrite Session description Reveal and understand communication links between multiple mobile devices based on a complete range of existing, hidden and deleted data types by visualizing data from multiple phones. Learn how corporate investigators can use UFED Link Analysis to discover the critical connections between suspects. |
| 15:00 - 15:45 (Auditorium) |
Nuix - Beating the Big Data Blues: Collaborating on Big Cases Speaker: Jie Chen, Solution Consultant, Nuix Session description Designing a workflow for collaborative investigation and case management in a multi-user environment. Learn how to break large data sets , from 30 GB to 30TB, into sub-cases, share the workload and reconstitute the data into a single case while maintaining access records. |
| 15:00 - 15:45 (Trophy & Mascot) |
Magnet Forensics - Multiple Devices
Speaker: Jad Saliba, Founder & CTO, Magnet Forensics Session description To fully understand a person's social networking and chat activity you need to acquire data from all the computers, smartphones and tablets they've used to access their social and chat applications. This session will arm you with the knowledge and techniques required to recover and analyze social networking and chat artifacts across the most popular computer and mobile device file systems. It will bring you up-to-date with the latest developments in social media and chat artifacts through a review of popular apps like Facebook, Skype and Kik Messenger, which are continually evolving. We will also explore new and emerging applications like Snapchat, Tor Chat, and WeChat that you may not have encountered yet but are gaining in prevalence. Using IEF, we will dig into the details of how these artifacts are stored, where you can find them in active and deleted space, and techniques that allow you to integrate your analysis of evidence recovered from multiple computers or mobile devices in order to get a complete view of a person's online activity. |
| 15:00 - 15:45 (Uetliberg) |
Arina AG - Windows Event Log analysis: Gathering great information the easy way!
Speaker: Roman Locher, CTO, Arina AG Session description The Windows Event Log is a great place to find useful information, stored in a human readable format. In this workshop we will show you how to find, load, analyze and search collected Event Logs from a Windows computer. You get to know where to look for interesting records about the usage of a system and actions taken by the user. Don't be surprised in the future if you are spending much more time analyzing Event Logs, instead of browsing through abstruse registry keys. |
| 16:00 - 16:45 (Auditorium) |
Cellebrite - Bypassing Locked Devices: Learn How to Tackle One of the Biggest Challenges in Mobile Forensics
Speaker: Peter Warnke, Sales Director, Cellebrite Session description Pattern locks and passwords have been created to protect mobile phone user digital assets and they are becoming increasingly sophisticated and hard to crack even for forensic examiners. Attempting to gain access to a locked device is not an easy task, especially with a complex pattern locks or passcodes. The only way in is by using advanced forensic tools and techniques. Learn about the UFED's unrivalled capability to bypass locked phones and extract passwords from the biggest number of device profiles, including iOS, Nokia BB5 LG, HTC, Motorola, and other Android devices. |
| 16:00 - 16:45 (Trophy & Mascot) |
Magnet Forensics - Uncovering the covered tracks: Finding what's left behind
Speaker: Jad Saliba, Founder & CTO, Magnet Forensics Session description This session will explore numerous techniques that people use to try to hide, erase, and circumvent their online activities. We'll look at specific tools (that are freely available) that they may use in an attempt to cover their tracks, including private browser features such as InPrivate or Incognito browsing modes, and technologies like Tor, Bitcoin and covert webmail options. We'll examine the artifacts left behind by all these tools and technologies and demonstrate how you can use Internet Evidence Finder to uncover the wealth of evidence left behind even when someone is attempting to cover their tracks. |
| 16:00 - 16:45 (Uetliberg) |
Passware - Encrypted evidence discovery and mobile forensics
Speaker: Nataly Koukoushkina, Marketing Manager, Passware Inc. Session description What's important is most likely encrypted. And vice versa: what's encrypted is most likely important. Encryption - is one of the serious obstacles computer forensics have to overcome in evidence discovery. Passware, the developer of the leading password recovery and decryption solutions, shares its tips and tricks in encrypted electronic evidence analysis, starting from discovering, proceeding to decryption and ending with analyzing results. You will see how to decrypt TrueCrypt containers within minutes, recover strong passwords for RAR archives, extract Facebook passwords from computer memory, break into an iPhone backup, and many more! |
Back to top