Agenda, 20. März 2019




Frühere Konferenzen anzeigen

Derzeit sehen Sie noch die alte Agenda, um ein Bild der Veranstaltung zu erhalten. Die neue werden wir bis zum 15. Januar publizieren.

8:00 - 9:00 Empfang und Frühstück
Sala Terrena
9:00 - 9:20 Offizielle Begrüssung durch BMI und Arina AG
9:20 - 10:05 Eröffnungsvortrag BMI
Einführung in das Tor-Netzwerk: Warum das Ermitteln schwerer wurde, warum es aber nicht unmöglich ist
10:15 - 11:00 Nuix
Big Data Investigations - the power of Elastic Search
11:00 - 11:30 Kaffeepause
Sala Terrena Hörsaal 12, Raum Nr. 1402 Hörsaal 36, Raum Nr. 3402
11:30 - 12:15 Practical Forensic Image and Video Analysis Bringing smartphone and computer forensics together Advanced hardware solutions for mobile forensics
12:15 - 13:30 Mittagessen
13:30 - 14:15 Deep Diving for Forensic Gold – Applications and Deleted Data Completing digital investigations using EnCase Forensics v8 and Tableau products Digital Investigations: Dive into forensics radio survey (BTS) and cross analysis of multiple mobile evidence sources to solve a case
14:30 - 15:15 Forensic Artifacts in Windows 10 Taking mobile forensics to the next level Efficient decryption with Passware
15:15 - 15:45 Kaffeepause
15:45 - 16:30 Capturing and extracting important evidence directly from Google and Apple Clouds Analyzing Systems Hardware for Forensic Software Optimization Efficient visualization of evidence data with Nuix Web Review & Analytics
16:30 - 17:30 Einladung zum Happy-Hour-Apéro
Bleiben Sie bis zur Verlosung und gewinnen Sie tolle Preise




Beschreibung
09:20 - 10:05
Sala Terrena
Einführung in das Tor-Netzwerk: Warum das Ermitteln schwerer wurde, warum es aber nicht unmöglich ist
Speaker: Andreas Dengg, MSc., Ermittlungen organisierte Kriminalität, Bundesministerium für Inneres

Session description
In verschiedenen Kriminalitätsbereichen, in denen Kommunikation über das Internet eine Rolle spielt, kommen seit Jahren Darknets – und hier vor allem das Tor-Netzwerk – zur Anwendung um Strafverfolgern das Ausforschen von Ursprung, Ziel und Inhalt dieser Kommunikation zu erschweren. Der Vortrag gibt eine kurze Einführung in die Technologie des Tor-Netzwerkes und den dort etablierten Hidden Services und zeigt Ermittlungsansätze auf.
10:15 - 11:00
Sala Terrena
Big Data Investigations - the power of Elastic Search
Speaker: Lee Meyrick, Director of Information Management, Nuix

Session description
The traditional methods for evaluating digital evidence are unsustainable. Big data is too big, too fast and too complex for traditional forensic tools.
With the power of Elastic search you can take your hyper-scale your investigations to: Gain unparalleled speed of indexing and search—get answers from the data within seconds Create a centralized investigation and intelligence repository—join historical and present cases into a unified investigative view (cross-case federated search) Collaborate and break down intelligence silos—bring together hundreds of investigators, officers and analysts to work together on a case, no matter where they are located regionally.
In this keynote Daniel Jones, Solutions Expert from Nuix will showcase the power that Elastic search can bring to investigations.
11:30 - 12:15
(Sala Terrnea)
Practical Forensic Image and Video Analysis
Speaker: Martino Jerian, CEO and Founder, Amped Software

Session description
You’ve seen it over and over in famous TV shows like CSI. Using technology to magically “enhance” low quality videos. Video analysis is one of the most fascinating fields of digital and media forensics, but there’s much more to it than simply enhancing a picture. This workshop will tell you the truth about video analysis and provide a summary of all the steps needed to get evidence out of the source (typically a digital video recorder), extract parts of interest, properly enhance them, take measurements, and prepare the results for presentation in the courtroom. The full workflow can be managed with the software Amped FIVE, which is being used daily by top law enforcement forensic labs worldwide. We will also look at the current tools available in Amped Authenticate, the leading software for forensic image authentication, camera ballistics and tampering detection.
11:30 - 12:15
(Hörsaal 12, Raum Nr. 1402)
Bringing smartphone and computer forensics together
Speaker: Peter Warnke (Account Executive) & Marco Klockenkämper (Sales Engineer), Magnet Forensics

Session description
We need to bring together the examination of computers, smartphones and other media devices that are involved in a case. Traditionally, smartphones and computers are analyzed separately with different tools, by different people, sometimes in different labs! This lack of integration could mean that data that is correlated is overlooked. Forensics experts will discuss the need for holistic forensic tools and seamless integration with existing solutions. See how using integrated and complete tools can show the big picture more completely and help drive accurate and trustworthy finding.
11:30 - 12:15
(Hörsaal 36, Raum Nr. 3402)
Advanced hardware solutions for mobile forensics
Speaker: Anthony Mercier, Lead Instructor, Teel Technologies

Session description
In this presentation, Anthony Mercier will provide an overview of the Teel Technologies force continuum of hardware tools to access mobile phones for forensics examinations. The discussion will introduce advanced techniques of acquiring mobile devices, including the Bootloader/Flasher Box; JTAG; ISP eMMC; and Chipoff processes.
These techniques are useful for:
  • Locked devices,
  • Bypassing USB debugging,
  • Acquiring devices not supported by the mainstream tools,
  • Bypassing some encryption,
  • Getting data from damaged devices,

    Some of these techniques will be discussed in more detail and if the opportunity is available, a demonstration of one or two may take place. The audience will get a better understanding of:
  • What each of these processes are
  • When and why we would use these processes
  • Dangers of using some of these processes
  • Some of the equipment and costs of using these processes
  • 13:30 - 14:15
    (Sala Terrnea)
    Deep Diving for Forensic Gold – Applications and Deleted Data
    Speaker: Galina Rabotenko, Marketing Director, Oxygen Forensics

    Session description
    Beyond all doubt, all the vital evidence is stored in apps: contacts, group and private chats, plans, geo coordinates, cache and much more. But it is not enough to parse apps databases: in many cases you need to decrypt and retrieve securely stored data in apps, like Whatsapp, Threema, Telegram, etc. Moreover, the situation with apps is constantly changing: popular apps are updated almost every week and forensic software manufacturers have to catch up with it adding support for newer versions. A variety of supported applications also matters: criminals prefer to choose unknown apps to communicate which is why support for popular apps is not enough. In our workshop we will explain how to extract and recover apps both from mobile devices and cloud.
    13:30 - 14:15
    (Hörsaal 12, Raum Nr. 1402)
    Completing digital investigations using EnCase Forensics v8 and Tableau products
    Speaker: Steve Gregory, Senior Forensic Product Advisor - EMEA, Guidance Software

    Session description
    The latest suite of forensic products from Guidance Software will demonstrate how you can conduct an investigation efficiently and effectively from start to finish, whether using the new Tableau TX1 imager through to the data analysis with EnCase v8 and EnCase Mobile Investigator.

    13:30 - 14:15
    (Hörsaal 36, Raum Nr. 3402)
    Digital Investigations: Dive into forensics radio survey (BTS) and cross analysis of multiple mobile evidence sources to solve a case
    Speaker: Nicola Chemello, CEO, Securcube

    Session description
    No one knows better than a digital investigator how the mobile evidence outlook is turning upside down. Several implications, first anti-forensics, redirects the investigation to a cooperative approach of all players. What a device offers in terms of extraction needs a careful assessment with CDR and, even more, with the real BTS coverage. This information strongly supports the search of suspects’ and victims’ movements at the crime scene. The cell efficiency, intended as the BTS performance subject to specific conditions, is quite fickle. Multiple variables can affect it, so suspects’ alibi may depend on the ability to check exactly the BTS coverage using the rising technique called ‘forensics radio survey’. The result obtained can redirect the examination to a specific group of the cells in the area of interest, refining the analysis in progress and the ongoing huge amount of data. The cross analysis of the evidence, guided by the real BTS coverage, opens an interesting evolution for mobile and phone records examination for a trustworthy result in court. Based on this outlook, the session introduces the multiple investigative approach to solve a case using some key mobile evidence, precisely: CDR, mobile extractions and BTS logs.
    14:30 - 15:15
    (Sala Terrnea)
    Forensic Artifacts in Windows 10
    Speaker: Roman Locher, CTO, Arina AG

    Session description
    In dieser Präsentation lernen Sie die wichtigsten und interessantesten Artefakte in Windows 10 kennen. Was ist Neues dazu gekommen? Welche Artefakte existieren nicht mehr? Und bei welchen Spuren muss man vorsichtig sein mit voreiligen Rückschlüssen? Wir schauen verschiedene Themen wie Microsoft Edge Browser, Prefetch-Files, Registry, USB-Tracking und mehr.
    14:30 - 15:15
    (Hörsaal 12, Raum Nr. 1402)
    Taking mobile forensics to the next level
    Speaker: Gerhard Gunst, Area Sales Manager DACH, MSAB

    Session description
    MSAB will show and demo the latest mobile forensics technology and development. This will focus on extracting data from mobile devices, cloud, vehicles and drones with the XRY Toolsuite and Berla iVe. All extractions can be analyzed within the XAMN Toolsuite. MSAB offers 4 different platforms: Office, Field, Tablet and Kiosk. Open Systems and Turnkey-Platforms with simplified GUI and customizable workflow. All the above processes can be managed by XEC Toolsuite, including automatized exports, user and user group administration and further functionality, that will take you to the next level of mobile forensics.
    14:30 - 15:15
    (Hörsaal 36, Raum Nr. 3402)
    Efficient decryption with Passware
    Speaker: Dmitry Sumin, President, Passware

    Session description
    Decryption of electronic evidence is a common problem for many computer examiners. New challenges of getting access to encrypted evidence will be covered - from now-standard full disk encryption for Windows and macOS to new TrueCrypt successors. This session covers new ways of getting the data decrypted – data acquisition from locked computers, encryption triage, leveraging live memory analysis, distributed network attacks and hardware acceleration, using data acquired to improve decryption success rates.
    15:45 - 16:30
    (Sala Terrnea)
    Capturing and extracting important evidence directly from Google and Apple Clouds
    Speaker: Olga Koksharova, Marketing Director, Elcomsoft

    Session description
    Cloud Forensics is a tough but extremely important question, because clouds can store way more data than computers and smartphones together. Quite often data is properly neither deleted, nor protected. iCloud forensics is made much easier with Elcomsoft Phone Breaker. We can acquire, decrypt and extract iCloud data including keychain items and access real-time synced data. Apple iCloud is not just the storage. It is used for iOS devices’ backups, applications’ backups, synced information and much more. Elcomsoft has just managed to get to the most interesting part of it - the iCloud Keychain - that keeps the most valuable data. This data includes Apple IDs, Wi-Fi accounts, Mail accounts, browser passwords, credit cards, DSIDs & tokens, even metadata like creation date and modification date. You will see how to extract all the data even if 2FA is on. Google Accounts Forensics is also not just about devices’ data, it gives you access to way more information from all the numerous cloud services. Google retains astonishing amounts of data that literally follow their users’ every step. The amount of data generated by consumers can become extremely valuable for an investigation of criminal cases and security breaches of IT infrastructure.
    15:45 - 16:30
    (Hörsaal 12, Raum Nr. 1402)
    Analyzing Systems Hardware for Forensic Software Optimization
    Speaker: Chris Stippich, President, Digital Intelligence

    Session description
    Based on thorough testing on a range of processors, RAM quantities, and storage media (mechanical and solid state drives, PCI/NVME media, and RAID options) in a forensic system, we will discuss the testing methodology and various hardware configurations that will have the most impact on the performance of the forensic software. Digital Intelligence is currently focusing on EnCase (testing complete), FTK (testing ongoing), and NUIX software (future) as the basis of this systematic testing.
    15:45 - 16:30
    (Hörsaal 36, Raum Nr. 3402)
    Efficient visualization of evidence data with Nuix Web Review & Analytics
    Speaker: Stefan Anton, Solutions Consultant, Nuix

    Session description
    Nuix Web Review & Analytics makes it easy to slice, dice and visualise data so you can quickly identify trends, locate information of interest and drill down to specifics. You can run multiple visualisations concurrently in separate browser windows, with all results updating dynamically as you dig deeper into your data. Join this session to learn how to create efficient visualization of evidence data with Nuix Web Review & Analytics to quickly understand the relationships between people, documents and events with a variety of data visualisations.

    Zurück zum Anfang

    Konferenzarchiv
    Digital Investigations Conference 2017 (Vienna)
    Digital Investigations Conference 2016 (Vienna)