AGENDA, 12th of June 2019



VIEW PREVIOUS CONFERENCES


From 11:15 Door Opening and Registration
11:30 - 13:00 Lunch
13:00 - 13:15 Welcome & Introduction
13:15 - 14:00 The Trouble with Terrestrial Astronauts: Considering Digital Evidence and Privacy on an Increasingly Inter-connected Planet
14:00 - 14:45 Cyber-Fraud Landscape
15:15 - 15:45 Coffee Break
Next level investigations lab New corporate and legal technology Optimizing the eDiscovery Workflow Mobile and Cloud challenges
15:45 - 17:15 Physical Acquisition and Analysis of T2 Protected Macs
[BlackBag]
The Power of Combining Review and AI
[Reveal]
Interdisciplinary Projects: Effectively Combining the Technical and Legal Domains
[Enquire]
The art of Open Source Intelligence Gathering (OSINT)
[SNH]
17:30 - 18:30 Drinks & Raffle @ DIC Bar, sponsored by Ernst & Young
18:30 - 21:30 Dinner Party

AGENDA, 13th of June 2019


08:00 - 09:00 Network breakfast
09:00 - 09:10 Welcome & Introduction
09:10 - 09:55 The Legal 101 of Digital Investigations
09:55 - 10:15 Break
Next level investigations lab New corporate and legal technology Optimizing the eDiscovery Workflow Mobile and Cloud challenges
10:15 - 11:00 Scaling a virtualised Nuix architecture
[National Crime Agency]
Short Message Discovery: Regulatory and Compliance Workflows in RelativityOne
[Relativity]
Advanced Deduplication: Beyond Digital Fingerprints
[Swiss FTS]
Forensics acquisition of websites and mobile with FAW and FAS
[FAW]
11:15 - 12:00 NIMBUS - Integrated Case Management & Digital Forensic/eDiscovery Automation Solution
[BlackRainbow]
The Unified Single Agent
[OpenText]
Casting Light on the Issue of Mass Redactions
[Swiss FTS]
WhatsApp Forensics - Advanced methods of extraction and decryption
[Oxygen]
12:00 - 13:30 Lunch
13:30 - 14:15 Learn how Digital Intelligence/ Analytics can accelerate your investigation work
[Cellebrite]
Nuix Ringtail: End-to-end discovery without compromise
[Nuix]
Contract Analytics in eDiscovery
[EY]
Managing the Complexities of Large File Transfers
[Swiss FTS]
14:30 - 15:15 Piecing the Story Together: Correlating Operating System, Memory, and Other Artifacts in your Forensic Examinations
[Magnet]
Answering the six traditional investigation questions with Nuix
[Nuix]
Adding Scalpel-like Precision to Relativity
[Swiss FTS]
Accessing Apple and Google cloud accounts to get real-time evidence: from passwords to conversations, from locations to documents
[Elcomsoft]
15:15 - 15:45 Coffee Break
15:45 - 16:30 Passware beginners training and best practices
[Passware]
Cyber Attack Simulation: Hacking a Website
[EY]
Privacy Review: Use Cases and Efficient Approaches
[Christian Zeunert]
Navigating the GDPR in the Context of Cross-border Discovery
[Ryan Costello]
Description for 12th of June 2019
13:15 - 14:00
(Belvoir Hall)
The Trouble with Terrestrial Astronauts: Considering Digital Evidence and Privacy on an Increasingly Inter-connected Planet
Speaker: Ryan Costello, Head of Data Privacy Engagement Services, ProSearch Strategies

>> read more <<
14:00 - 14:45
(Belvoir Hall)
Cyber-Fraud Landscape
Speaker: Prof. Dr. Bruce Nikkel, Bern University of Applied Sciences

>> read more <<
15:45 - 17:15
Physical Acquisition and Analysis of T2 Protected Macs
Speaker: Stuart Hutchinson, Vice President, APAC & LatAm

Session description
BlackBag Technologies is proud to announce the first and only solution to produce a decrypted physical image of Apple’s latest Mac systems utilizing the T2 chip. Current logical imaging solutions, including functionality available in the previous version of BlackBag’s own MacQuisition tool, and competing solutions like Sumuri Recon and EnCase, miss critical file system information that only this new level of physical access will be able to provide.
15:45 - 17:15
The Power of Combining Review and AI
Speaker: Kevin Albert, Senior Consultant & Eugene O'Neill, EVP EMEA and APAC

Session description
The legal and compliance world are under increasing pressure to achieve greater cost predictability, which is no easy task in the era of “Big Data.” This conversation will highlight the evolution of the legal review process from traditional review, through early case assessment, to how AI is the next giant leap forward. We will delve into how leveraging artificial intelligence combined with review and human input can find evidence faster, increase efficiency, and decrease errors while reducing the overall cost exponentially.
15:45 - 17:15
Interdisciplinary Projects: Effectively Combining the Technical and Legal Domains
Speaker: Louise Dräyer-de Moor, Project Manager, Swiss FTS AG & Nadine Studer, Senior Legal Counsel, ENQUIRE Rechtsanwälte AG

Session description
When the news headlines report corruption or money laundering scandals, the company concerned - or the supervisory authority – needs to determine the facts of the situation in a very short timeframe: Who communicated with whom? What was the timeline of events? Who had access to what information, and whom was it shared with? For which of the thousands of financial transactions is there no plausible explanation? Which one is a bribe payment? Were employees or managers involved in any criminal activities? What evidence do we have?

Senior Management, Board Members and the General Counsel of a company confronted with such allegations want to gain an overview of the situation as soon as possible in order to obtain a basis for the decision on further action. Faced with huge data volumes, time pressure and limited resources, an interdisciplinary team composed of both lawyers and IT forensic experts is best suited to plan and conduct such an investigation and to deliver reliable results – if they are speaking the same language, understand the respective needs and cooperate well. This talk will demonstrate – based on an example project – how this cooperation can work effectively.
15:45 - 17:15
The art of Open Source Intelligence Gathering (OSINT)
Speaker: TBD

Session description
In the last few years, the art of Open Source Intelligence Gathering (OSINT) became a crucial skill to master for investigators all around the world. The fact that the internet knows more about an individual than his closest friends, should be motivation enough to gather your own intel. In this workshop you will learn the basic concepts of acquiring and analysing data from the cloud and it's social media platforms.
Description for 13th of June 2019
09:10 - 09:55
(Belvoir Hall)
The Legal 101 of Digital Investigations
Speaker: David Rosenthal, Counsel, Homburger AG

>> read more <<
10:15 - 11:00
Scaling a virtualised Nuix architecture
Speaker: Nathan Coutts, Manager, DFNet Design Team, National Crime Agency

Session description
In order centralise and scale their digital forensics investigations, the UK National Crime Agency adopted Nuix as its primary DF tool. This talk will outline how the NCA went from desktop DF workstations, to a server-based system and then to a fully virtualised DF system operating at a national level.
10:15 - 11:00
Short Message Discovery: Regulatory and Compliance Workflows in RelativityOne
Speaker: Clare Longworth, Solutions Specialist, Relativity

Session description
Short message communication has become as ubiquitous as email in our day-to-day activities. Organisations and individuals will often use at least two or more messaging applications. It's no longer enough to just review emails and eDocs and call it a day. In this session, you'll see an overview of RelativityOne's short message features and get a preview of the product roadmap. We'll also walk through simple use cases to help you deal with regulatory and compliance requirements and provide ideas you can implement right away in your day-to-day use of RelativityOne.
10:15 - 11:00
Advanced Deduplication: Beyond Digital Fingerprints
Speaker: Irène Wilson, Director, Swiss FTS AG

Session description
In the physical world biological twins don’t share the same fingerprints, a trait which is also reflected in the digital world where the same information can have different hash values. The challenge is to create a robust, reproducible, and reliable process to identify duplicate data, while keeping in mind the logistical implications for the project. Discover how to save time and money by using powerful tools and creative workflows to de-duplicate your data in real-world complex scenarios.
10:15 - 11:00
Forensics acquisition of websites and mobile with FAW and FAS
Speaker: Davide Bassani, Digital Forensics expert & Matteo Zavattari, Project manager, Envolve Forensics

Session description
The seminar provides technical / legal content to acquire and certify web pages and screenshots of mobile devices. The seminar explains in simple and understandable language, even to users without technical skills, how to acquire web pages and any information present on mobile devices giving a certain probative value. The seminar examines the use of FAW software, the first forensic browser capable of acquiring Web pages in a very simple and fast way and of the FAS App (forensics acquisition of screenshot).
11:15 - 12:00
NIMBUS - Integrated Case Management & Digital Forensic/eDiscovery Automation Solution
Speaker: Carl Barron, Head of Technology & Innovation, BlackRainbow

Session description
An interactive look at NIMBUS. Nimbus can be used to track all your case work (including exhibit chain of custody, locations, notes and person information) as well as standardise and automate any Digital Forensic/eDiscovery process.
11:15 - 12:00
The Unified Single Agent
Speaker: Karen Hansen, Account Executive & Ashley Page, Solutions Consultants, OpenText

Session description
Digital forensic, e-discovery, Endpoint Security, EDR, GDPR-issues and much more with one single agent.
Intelligent Architecture.
Structuring security in networks with 800.000 endpoints and more.
11:15 - 12:00
Casting Light on the Issue of Mass Redactions
Speaker: Rafael Aggeler, IT Forensic & Security Expert, Swiss FTS

Session description
Even before GDPR, privacy and its protection has been a key requirement for Switzerland and Europe. Due to various legal and regulatory requirements, documents containing private information must sometimes be disclosed, and in order to ensure the privacy rights of the parties involved documents are often redacted. Doing this manually for larger document collections is resource intensive and costs tend to skyrocket, which calls for innovative approaches and technologies. In this session, SFTS will show how redactions can be applied and managed easily using modern technology for assisted redacting to overcome the challenges of mass redactions.
11:15 - 12:00
WhatsApp Forensics - Advanced methods of extraction and decryption
Speaker: Tanya Pankova, Senior Marketing Manager, Oxygen Forensics

Session description
WhatsApp is without doubt the most popular messenger in the world with over 1.5 billion users globally. Thus, extracting complete evidence from WhatsApp Messenger is essential for any investigation. In this session, we will look into all possible sources where WhatsApp data might be stored (mobile devices, computers, cloud) and present our exclusive method of WhatsApp data extraction directly from the WhatsApp Server. Moreover, we will guide you through the process of WhatsApp backups decryption offering the alternative method, not incorporated in other forensic software. Finally, we will explain how to extract WhatsApp data from a locked mobile device using a WhatsApp QR token from a PC.
13:30 - 14:15
Learn how Digital Intelligence/ Analytics can accelerate your investigation work
Speaker: Martin Pfeiffer, Sales Engineer Forensics & Peter Zontek, Senior Sales Director EMEA, Cellebrite

Session description
Cellebrite’s Analytics Enterprise is designed to increase the impact of digital forensic data, empowering agencies to become more productive, efficient and successful – all while managing digital data. Digital data has an important and almost existential place in peoples’ everyday lives. Consequently, digital data is an important cornerstone of any investigation. Due to the complexities inherent in analyzing digital data, most agencies are not truly benefiting from the full impact of the wealth of digital forensic data that was already collected – and is readily available. While digital data will continue to be a forensic specialist field in the area of acquisition and extraction, Analytics Enterprise provides data consumers with a tool for quicker and deeper analysis – where each event maintains a direct link to the evidence sources. The key component of Analytics Enterprise may be summarized in one word: accessibility. Analytics Enterprise enables you to: Simplify complex analysis tasks and make case resolution as easy as clicking a button. Share data among multiple agents to collaboratively accelerate investigations. Centrally manage your digital data to reduce risk and minimize storage requirements.
13:30 - 14:15
Nuix Ringtail: End-to-end discovery without compromise
Speaker: TBD

Session description
Nuix Ringtail is designed to reduce the complexity and workload associated with early case assessment, investigations and document review. No matter your "big content" challenges, Ringtail’s visual analytics will provide you with a unique and revealing view into the data. Join our Ringtail experts to see how Nuix and Ringtail can give you an amazingly fast, comprehensive way to get the right documents to attorneys and help legal teams win.
13:30 - 14:15
Contract Analytics in eDiscovery
Speaker: Adrian Ott, Head of eDiscovery Switzerland, EY

Session description
Every now and then you come across a large amount of similar documents during a review. A prominent Example is a set of Contracts where all the interesting information like the counterparty or certain clauses are not stored in a structured database but buried somewhere in the unstructured document. Because these contracts are often quite different or have changed over time, there is often no other way than to manually review all the documents and writing down the necessary information to create a database that can be searched and filtered. In this workshop we show you the latest technologies when it comes to extracting Information out of unstructured documents automatically based on different machine learning methodologies and we provide an outlook on how eDiscovery reviews and remediation processes can benefit from smart document analytics.
13:30 - 14:15
Managing the Complexities of Large File Transfers
Speaker: Mattias Aggeler, Partner at Swiss FTS AG

Session description
Companies transfer increasing volumes of confidential data, with security often being sacrificed for the sake of convenience and ease of use due to the lack of effective and user-friendly tools. Available cloud solutions leave you uncertain about the location and security of your data, and in the realm of digital investigation security, traceability and auditability are critical to success. Swiss FTS will demonstrate its approach to these challenges and provide solutions that you can use in your company.
14:30 - 15:15
Piecing the Story Together: Correlating Operating System, Memory, and Other Artifacts in your Forensic Examinations
Speaker: Marco Klockenkämper, Sales Engineer, Magnet Forensics

Session description
Learn how to correlate different artifacts with each other and see the connections that occur between artifacts and pieces of evidence data. See how users interact with their content by replicating the data’s journey and learn ways you may be able to correlate activity when the files are no longer present on a system. Join Marco Klockenkämper, Sales Engineer at Magnet Forensics, to look at activity correlations not only on PCs, but across multiple types of evidence including computer, mobile devices, memory dumps, external media, and cloud.
14:30 - 15:15
Answering the six traditional investigation questions with Nuix
Speaker: Mark McCluskie, Head of Investigations, EMEA, Nuix

Session description
Drawing on his experience as a cybercrime investigator for the Police Service of Northern Ireland, Mark will explore the impact and challenges associated with answering the six big investigation questions, in the context of today’s technology-driven investigative landscape, and how Nuix can help transform traditional digital forensic workflows and investigative strategies to future proof your investigation capabilities.
14:30 - 15:15
Adding Scalpel-like Precision to Relativity
Speaker: Mattias Aggeler, Partner at Swiss FTS AG

Session description
Nearly all eDiscovery review tools apply relevancy tags and comments at a document level. This low level of precision is regularly frustrating for reviewers, whose review process could be made more effective by being able to highlight and mark specific sentences or paragraphs with annotations. Illuminate solves this problem in Relativity, giving reviewers the ability to mark and comment on granular blocks such as pages, paragraphs and single phrases instead of entire documents only. We will walk through a real world example using Illuminate and show how it helps to save time and increase efficiency in your reviews.
14:30 - 15:15
Accessing Apple and Google cloud accounts to get real-time evidence: from passwords to conversations, from locations to documents
Speaker: Vladimir Katalov, CEO, Elcomsoft

Session description
Smartphones becomes for and more secure with every new model and software update; at the same time, consumers (and especially criminals) learns more about security and protect their devices at the highest possible level, so even traditional logical acquisition is often not possible. But cloud acquisition to the rescue – in many cases you can get even more than from the device itself. Cloud data is not limited to well-known backups (that are extremely hard to obtain nowadays), but also includes tons of real-time data. Some categories are easier to download than other, and there are ones that look like totally impossible to get, such as iCloud Keychain and Health data – even Apple itself cannot provide them by Government Information Requests, as they cannot decrypt. Still, you can do that, if you have the proper tools.
15:45 - 16:30
Passware beginners training and best practices
Speaker: Toni Pärn, Director of Sales, Passware

Session description
Please bring your computer! If you do not have Passware, please ask a trial license from Passware booth (or toni@passware.com). We will be doing practical examples and different kind of attacks towards encrypted files.
15:45 - 16:30
Cyber Attack Simulation: Hacking a Website
Speaker: Moritz Schneider, Senior Consultant Cyber Incident Response, EY

Session description
SQL injection is one of the biggest threats to web application security. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. Following a gentle introduction to the subject, in this session we will perform a live SQL injection and discuss how we can protect ourselves from such an attack.
15:45 - 16:30
Privacy Review: Use Cases and Efficient Approaches
Speaker: Christian Zeunert, Managing Director eDiscoveryMinds / Founder & President SeDIV

Session description
The identification of different categories and appearances of personal data in communication and other data is often performed in a burdensome, highly manual process. In particular private communication, sensitive personal data as well as directly or indirectly identifying client data is hard to detect. However, the identification may be required to enable the disclosure of documents in use cases such as litigation, investigations, subject access requests or in the M&A context. This session explores the context and issues of personal data detection and approaches to minimize the burden.
15:45 - 16:30
Navigating the GDPR in the Context of Cross-border Discovery
Speaker: Ryan Costello, Head of Data Privacy Engagement Services, ProSearch Strategies

Session description
The evolving nature of data protection law across the globe, including the implementation of the EU’s General Data Protection Regulation, has had clear implications for cross-border discovery operations. While a break from previous discovery processes and a new set of best practices is surely required, the path forward has been beset by uncertainty due to regulatory enforcement risks, minimal regulatory guidance, and little applicable case law. Oh, and don’t forget the royal mess of Brexit.

This session will provide attendees with an in-depth look at some of the key components of the GDPR in the eDiscovery context. We’ll consider some threshold questions, debate best practices, and shed some light on how best to facilitate the free flow of data while ALSO ensuring a high level of protection of personal data that’ll keep even the most voracious regulators at bay.

Back to top

Conference Archives
Digital Investigations Conference 2018
Digital Investigations Conference 2017
Digital Investigations Conference 2016
Digital Investigations Conference 2015
Digital Investigations Conference 2014
Digital Investigations Conference 2013