Agenda, 17 June 2020




Show previous Conferences



From 11:15 Door Opening and Registration
11:30 13:00 Lunch (included)
[Foyer/Bankett Saal]
13:00 13:15 Welcome by Markus Mosca, CEO Arina AG
[Belvoir Saal]
13:15 14:00 Speaker 1: Key Concepts of Cryptography [TBD]
[Belvoir Saal]
14:00 14:30 Speaker 2: Cryptography from a Mobile Forensics Perspective [TBD]
[Belvoir Saal]
14:30 15:30 Extended Coffee Break
[Foyer/Bankett Saal]
LAB TRACK
[Charles Darwin]
eDISCOVERY & LEGAL TRACK
[Max Planck]
GOVERNMENTS ONLY TRACK
[Marie Curie]
DIGITAL FORENSICS
& CYBER TRACK
[Henry Dunant]
KEYNOTE TRACK
[Belvoir Saal]
15:30 16:15 KAPE
Nickolas B. Savage
eDiscovery in Office 365
Lighthouse
Workshop TBD
FEDPOL
Workshop TBD
OpenText
Workshop Speaker 2
TBD
16:30 17:15 Arina about Nuix
Yvo Hangartner, Senior Forensic System Engineer, Arina AG
Workshop TBD
Slot Reserved for Our Main Partner
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria
Workshop TBD
Martin Pfeiffer, Senior Pre-Sales Manager, Cellebrite
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet
17:15 18:00 Networking Happy Hour
sponsored by Ernst & Young

18:00 21:00 BBQ Dinner Party (included)
ENJOY!




Agenda, 18 June 2020





From 07:45 Door Opening and Registration
08:00 09:00 Networking Breakfast (included)
[Foyer/Bankett Saal]
09:00 09:10 Welcome by Markus Mosca, CEO Arina AG
[Belvoir Saal]
09:10 09:45 Speaker 3: Quantum Computing from a Cryptography Perspective
Prof. Dr. Jonathan Home, ETH
[Belvoir Saal]
09:50 10:15 Speaker 4: The Mathematics of Cryptography (Introduction)
From Caesar over Enigma to RSA

Dominique Walentiny, Forensic Analyst, Ernst & Young
[Belvoir Saal]
10:15 10:45 Coffee Break
[Foyer/Bankett Saal]
LAB TRACK
[Charles Darwin]
eDISCOVERY & LEGAL TRACK
[Max Planck]
GOVERNMENTS ONLY TRACK
[Marie Curie]
DIGITAL FORENSICS
& CYBER TRACK
[Henry Dunant]
KEYNOTE TRACK
[Belvoir Saal]
10:45 11:30 Secure Messenger Forensics. Evidence Hide-and-Seek.
Tanya Pankova, Senior Marketing Manager, Oxygen Forensics
Workshop Nuix
TBD
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria
Workshop Speaker 3
Prof. Dr. Jonathan Home, ETH
11:30 13:00 Lunch (included)
[Foyer/Bankett Saal]
13:00 13:45 Arina about Freezingdata's Social Network Harvester (SNH)
Réné Sakata, Senior Forensic System Engineer, Arina AG
Workshop title TBD
Slot Reserved for Our Main Partner
SQLite Database Analysis, what have you been missing? Part I
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA
Workshop title TBD
Workshop Instructor TBD
Workshop Speaker 4: How prime numbers keep your encrypted messages safe
Dominique Walentiny, Forensic Analyst, Ernst & Young
14:00 14:45 Supercharging Nuix with Rampiva
Daniel Boteanu, CEO, Rampiva
Workshop TBD
Slot Reserved for Our Main Partner
SQLite Database Analysis, what have you been missing? Part II
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA
Workshop title TBD
Slot Reserved for Ernst & Young
Workshop title TBD
Slot Reserved for Our Main Partner
14:45 15:30 Coffee Break
[Foyer/Bankett Saal]
15:30 16:15 Addressing the Serious Threat of Cybercrime with Magnet AXIOM Cyber
Marco Klockenkämper, Solution Consultant, Magnet Forensics
Workshop title TBD
Relativity
A Deep Dive into Mobile Forensics, Part I
Kay Stutz, IT Forensic Investigator, Zurich City Police
Workshop title TBD
Black Rainbow
Workshop title TBD
Workshop Instructor TBD
16:30 - 17:15 Workshop title TBD
Workshop Instructor TBD
Workshop title TBD
Slot Reserved for Ernst & Young
A Deep Dive into Mobile Forensics, Part II
Kay Stutz, IT Forensic Investigator, Zurich City Police
Workshop title TBD
Workshop Instructor TBD
Workshop title TBD
Passware, with a Forensic Expert in Decryption


Description
13:15 - 14:00
Belvoir Saal
Key Concepts of Cryptography
Speaker 1: TBD

Session description
TBD
14:00 - 14:30
Belvoir Saal
Cryptography from a Mobile Forensics Perspective
Speaker: TBD

Session description
TBD
15:30 - 16:15
Charles Darwin
KAPE
Nickolas B. Savage

Session description
TBD
15:30 - 16:15
Max Planck
eDiscovery in Office 365
Lighthouse

Session description
TBD
15:30 - 16:15
Marie Curie
Workshop title TBD
FEDPOL

Session description
TBD
15:30 - 16:15
Henry Dunant
Workshop title TBD
Opentext

Session description
TBD
15:30 - 16:15
Belvoir Saal
Workshop title TBD
Keynote Speaker 2

Session description
TBD
16:30 - 17:15
Charles Darwin
Arina about Nuix
Yvo Hangartner, Senior Forensic System Engineer, Arina AG

Session description
TBD
16:30 - 17:15
Max Planck
Workshop title TBD
Workshop Slot Reserved for Our Main Partner

Session description
TBD
16:30 - 17:15
Marie Curie
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria

Session description

This session will give a brief introduction to vehicle system forensics, including a short overview of field experience and selected case studies with focus on the value of digital evidence with a view on new challenges for law enforcement agencies.

Horst Reisner, born in 1974 in Eisenstadt/Austria, joined the Viennese Police in 1993 directly after school and military service. On completion of a specialist course in 1999, he was assigned as Detective to the Criminal Investigation Department in Vienna. Since 2002, he works as a Digital Investigator and Digital Forensics Expert at the Austrian Criminal Intelligence Service with specialisation in Vehicle Forensics and Automotive IT within the previous six years. His current position is Team Leader of the operative Car Forensics Group, which forms part of the Cybercrime Competence Center.
16:30 - 17:15
Henry Dunant
Workshop title TBD
Martin Pfeiffer, Senior Pre-Sales Manager, Cellebrite

Session description

TBD
16:30 - 17:15
Belvoir Saal
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet

Session description

The presentation deals with the life cycle of Darknet markets. After a short technical introduction, well-known Darknet markets will be discussed, especially their ends. The presentation looks at the economic system in the Darknet and what happens to the community after a marketplace is closed.

Born in Austria in 1970, the lecturer began to work intensively with computers as early as the beginning of the 1980s. In addition to his initial hobby, he began a career in the Austrian police force where he was trained as a detective in the mid-1990s. He looks back on more than 30 years of police experience, 10 years of which he spent in digital forensics, and since 2012 he has been focusing on darknet and crypto currencies. The lecturer is a Master of Science in Business and Cybercrime Control and currently works in the Cybercrime Competence Center of the Austrian Criminal Intelligence Service.
09:10 - 09:45
Belvoir Saal
Quantum Computing from a Cryptography Perspective
Speaker: Prof. Dr. Jonathan Home, ETH

Session description
TBD
09:50 - 10:15
Belvoir Saal
The Mathematics of Cryptography (Introduction)
From Caesar over Enigma to RSA

Speaker: Dominique Walentiny, Forensic Analyst, Ernst & Young

Session description
The Caesar cipher is a very simple method of encryption which is thought to have been used by Julius Caesar. Each letter in the plaintext is replaced by a letter n positions down the alphabet. A disadvantage of symmetric cryptography and thus the Caesar cipher is that the method and key of encryption can likewise be used to decrypt the message again. Asymmetric cryptography, on the other hand, uses pairs of keys with one (public) key being used for encryption and one (private) being used for decryption. This makes it next to impossible to deduce the private key from the public one. It is therefore regarded as one of the biggest advantages of asymmetric cryptography.

In general, it is true that in cryptography, randomness and exponentials, thus very big randomly chosen numbers constitute the foundation of the generation of cryptographic keys. However, understanding RSA and peeking into the depths of cryptography is surprisingly easy when done using small primes and simple mathematics.
10:45 - 11:30
Charles Darwin
Secure Messenger Forensics. Evidence Hide-and-Seek.
Tanya Pankova, Senior Marketing Manager, Oxygen Forensics

Session description
Messengers nowadays are without doubt a primary source of digital evidence storing a tremendous amount of user data including chats, shared files, geo locations, contacts, and many other artifacts. Due to the limitation of the current mobile device extraction methods, sophisticated app encryption and app features that include self-destruct messages and hidden chats getting this valuable evidence has already become a great challenge for investigators.

In this session we will talk a wide range of messengers, like WhatsApp, Viber, Telegram, Facebook, Signal, Wickr Me, Threema, etc. that are popular not only with law-abiding users but also with drug dealers, terrorists, and people sharing sexual abuse images. We will examine their encryption algorithms, secret and hidden chats, and alternative extraction methods from computer and cloud including some methods exclusively available in Oxygen Forensic® Detective software.
10:45 - 11:30
Max Planck
Workshop title TBD
Nuix

Session description
TBD
10:45 - 11:30
Marie Curie
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet

Session description

The presentation deals with the life cycle of Darknet markets. After a short technical introduction, well-known Darknet markets will be discussed, especially their ends. The presentation looks at the economic system in the Darknet and what happens to the community after a marketplace is closed.

Born in Austria in 1970, the lecturer began to work intensively with computers as early as the beginning of the 1980s. In addition to his initial hobby, he began a career in the Austrian police force where he was trained as a detective in the mid-1990s. He looks back on more than 30 years of police experience, 10 years of which he spent in digital forensics, and since 2012 he has been focusing on darknet and crypto currencies. The lecturer is a Master of Science in Business and Cybercrime Control and currently works in the Cybercrime Competence Center of the Austrian Criminal Intelligence Service.
10:45 - 11:30
Henry Dunant
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria

Session description

This session will give a brief introduction to vehicle system forensics, including a short overview of field experience and selected case studies with focus on the value of digital evidence with a view on new challenges for law enforcement agencies.

Horst Reisner, born in 1974 in Eisenstadt/Austria, joined the Viennese Police in 1993 directly after school and military service. On completion of a specialist course in 1999, he was assigned as Detective to the Criminal Investigation Department in Vienna. Since 2002, he works as a Digital Investigator and Digital Forensics Expert at the Austrian Criminal Intelligence Service with specialisation in Vehicle Forensics and Automotive IT within the previous six years. His current position is Team Leader of the operative Car Forensics Group, which forms part of the Cybercrime Competence Center.
10:45 - 11:30
Belvoir Saal
Workshop Speaker 3
Prof. Dr. Jonathan Home, ETH

Session description
TBD
13:00 - 13:45
Charles Darwin
Arina about Freezingdata's Social Network Harvester (SNH)
Réné Sakata, Senior Forensic System Engineer, Arina AG

Session description
TBD
13:00 - 13:45
Max Planck
Workshop title TBD
Workshop Slot Reserved for Our Main Partner

Session description
TBD
13:00 - 13:45
Marie Curie
SQLite Database Analysis, what have you been missing?
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA

Session description
Since their initial introduction in 2007, Smartphones have come to dominate the cellular phone marketplace quickly making feature phones nearly obsolete. This domination is split fairly evenly between two major companies: Google with their Android OS and Apple touting their own iOS. Even though both of these companies are business rivals and their file systems are significantly different, both store a majority of their user data within a data storage container type called SQLite.

SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. Mobile Forensic Analysts can easily leverage this commonality, by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners can then support nearly 99% of the device data they will come across in the majority of their mobile device examinations.

To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in their Google Play Store. At the same time, Apple’s iTunes Store reported over 1.4 Million apps being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a minuscule 0.001% of the total apps be parsed and leaves a 99.999% not be examined. Examining the SQLite databases can vastly increase investigative leads and at times is the only means of data recovery. .
13:00 - 13:45
Henry Dunant
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
13:00 - 13:45
Belvoir Saal
Workshop Speaker 4: How prime numbers keep your encrypted messages safe
Dominique Walentiny, Forensic Analyst, Ernst & Young

Session description
How can you send someone a coded message without having the opportunity to previously share the code with them? In this workshop, we are going to walk through the mathematics behind asymmetric cryptography on the example of RSA (after Ron Rivest, Adi Shamir and Leonard Adleman), which still is the most widely used asymmetric encryption method. When data is sent securely over the internet, it is most often protected by a system like this. Anyone can encrypt, but only the authorized recipient can decrypt.

Starting with two prime numbers and the principle that it is easy to multiply large numbers but rather difficult to factorize them, we are going to manually encrypt and decrypt a message and will walk through the basics of the mathematics behind cryptography: modular arithmetic, Euler's totient function, Fermat’s little theorem, the Chinese remainder theorem, public-key encryption and private-key decryption. In short: We are going to learn how RSA works and why.
14:00 - 14:45
Charles Darwin
Supercharging Nuix with Rampiva
Daniel Boteanu, CEO, Rampiva

Session description
This workshop shows how to leverage advanced Nuix features at scale with Rampiva, by distributing jobs to multiple machines, streaming data into review in small batches, and overseeing dynamic and real-time operational metrics.

Learn how to create a library of workflows capturing all steps and requirements of your processing methodology, including customizations for specific clients or projects.

See how users can collaborate on projects without having to sign onto a session started by another team member and how to use granular access management to control access to sensitive data.
14:00 - 14:45
Max Planck
Workshop title TBD
Workshop Slot Reserved for Our Main Partner

Session description
TBD
14:00 - 14:45
Marie Curie
SQLite Database Analysis, what have you been missing?
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA

Session description
Since their initial introduction in 2007, Smartphones have come to dominate the cellular phone marketplace quickly making feature phones nearly obsolete. This domination is split fairly evenly between two major companies: Google with their Android OS and Apple touting their own iOS. Even though both of these companies are business rivals and their file systems are significantly different, both store a majority of their user data within a data storage container type called SQLite.

SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. Mobile Forensic Analysts can easily leverage this commonality, by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners can then support nearly 99% of the device data they will come across in the majority of their mobile device examinations.

To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in their Google Play Store. At the same time, Apple’s iTunes Store reported over 1.4 Million apps being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a minuscule 0.001% of the total apps be parsed and leaves a 99.999% not be examined. Examining the SQLite databases can vastly increase investigative leads and at times is the only means of data recovery. .
14:00 - 14:45
Henry Dunant
Workshop title TBD
Workshop Slot Reserved for Ernst & Young

Session description
TBD
14:00 - 14:45
Belvoir Saal
Workshop Speaker 4: How prime numbers keep your encrypted messages safe
Dominique Walentiny, Forensic Analyst, Ernst & Young

Session description
How can you send someone a coded message without having the opportunity to previously share the code with them? In this workshop, we are going to walk through the mathematics behind asymmetric cryptography on the example of RSA (after Ron Rivest, Adi Shamir and Leonard Adleman), which still is the most widely used asymmetric encryption method. When data is sent securely over the internet, it is most often protected by a system like this. Anyone can encrypt, but only the authorized recipient can decrypt.

Starting with two prime numbers and the principle that it is easy to multiply large numbers but rather difficult to factorize them, we are going to manually encrypt and decrypt a message and will walk through the basics of the mathematics behind cryptography: modular arithmetic, Euler's totient function, Fermat’s little theorem, the Chinese remainder theorem, public-key encryption and private-key decryption. In short: We are going to learn how RSA works and why.
15:30 - 16:15
Charles Darwin
Addressing the Serious Threat of Cybercrime with Magnet AXIOM Cyber
Marco Klockenkämper, Solution Consultant, Magnet Forensics

Session description
Cybercrime provides its own unique challenges. Every case of fraud, workplace harassment, insider threats, identify theft, data exfiltration, IP theft, network intrusions, malware and ransomware attacks have the potential to devastate not only individuals, but corporations of all sizes. In fact, in 2015, cybercrime cost the world over $ 3 trillion and if current trends continue, it is predicted that by 2021, the cost of cybercrime will be in excess of $ 6 trillion. When cybercrime occurs, it is critical to understand the extent of what was done, how it happened, and who did it.

This presentation will share how Magnet AXIOM Cyber, a new solution, helps digital forensics professionals acquire and examine evidence from computer, mobile, and cloud sources and is purpose-built to address the unique challenges presented by cybercrime. It will also demonstrate the power of AXIOM Cyber, including:

• Creation and deployment of a remote acquisition agent that can connect to and collect evidence from target endpoints
• Collection of evidence from Amazon S3 buckets
• Use of Admin credentials to acquire evidence from a user’s account in E nterprise deployments of Google, Microsoft, and Box as well as Slack
15:30 - 16:15
Max Planck
Workshop title TBD
Relativity

Session description
TBD
15:30 - 16:15
Marie Curie
A Deep Dive into Mobile Forensics, Part I
Kay Stutz, IT Forensic Investigator, Zurich City Police

Session description
Mobile devices are often a key factor in criminal cases. It is impossible for commercial tools to parse everything from smartphones and understand how the data were put on the device.

In this workshop, we will take a look at the publicly available forensic report of Jeff Bezos hacked “iPhone X” and explain in detail what was done wrong and what we can learn from it.

Then, in a Hands-on Lab, you will not only see but also experience what could have done better and how. We go in-depth into artifacts but also look at the whole picture and draw interesting conclusions. .
15:30 - 16:15
Henry Dunant
Workshop title TBD
Black Rainbow

Session description
TBD
15:30 - 16:15
Belvoir Saal
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
16:30 - 17:15
Charles Darwin
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
16:30 - 17:15
Max Planck
Workshop title TBD
Ernst & Young

Session description
TBD
16:30 - 17:15
Marie Curie
A Deep Dive into Mobile Forensics, Part II
Kay Stutz, IT Forensic Investigator, Zurich City Police

Session description
Mobile devices are often a key factor in criminal cases. It is impossible for commercial tools to parse everything from smartphones and understand how the data were put on the device.

In this workshop, we will take a look at the publicly available forensic report of Jeff Bezos hacked “iPhone X” and explain in detail what was done wrong and what we can learn from it.

Then, in a Hands-on Lab, you will not only see but also experience what could have done better and how. We go in-depth into artifacts but also look at the whole picture and draw interesting conclusions. .
16:30 - 17:15
Henry Dunant
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
16:30 - 17:15
Belvoir Saal
Workshop title TBD
WPassware, with a Forensic Expert in Decryption

Session description
TBD





Back to top

Conference Archives
Digital Investigations Conference 2019
Digital Investigations Conference 2018
Digital Investigations Conference 2017
Digital Investigations Conference 2016
Digital Investigations Conference 2015
Digital Investigations Conference 2014