POSTPONED TO 2021!


Please note that this agenda corresponds to what was planned for 2020.
As far as possible, we try to keep the program as it is for next year,
including the theme for our four-part keynote series, cryptography.

Even so, please note that it can be subject to changes. Thank you.

Please choose your conference day:

Agenda, 17 June 2020




Show previous Conferences



From 11:15 Door Opening and Registration
11:30 13:00 Lunch (included)
[Foyer/Bankett Saal]
13:00 13:15 Welcome by Markus Mosca, CEO Arina AG
[Belvoir Saal]
13:15 14:00 Speaker 1: Key Concepts of Cryptography [TBD]
[Belvoir Saal]
14:00 14:30 Speaker 2: Cryptography from a Mobile Forensics Perspective [TBD]
[Belvoir Saal]
14:30 15:30 Extended Coffee Break
[Foyer/Bankett Saal]
LAB TRACK
[Charles Darwin]
eDISCOVERY & LEGAL TRACK
[Max Planck]
GOVERNMENTS ONLY TRACK
[Marie Curie]
DIGITAL FORENSICS
& CYBER TRACK
[Henry Dunant]
KEYNOTE TRACK
[Belvoir Saal]
15:30 16:15 KAPE
Nickolas B. Savage
eDiscovery in Office 365
Lighthouse
Workshop TBD
FEDPOL
Workshop TBD
OpenText
Workshop Speaker 2
TBD
16:30 17:15 Arina about Nuix
Yvo Hangartner, Senior Forensic System Engineer, Arina AG
Workshop TBD
Slot Reserved for Our Main Conference Partner
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria
Digital Intelligence Solutions for Efficient Investigations and a Safer World
Jens Reumschüssel, Sales Manager EMEA 2, Cellebrite
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet
17:15 18:00 Networking Happy Hour
sponsored by Ernst & Young

18:00 21:00 BBQ Dinner Party (included)
ENJOY!




Agenda, 18 June 2020





From 07:45 Door Opening and Registration
08:00 09:00 Networking Breakfast (included)
[Foyer/Bankett Saal]
09:00 09:10 Welcome by Markus Mosca, CEO Arina AG
[Belvoir Saal]
09:10 09:45 Speaker 3: Quantum Computing from a Cryptography Perspective
Prof. Dr. Jonathan Home, Expert in Quantum Computing, ETH Zurich
[Belvoir Saal]
09:50 10:15 Speaker 4: The Mathematics of Cryptography (Introduction)
From Caesar over Enigma to RSA

Dominique Walentiny, Forensic Analyst, Ernst & Young
[Belvoir Saal]
10:15 10:45 Coffee Break
[Foyer/Bankett Saal]
LAB TRACK
[Charles Darwin]
eDISCOVERY & LEGAL TRACK
[Max Planck]
GOVERNMENTS ONLY TRACK
[Marie Curie]
DIGITAL FORENSICS
& CYBER TRACK
[Henry Dunant]
KEYNOTE TRACK
[Belvoir Saal]
10:45 11:30 Secure Messenger Forensics. Evidence Hide-and-Seek.
Tanya Pankova, Senior Marketing Manager, Oxygen Forensics
NUIX Forensic Technology & eDiscovery Update
Andy Ward, Head of eDiscovery EMEA and Andreas Kleinert, Director PreSales DACH, Nuix
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria
Workshop Speaker 3: Open Discussion of Topics Covered in His Keynote
Prof. Dr. Jonathan Home, ETH Zurich
11:30 13:00 Lunch (included)
[Foyer/Bankett Saal]
13:00 13:45 Arina about Freezingdata's Social Network Harvester (SNH)
Réné Sakata, Senior Forensic System Engineer, Arina AG
Workshop title TBD
Slot Reserved for Our Main Conference Partner
SQLite Database Analysis, what have you been missing? Part I
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA
Workshop title TBD
Workshop Instructor TBD
Workshop Speaker 4: How prime numbers keep your encrypted messages safe
Dominique Walentiny, Forensic Analyst, Ernst & Young
14:00 14:45 Supercharging Nuix with Rampiva
Daniel Boteanu, CEO, Rampiva
Workshop TBD
RevealData
SQLite Database Analysis, what have you been missing? Part II
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA
Workshop title TBD
Slot Reserved for Ernst & Young
Workshop title TBD
Slot Reserved for Our Main Conference Partner
14:45 15:30 Coffee Break
[Foyer/Bankett Saal]
15:30 16:15 Addressing the Serious Threat of Cybercrime with Magnet AXIOM Cyber
Marco Klockenkämper, Solution Consultant, Magnet Forensics
Workshop title TBD
Relativity
A Deep Dive into Mobile Forensics, Part I
Kay Stutz, IT Forensic Investigator, Zurich City Police
Workshop title TBD
Black Rainbow
Workshop title TBD
Workshop Instructor TBD
16:30 17:15 Workshop title TBD
Workshop Instructor TBD
Workshop title TBD
Slot Reserved for Ernst & Young
A Deep Dive into Mobile Forensics, Part II
Kay Stutz, IT Forensic Investigator, Zurich City Police
Workshop title TBD
Workshop Instructor TBD
Workshop title TBD
Passware, with a Forensic Expert in Decryption
17:15 End of DIC 2020
Safe travels and see you next year!


Description
13:15 - 14:00
Belvoir Saal
Key Concepts of Cryptography
Speaker 1: TBD

Session description
TBD
14:00 - 14:30
Belvoir Saal
Cryptography from a Mobile Forensics Perspective
Speaker: TBD

Session description
TBD
15:30 - 16:15
Charles Darwin
KAPE
Nickolas B. Savage

Session description
TBD
15:30 - 16:15
Max Planck
eDiscovery in Office 365
Lighthouse

Session description
TBD
15:30 - 16:15
Marie Curie
Workshop title TBD
FEDPOL

Session description
TBD
15:30 - 16:15
Henry Dunant
Workshop title TBD
Opentext

Session description
TBD
15:30 - 16:15
Belvoir Saal
Workshop title TBD
Keynote Speaker 2

Session description
TBD
16:30 - 17:15
Charles Darwin
Arina about Nuix
Yvo Hangartner, Senior Forensic System Engineer, Arina AG

Session description
TBD
16:30 - 17:15
Max Planck
Workshop title TBD
Workshop Slot Reserved for Our Main Conference Partner

Session description
TBD
16:30 - 17:15
Marie Curie
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria

Session description

This session will give a brief introduction to vehicle system forensics, including a short overview of field experience and selected case studies with focus on the value of digital evidence with a view on new challenges for law enforcement agencies.

Horst Reisner, born in 1974 in Eisenstadt/Austria, joined the Viennese Police in 1993 directly after school and military service. On completion of a specialist course in 1999, he was assigned as Detective to the Criminal Investigation Department in Vienna. Since 2002, he works as a Digital Investigator and Digital Forensics Expert at the Austrian Criminal Intelligence Service with specialisation in Vehicle Forensics and Automotive IT within the previous six years. His current position is Team Leader of the operative Car Forensics Group, which forms part of the Cybercrime Competence Center.
16:30 - 17:15
Henry Dunant
Digital Intelligence Solutions for Efficient Investigations and a Safer World
Jens Reumschüssel, Sales Manager EMEA 2, Cellebrite

Session description

The world has changed; today we live in a digital world where countless devices generate massive amounts of data - and equal amounts of potential evidence. Organizations are not always able to harness these digital data to its fullest potential, due to restrictions in processes and procedures.
Cellebrite provides a complete solution portfolio for a comprehensive digital intelligence strategy to help organizations bridging the technological and resource gap and to meet the demands of modern-day investigations.

Cellebrite’s DI Platform empowers agencies to access, manage and leverage digital data to its fullest potential, quickly yielding actionable intelligence that moves investigations forward. The platform seamlessly integrates with existing infrastructures. This allows agencies to make command decisions more efficiently, and better protect their communities.

During the session you will get an overview about the solutions portfolio, starting from data examination to case management - and you will see a Life demo of the Analytics Enterprise solution, how to find relevant evidences in the big data from multiple sources in shortest time.
16:30 - 17:15
Belvoir Saal
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet

Session description

The presentation deals with the life cycle of Darknet markets. After a short technical introduction, well-known Darknet markets will be discussed, especially their ends. The presentation looks at the economic system in the Darknet and what happens to the community after a marketplace is closed.

Born in Austria in 1970, the lecturer began to work intensively with computers as early as the beginning of the 1980s. In addition to his initial hobby, he began a career in the Austrian police force where he was trained as a detective in the mid-1990s. He looks back on more than 30 years of police experience, 10 years of which he spent in digital forensics, and since 2012 he has been focusing on darknet and crypto currencies. The lecturer is a Master of Science in Business and Cybercrime Control and currently works in the Cybercrime Competence Center of the Austrian Criminal Intelligence Service.
09:10 - 09:45
Belvoir Saal
Quantum Computing from a Cryptography Perspective
Speaker: Prof. Dr. Jonathan Home, Expert in Quantum Computing, ETH Zurich

Session description
Prof. Dr. Jonathan Home will give an overview of the ways in which the control of individual quantum systems affect security. An ongoing quest in physics is to build quantum computers, which utilize the rules of quantum mechanics to perform tasks that no classical computer could finish. Among these are known tasks which have implications for cryptography, such as the ability to efficiently find prime factors to large numbers. I will outline the state of the art of these systems today, and the path to realizing devices which impact cryptography or other areas. Meanwhile, a property of quantum systems, that they cannot be copied, results in the possibility to have cryptography which is guaranteed by the rules of physics rather than mathematics. Devices of this kind are on the market today, although rates and distances of communication are limited. Nevertheless, these two technologies could have a disruptive role in the future of secure communication. Following an overview of these areas, Prof. Dr. Jonathan Home will open the floor to a discussion of these topics in his workshop from 10:45 - 11:30, Belvoir Saal.

Jonathan Home was born in 1979 in Newcastle upon Tyne, United Kingdom. He holds a PhD from Oxford, and then won a Lindemann Fellowship to work at NIST Boulder, USA. He founded a research group as an Assistant Professor at ETH Zürich in 2010, and was promoted to Full Professor in 2019. Jonathan has performed pioneering demonstrations of elementary building blocks for quantum error correction, an essential component for future quantum computers. He has been awarded multiple prizes, including the Landauer-Bennett award in Quantum Computing from the American Physical Society, the ETH Zürich Latsis prize and a TED fellowship.
09:50 - 10:15
Belvoir Saal
The Mathematics of Cryptography (Introduction)
From Caesar over Enigma to RSA

Speaker: Dominique Walentiny, Forensic Analyst, Ernst & Young

Session description
The Caesar cipher is a very simple method of encryption which is thought to have been used by Julius Caesar. Each letter in the plaintext is replaced by a letter n positions down the alphabet. A disadvantage of symmetric cryptography and thus the Caesar cipher is that the method and key of encryption can likewise be used to decrypt the message again. Asymmetric cryptography, on the other hand, uses pairs of keys with one (public) key being used for encryption and one (private) being used for decryption. This makes it next to impossible to deduce the private key from the public one. It is therefore regarded as one of the biggest advantages of asymmetric cryptography.

In general, it is true that in cryptography, randomness and exponentials, thus very big randomly chosen numbers constitute the foundation of the generation of cryptographic keys. However, understanding RSA and peeking into the depths of cryptography is surprisingly easy when done using small primes and simple mathematics.
10:45 - 11:30
Charles Darwin
Secure Messenger Forensics. Evidence Hide-and-Seek.
Tanya Pankova, Senior Marketing Manager, Oxygen Forensics

Session description
Messengers nowadays are without doubt a primary source of digital evidence storing a tremendous amount of user data including chats, shared files, geo locations, contacts, and many other artifacts. Due to the limitation of the current mobile device extraction methods, sophisticated app encryption and app features that include self-destruct messages and hidden chats getting this valuable evidence has already become a great challenge for investigators.

In this session we will talk a wide range of messengers, like WhatsApp, Viber, Telegram, Facebook, Signal, Wickr Me, Threema, etc. that are popular not only with law-abiding users but also with drug dealers, terrorists, and people sharing sexual abuse images. We will examine their encryption algorithms, secret and hidden chats, and alternative extraction methods from computer and cloud including some methods exclusively available in Oxygen Forensic® Detective software.
10:45 - 11:30
Max Planck
NUIX Forensic Technology & eDiscovery Update
Andy Ward, Head of eDiscovery EMEA and Andreas Kleinert, Director PreSales DACH, Nuix

Session description
• Current technical trends in the area of forensic Research & Analysis Platforms • Update on Best Practices in end-to-end processing of forensic data from Collection to Review • Practical approaches for increasing scalability on huge data volumes • Comparison of new Cloud-based SaaS vs. classical on-premise models • New Developments in the area of Mobile Data Forensics and Workflow Automation • Corresponding Case-studies and Use Cases
10:45 - 11:30
Marie Curie
The Life and Death of Darknet Markets
Andreas Dengg, Criminal Investigator with BMI Austria, specialised in Cybercrime and Darknet

Session description

The presentation deals with the life cycle of Darknet markets. After a short technical introduction, well-known Darknet markets will be discussed, especially their ends. The presentation looks at the economic system in the Darknet and what happens to the community after a marketplace is closed.

Born in Austria in 1970, the lecturer began to work intensively with computers as early as the beginning of the 1980s. In addition to his initial hobby, he began a career in the Austrian police force where he was trained as a detective in the mid-1990s. He looks back on more than 30 years of police experience, 10 years of which he spent in digital forensics, and since 2012 he has been focusing on darknet and crypto currencies. The lecturer is a Master of Science in Business and Cybercrime Control and currently works in the Cybercrime Competence Center of the Austrian Criminal Intelligence Service.
10:45 - 11:30
Henry Dunant
Vehicle Forensics – Traces & Digital Evidence
Horst Reisner, Chief Investigator Car Forensics & Automotive IT, BMI Austria

Session description

This session will give a brief introduction to vehicle system forensics, including a short overview of field experience and selected case studies with focus on the value of digital evidence with a view on new challenges for law enforcement agencies.

Horst Reisner, born in 1974 in Eisenstadt/Austria, joined the Viennese Police in 1993 directly after school and military service. On completion of a specialist course in 1999, he was assigned as Detective to the Criminal Investigation Department in Vienna. Since 2002, he works as a Digital Investigator and Digital Forensics Expert at the Austrian Criminal Intelligence Service with specialisation in Vehicle Forensics and Automotive IT within the previous six years. His current position is Team Leader of the operative Car Forensics Group, which forms part of the Cybercrime Competence Center.
10:45 - 11:30
Belvoir Saal
Workshop Speaker 3: Open Discussion about Topics Covered in His Keynote
Prof. Dr. Jonathan Home, ETH Zurich

Session description
Following the overview of the ways in which the control of individual quantum systems affect security, Prof. Dr. Jonathan Home will open the floor to a discussion of these topics in his workshop.

Jonathan Home was born in 1979 in Newcastle upon Tyne, United Kingdom. He holds a PhD from Oxford, and then won a Lindemann Fellowship to work at NIST Boulder, USA. He founded a research group as an Assistant Professor at ETH Zürich in 2010, and was promoted to Full Professor in 2019. Jonathan has performed pioneering demonstrations of elementary building blocks for quantum error correction, an essential component for future quantum computers. He has been awarded multiple prizes, including the Landauer-Bennett award in Quantum Computing from the American Physical Society, the ETH Zürich Latsis prize and a TED fellowship.
13:00 - 13:45
Charles Darwin
Arina about Freezingdata's Social Network Harvester (SNH)
Réné Sakata, Senior Forensic System Engineer, Arina AG

Session description
TBD
13:00 - 13:45
Max Planck
Workshop title TBD
Workshop Slot Reserved for Our Main Conference Partner

Session description
TBD
13:00 - 13:45
Marie Curie
SQLite Database Analysis, what have you been missing?
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA

Session description
Since their initial introduction in 2007, Smartphones have come to dominate the cellular phone marketplace quickly making feature phones nearly obsolete. This domination is split fairly evenly between two major companies: Google with their Android OS and Apple touting their own iOS. Even though both of these companies are business rivals and their file systems are significantly different, both store a majority of their user data within a data storage container type called SQLite.

SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. Mobile Forensic Analysts can easily leverage this commonality, by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners can then support nearly 99% of the device data they will come across in the majority of their mobile device examinations.

To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in their Google Play Store. At the same time, Apple’s iTunes Store reported over 1.4 Million apps being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a minuscule 0.001% of the total apps be parsed and leaves a 99.999% not be examined. Examining the SQLite databases can vastly increase investigative leads and at times is the only means of data recovery. .
13:00 - 13:45
Henry Dunant
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
13:00 - 13:45
Belvoir Saal
Workshop Speaker 4: How prime numbers keep your encrypted messages safe
Dominique Walentiny, Forensic Analyst, Ernst & Young

Session description
How can you send someone a coded message without having the opportunity to previously share the code with them? In this workshop, we are going to walk through the mathematics behind asymmetric cryptography on the example of RSA (after Ron Rivest, Adi Shamir and Leonard Adleman), which still is the most widely used asymmetric encryption method. When data is sent securely over the internet, it is most often protected by a system like this. Anyone can encrypt, but only the authorized recipient can decrypt.

Starting with two prime numbers and the principle that it is easy to multiply large numbers but rather difficult to factorize them, we are going to manually encrypt and decrypt a message and will walk through the basics of the mathematics behind cryptography: modular arithmetic, Euler's totient function, Fermat’s little theorem, the Chinese remainder theorem, public-key encryption and private-key decryption. In short: We are going to learn how RSA works and why.
14:00 - 14:45
Charles Darwin
Supercharging Nuix with Rampiva
Daniel Boteanu, CEO, Rampiva

Session description
This workshop shows how to leverage advanced Nuix features at scale with Rampiva, by distributing jobs to multiple machines, streaming data into review in small batches, and overseeing dynamic and real-time operational metrics.

Learn how to create a library of workflows capturing all steps and requirements of your processing methodology, including customizations for specific clients or projects.

See how users can collaborate on projects without having to sign onto a session started by another team member and how to use granular access management to control access to sensitive data.
14:00 - 14:45
Max Planck
Workshop title TBD
RevealData

Session description
TBD
14:00 - 14:45
Marie Curie
SQLite Database Analysis, what have you been missing?
Nolan Tracy, Digital Forensic Instructor, Teel Technologies Canada/USA

Session description
Since their initial introduction in 2007, Smartphones have come to dominate the cellular phone marketplace quickly making feature phones nearly obsolete. This domination is split fairly evenly between two major companies: Google with their Android OS and Apple touting their own iOS. Even though both of these companies are business rivals and their file systems are significantly different, both store a majority of their user data within a data storage container type called SQLite.

SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. Mobile Forensic Analysts can easily leverage this commonality, by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners can then support nearly 99% of the device data they will come across in the majority of their mobile device examinations.

To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in their Google Play Store. At the same time, Apple’s iTunes Store reported over 1.4 Million apps being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a minuscule 0.001% of the total apps be parsed and leaves a 99.999% not be examined. Examining the SQLite databases can vastly increase investigative leads and at times is the only means of data recovery. .
14:00 - 14:45
Henry Dunant
Workshop title TBD
Workshop Slot Reserved for Ernst & Young

Session description
TBD
14:00 - 14:45
Belvoir Saal
Workshop title TBD
Workshop Slot Reserved for Our Main Conference Partner

Session description
TBD
15:30 - 16:15
Charles Darwin
Addressing the Serious Threat of Cybercrime with Magnet AXIOM Cyber
Marco Klockenkämper, Solution Consultant, Magnet Forensics

Session description
Cybercrime provides its own unique challenges. Every case of fraud, workplace harassment, insider threats, identify theft, data exfiltration, IP theft, network intrusions, malware and ransomware attacks have the potential to devastate not only individuals, but corporations of all sizes. In fact, in 2015, cybercrime cost the world over $ 3 trillion and if current trends continue, it is predicted that by 2021, the cost of cybercrime will be in excess of $ 6 trillion. When cybercrime occurs, it is critical to understand the extent of what was done, how it happened, and who did it.

This presentation will share how Magnet AXIOM Cyber, a new solution, helps digital forensics professionals acquire and examine evidence from computer, mobile, and cloud sources and is purpose-built to address the unique challenges presented by cybercrime. It will also demonstrate the power of AXIOM Cyber, including:

• Creation and deployment of a remote acquisition agent that can connect to and collect evidence from target endpoints
• Collection of evidence from Amazon S3 buckets
• Use of Admin credentials to acquire evidence from a user’s account in E nterprise deployments of Google, Microsoft, and Box as well as Slack
15:30 - 16:15
Max Planck
Workshop title TBD
Relativity

Session description
TBD
15:30 - 16:15
Marie Curie
A Deep Dive into Mobile Forensics, Part I
Kay Stutz, IT Forensic Investigator, Zurich City Police

Session description
Mobile devices are often a key factor in criminal cases. It is impossible for commercial tools to parse everything from smartphones and understand how the data were put on the device.

In this workshop, we will take a look at the publicly available forensic report of Jeff Bezos hacked “iPhone X” and explain in detail what was done wrong and what we can learn from it.

Then, in a Hands-on Lab, you will not only see but also experience what could have done better and how. We go in-depth into artifacts but also look at the whole picture and draw interesting conclusions. .
15:30 - 16:15
Henry Dunant
Workshop title TBD
Black Rainbow

Session description
TBD
15:30 - 16:15
Belvoir Saal
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
16:30 - 17:15
Charles Darwin
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
16:30 - 17:15
Max Planck
Workshop title TBD
Ernst & Young

Session description
TBD
16:30 - 17:15
Marie Curie
A Deep Dive into Mobile Forensics, Part II
Kay Stutz, IT Forensic Investigator, Zurich City Police

Session description
Mobile devices are often a key factor in criminal cases. It is impossible for commercial tools to parse everything from smartphones and understand how the data were put on the device.

In this workshop, we will take a look at the publicly available forensic report of Jeff Bezos hacked “iPhone X” and explain in detail what was done wrong and what we can learn from it.

Then, in a Hands-on Lab, you will not only see but also experience what could have done better and how. We go in-depth into artifacts but also look at the whole picture and draw interesting conclusions. .
16:30 - 17:15
Henry Dunant
Workshop title TBD
Workshop Instructor TBD

Session description
TBD
16:30 - 17:15
Belvoir Saal
Workshop title TBD
Passware, with a Forensic Expert in Decryption

Session description
TBD





Back to top

Conference Archives
Digital Investigations Conference 2019
Digital Investigations Conference 2018
Digital Investigations Conference 2017
Digital Investigations Conference 2016
Digital Investigations Conference 2015
Digital Investigations Conference 2014