4th International Conference on
IT Incident Management & IT Forensics

CONFERENCE PROGRAM

Tuesday, 23. September 2008
Time		Presentation	Download	Speaker
10:00		Registration/Coffee
10:30		Greeting and Introduction
10:45		Key Note: Investigations and Prosecution in cases of Computer Crime – Overview of the National and International situation		Fred-Mario Silberbach, Federal Criminal Police Office (BKA)
11:30		A Forensic Computing Framework to fit any Legal System		Steven W. Wood,  ALSTE Technologies GmbH, Germany
12:15		Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Environments		Thomas Richard McEvoy and Stephen Wolthusen Royal Holloway, University of London
13:00		Lunch
14:00		File Type Analysis Using Signal Processing Techniques and Machine Learning vs. file Unix Utility for Forensic Analysis		Serguei Mokhov, Concordia University Montreal, Canada
14:45		- cancelled -		- cancelled -
15:30		Break
16:00		Live Forensic Acquisition as Alternative to Traditional Forensic Processes		Marthie Lessing, Council for Scientific and Industrial Research, South Africa
16:45		Key Note: Network Infrastructure Forensics		Felix Lindner, Recurity Labs GmbH, Germany
17:30		FG-SIDAR meeting		Michael Meier, University of Dortmund, Germany Chair of FG-SIDAR
18:00		End of day 1
19:00		Social event
Wednesday, 24. September 2008
Time		Presentation		Speaker
09:30		Coffee
10:00		Greeting and Introduction
10:15		Key Note: New Challenges for IT-Security Research in ICT		Udo Helmbrecht, President of Federal Office for Information Security (BSI)
11:00		Panel discussion: Challenges and interest conflicts in forensic investigations		discussion with: Udo Helmbrecht, President of Federal Office for Information Security (BSI) Klaus Brunnstein, University of Hamburg Felix Freiling, University of Mannheim, Germany Henrik Becker, Germany Moderation: Dirk Schadt, SPOT Consulting, Germany
11:45		Reconstructing People's Lives: A Case Study in Teaching Forensic Computing		Felix Freiling, Thorsten Holz and Martin Mink University of Mannheim, Germany
12:30		Lunch
13:30		Network Forensics of Partial SSL/TLS Encrypted Traffic Classification Using Clustering Algorithms		Meng-Da Wu and Stephen D.Wolthusen Royal Holloway, University of London
14:15		Building a state tracing Linux Kernel		Chakravarthy Gundabattula and Vinay G Vaidya, Symbiosis Deemed University, Pune, India
15:00		Break
15:30		Formally Specifying Operational Semantics and Language Constructs of Forensic Lucid		Serguei Mokhov, Concordia University Montreal, Canada
16:00		Rump Session		Moderation: Felix Freiling, University of Mannheim, Germany
17:00		Conclusion
17:15		End of day 2
Thursday, 25. September 2008 - Workshop Day
Time		Presentation   workshops are partly being held in german		Speaker
09:15		Greeting and Introduction
09:30		Leveraging EnCase for the Enterprise and Memory Analysis		Steven W. Wood,  ALSTE Technologies GmbH, Germany
11:00		Break
11:30		IT-Security, System- and Personnel Data Protection Auditing in a governmental sector Best Practice for Logging, Analyzing and Reporting		Volker Kozok, Federal Ministry of Defense
13:00		Lunch
14:00		Best Practices - Internet Auditing		Andreas Rohr, Federal Ministry of Defense
14:45		Incident Management - Legal Aspects (International view on Computer Law, Penal Code and IT-Law with Case-Studies)		Volker Kozok, Federal Ministry of Defense
15:30		Incident Management - Rechtliche Aspekte (Arbeits- und disziplinarrechtliche Folgen, Rechtsfolgen für IT-SiBe und Auditoren, Zusammenarbeit mit Rechtsanwälten, Rechtsnormen im Zusammenhang mit Incident Management, Fallbeispiele)		Volker Kozok, Bundesministerium der Verteidigung
16:15		IT-Forensik Praxisbeispiele, Werkzeuge, Murphys Law		Frank Gärtner, Streitkräfteamt
17:00		Conclusion
17:15		End of day 3

presentations will be available after the conference

Imprint / Impressum