Conference Program

Monday, May 12th, 2014

Time	Presentation / Description	Speaker
12:00	Registration and Welcome Coffee
13:00	Welcome	General Chair Rainer Böhme (Westfälische Wilhelms-Universität Münster, Institut für Wirtschaftsinformatik, Germany)
13:15	Challenges of Coordinated Linux and Android Intrusions Coordinated attacks against Linux/Android systems Advances in Linux/Android malware Convergence of Linux/Android threats Forensics and security implications	Keynote Eoghan Casey (CASEITE, USA)
14:15	Coffee Break
14:45	The humming hum: background noise as a carrier of ENF artifacts in mobile device audio recordings	Niklas Fechner and Matthias Kirchner (Westfälische Wilhelms-Universität Münster, Germany)
15:30	AFAUC - anti-forensics of storage devices by alternative use of communication channels	Harald Baier (Hochschule Darmstadt/CASED, Germany) Julian Knauer (Ernst & Young, Germany)
16:15	Coffee Break
16:45	Capacity Building for Computer Emergency Response Teams Definition of baseline capabilities for national / governmental CERTs Capacity building for CERT via good practice sharing and training Support the fight against cybercrime by facilitating CERT-LEA cooperation Community building for operational information sharing	Invited Talk Marco Thorbruegge (ENISA, EU)
17:45	Wrap-Up	Moderated by Felix Freiling / Holger Morgenstern (Program Chairs)
18:15/18:30	Social Events 1) Dinner at the restaurant Grosser Kiepenkerl, Spiekerhof 45, 48143 Münster, Germany - about 800 meters walking distance from the conference hotel. (Meeting point in front of the hotel at 18:15.) 2) Afterwards at 21:00, a guided tour through the Old Town of Münster (90min) is planned (Nachtwächter-Rundgang / Night Watchman Tour) - Details to come.

Tuesday, May 13th, 2014

Time	Presentation / Description	Speaker
09:00	Registration and Welcome Coffee
09:30	Incident Response in Times of Cholera Rules for incident response - and forensic related to incidents - have changed Incident response is helping victims of unintended consequences, but there are unintended consequences for incident response and forensic as well The future will bring new systems and systems of systems we will have difficulties to handle both from a response as well as a forensic perspective	Key Note Klaus-Peter Kossakowski (Trusted Introducer, Germany)
10:30	Coffee Break
11:00	Information Security Incident Management: Identified Practice in Large Organizations	Cathrine Hove, Marte Tårnes, Maria B. Line (NTNU, Norway) Karin Bernsmed (SINTEF/NTNU, Norway)
11:45	Information security incident management: Planning for failure	Maria B. Line (NTNU/SINTEF, Norway), Inger Anne Tøndel Martin G. Jaatun (SINTEF, Norway)
12:30	Lunch
13:30	Current Challenges in Multimedia Forensics Imperfections at the interface between analogue and digital signals Forensic methods for image, video and audio data Radio fingerprinting of GSM devices	Invited Talk Thomas Gloe (dence, Germany)
14:30	Coffee Break
15:00	Post-Mortem Memory Analysis of Cold-Booted Android Devices	Christian Hilgers, Holger Macht, Tilo Müller (Friedrich-Alexander-University, Germany) Michael Spreitzenbarth (Siemens CERT, Germany)
15:45	Assuming a state of compromise. A best practise approach for SMEs on incident response management	Ralph Noll, Alexander Harsch and Steffen Idler (PricewaterhouseCoopers, Germany)
16:30	A model for types of internet-based communication (short talk)	Robert Altschaffel, Christian Krätzer, Jana Dittmann and Stefan Kiltz (Otto-von-Guericke-Universität Magdeburg, Germany)
17:00	Wrap-Up	Moderated by Oliver Göbel (RUS-CERT, Universität Stuttgart, Germany)
17:15	End of Day Two

Wednesday, May 14th, 2014 - WORKSHOP DAY

Time	Presentation / Description	Organisation
08:30	Welcome Coffee
09:00-09:45	Workshop Android App for First Response According to ISO/IEC 27037 ISO/IEC 27037 describes the steps that IT staff should follow in a first response. The developed app guides first responders through that process, documents the process (including fotos of the location) and generates a report.	Philipp Heischkamp and Fabian Adolphs (Aachen University of Applied Sciences, Germany)
10:00-10:45	Workshop Dynamic Correlation of Digital Forensics Reports The Direct Report Correlation Tool (DIRECT) is a research prototype that correlates data of different forensic reports. The demo will present the latest extensions to the tool: interactive normalization and model-object generation for forensic artifacts.	Christoph Beckmeyer (Aachen University of Applied Sciences, Germany)
11:00-12:00	Workshop Digital Forensics of RAM Images Using VOLIX II "Volatility Interface and Extensions" (VOLIX) is a tool that provides better usability and additional functionality for the Volatility command line tool. One example is the automatic check of extracted processes using Virustotal. The latest version of the tool (VOLIX II) further improves the ease of use (better guidance of investigators) and includes help and reporting functions.	Patrick Bock (Aachen University of Applied Sciences, Germany)
Parallel Session
09:00-11:30	Workshop Finding abandoned data in SQLite databases Creating a new SQLlite database based on the freepages in SQLite databases.	Martin Westmann (Micro Systemation, Sweden)
12:00	Lunch
13:00-14:20	Workshop (for (ISC)² Members without fee*) Legal and Ethical Principles Nature of Evidence Chain of Custody Rules of Procedure Role of Expert Witness Codes of Ethics	Graham Thornburrow-Dobson (ISC)²
14:40-16:00	Workshop (for (ISC)² Members without fee*) Emerging and Hybrid Technologies Cloud Forensics Social Networks Big Data Paradigm Control Systems Critical Infrastructure Virtual/Augmented Reality	Graham Thornburrow-Dobson (ISC)²

* If you are a (ISC)² member, there will be no fee if you want to participate in this workshop only. If you want to visit other workshops on that day as well, the regular fees apply - Conference Fee and Registration.

The conference would qualify for CPE hours for ISACA certifications (CISA, CISM, CRISC an CGEIT) and (ISC)² certification CISSP. Participants can earn up to 18 CPE for continuing their professional education.