IMF 2018

11th International Conference on
IT Security Incident Management & IT Forensics

May 7th - 9th, 2018
Hamburg, Germany

Conference of SIG SIDAR
of the German Informatics Society (GI).

Call for Papers

Conference Background

Since 2003, IMF has established itself as one of the premier venues for presenting research on IT security incident response and management and IT forensics. While the first IMF conference was organized to establish a research forum for German speaking researchers and practitioners from the field, it soon became an international conference attracting many experts across Europe. 2018 being the 11th Conference, it is also an important mile stone in bringing the two worlds of IT security incident response and management and forensics together.
IMF provides an informal collaborative environment each year that bring together leading researchers, practitioners, industry, tool developers, academics, law enforcement, and other government bodies from around the globe to tackle current and emerging challenges in their fields.
Accepted papers will be published by Conference Publishing Services and submitted to the IEEE Xplore Digital Library. Each participant of the conference will receive a printed copy.

Possibilities to contribute:

In recent years, IMF conferences have added practitioner presentations and hands-on tutorials/workshops taught by leading experts in the fields. Presentations are opportunities for industry researchers and practitioners who do not have the time to write a paper, but who have information and experiences that would be of interest to attendees.
Presentation proposals undergo a reviewing process to filter out sales pitches and ensure the topic is relevant to our audience.
We invite original contributions as research papers, non-research practitioner presentations, tutorials/workshops, panels, demos, and posters on the following topics in digital forensics and IT security incident response and management

Conference Topics

The scope of IMF 2018 is broad and includes, but is not limited to the following areas:

IT Security Incident Management

  • Incident management standardization, metrics and life cycle
  • Incident management formats and protocols
  • Incident response and/or Vulnerability response workflows, procedures and tools
  • Incident analysis including live analysis
  • Research in incident management and related processes
  • Development of tools supporting incident management processes
  • Exchange of cyber threat intelligence
  • Sharing of data/information about threats, attacks, incidents, etc.
  • Setup of cyber defense entities including but not limited to: CSIRTs, PSIRTs, ISACs, SOCs and any other organization specialising in (some) IT security incident management processes
  • Maturity of such cyber defense entities
  • Warning of large scale communities about upcoming threats or detected vulnerabilities
  • Ensuring situational awareness and early warning
  • Mandatory vs. discretionary attack / incident / vulnerability reporting
  • Non-traditional incident management scenarios and approaches (e.g. vehicles, control systems, and SCADA)

IT Forensics

  • "Big data" approaches to forensics, including data collection, data mining, and large scale visualization
  • Research and development of tools supporting digital forensics
  • Digital forensic laboratories and other organizations specialising in digital forensic science
  • Addressing forensic challenges of systems-on-a-chip
  • Anti-forensics and anti-anti-forensics
  • Bridging the gap between analog and digital traces/evidence/investigators
  • Case studies and trend reports
  • Data hiding and discovery
  • Data recovery and reconstruction
  • Database forensics
  • Digital evidence and the law
  • Digital evidence storage and preservation
  • Event reconstruction methods and tools
  • Impact of digital forensics on forensic science
  • Interpersonal communications and social network analysis
  • Malware and targeted attacks: analysis, attribution
  • Memory analysis and snapshot acquisition
  • Mobile and embedded device forensics
  • Multimedia forensic analysis
  • Network and distributed system forensics
  • Non-traditional forensic scenarios and approaches (e.g. vehicles, control systems, and SCADA)
  • Storage forensics, including file system and Flash
  • Tool testing and development
  • Triage, prioritization, automation: efficiently processing large amounts of data in digital forensics
  • Typology of digital traces
  • Virtualized environment forensics, with specific attention to the cloud and virtual machine introspection

The above list is only suggestive. We welcome new, original ideas from people in academia, industry, government, and law enforcement who are interested in sharing their results, knowledge, and experience. Authors are encouraged to demonstrate the applicability of their work to practical issues. Questions about submission topics can be sent via email to pc-chair [at] imf-conference org. Please address general queries about IMF to 2018 [at] imf-conference org.

Submission Details

IMF invites to submit full papers, presenting novel and mature research results, as well as practice papers, describing best practices, case studies or lessons learned. The maximum paper length for full papers is 20 pages, including the bibliography and well-marked appendices. Short papers for reporting early research results or best practice approaches are limited to 5 pages. Proposals for workshops, discussions and presentations on practical methods and challenges are also welcome.
Research papers and presentation proposals must be submitted through the EasyChair site at
Tutorial/workshop proposals must be emailed to pc-chair
Submission guidelines can be found at
All submissions must be written in English language (see below) and submitted either in postscript or PDF format. Submissions must be anonymized. Authors of accepted papers must ensure that their papers will be presented at the conference. Submitted full papers must not substantially overlap papers that have been published elsewhere or that are simultaneously submitted to a journal or a conference with proceedings.
All submissions will be reviewed by the program committee and papers accepted for presentation at the conference will be included in the conference proceedings.
Send any questions about research paper / presentation proposal submissions to: pc-chair imf-conference org

Please submit your paper here.

You will find the submission guidelines here.


IMF 2018's scope is international. Hence all submissions must be written in English language. Presentations of accepted papers must be given in English language as well.


Accepted papers will be published by Conference Publishing Services and proceedings of the conference will be submitted to Xplore and CSDL. Each participant of the conference will receive a printed copy.

Student award and student sponsorship program

This year IMF will be offering an award with a cash prize to the best student paper. A student paper is any paper in which the majority of the work was performed and the paper written by full-time students at an accredited university, college, or high school.
A limited number of scholarships (no registration fee, two hotel nights) may be awarded to students presenting a paper at the conference. The intent is to help alleviate the financial burden due to the cost of hotel expenses and conference registration. For more information, see the IMF 2018 homepage at:

Dates and Deadlines (for regular papers and special sessions)

Papers & Presentation/Panel Proposals: January 30, 2018
Papers & Presentation/Panel Proposals: February 11, 2018
Workshop/Tutorial Submission Deadline: January 25, 2018
Workshop/Tutorial Submission Deadline: February 11, 2018
Demo & Poster Proposals: January 25, 2018
Demo & Poster Proposals: February 11, 2018
Author notification: March 7, 2018
Final draft papers due & presenter registration(*): March 25, 2018 (* Papers for which no author has registered by this date may be dropped from the program.)
Conference Dates: May 7 - May 9, 2018

Conference Chair

Klaus-Peter Kossakowski
Hamburg University of Applied Sciences, Germany

Holger Morgenstern
Albstadt-Sigmaringen University, Germany

Program Chairs

Harald Baier
Darmstadt University of Applied Sciences, Germany

Christian Keil
DFN-CERT Services GmbH, Hamburg, Germany

Programm Committee

Harald Baier, CRISP/Hochschule Darmstadt
Jack Cole, ARL
Andreas Dewald, ERNW Research GmbH
Jana Dittmann, Otto-von-Guericke University of Magdeburg
Felix Freiling, Friedrich-Alexander-Universität Erlangen-Nürnberg
Pavel Gladyshev, University College Dublin
Oliver Göbel, University of Stuttgart
Christian Keil, DFN CERT
Stefan Kelm, DFN-CERT Services GmbH
Stefan Kiltz, Otto-von-Guericke University of Magdeburg
Jan Kohlrausch, DFN-CERT Services GmbH
Klaus-Peter Kossakowski, HAW Hamburg/DFN CERT
Andrew Marrington, Zayed University
Robert Martin, MITRE
Holger Morgenstern, Albstadt-Sigmaringen University
Mark Schiller, Stratton Security Ltd.
Sebastian Schinzel, Münster University of Applied Sciences
Sven Schmitt, Friedrich-Alexander-Universtität Erlangen-Nürnberg
Thomas Schreck, Siemens CERT
Marko Schuba, FH Aachen - Aachen University of Applied Sciences
Michael Spreitzenbarth, Siemens CERT
Stephen Wolthusen, NTNU/RHUL

Steering Committee

Sandra Frings
Oliver Göbel
Detlef Günther
Holger Morgenstern
Jens Nedon
Felix Freiling
Dirk Schadt

Under the Auspices of

German Informatics Society (GI e.V.)
Wissenschaftszentrum Ahrstr. 45, 53175 Bonn, Germany Tel.: +49 228 302 145, Fax: +49 228 302 167

Special Interest Group SIDAR


IMF 2018 is supported by the following sponsors:

  • Deloitte