IMF 2025

14th International Conference on
IT Security Incident Management & IT Forensics

September 16th - 17th, 2025
Albstadt, Germany

http://www.imf-conference.org/
mailto:2025@imf-conference.org

Conference under the Auspices of SIG SIDAR
of the German Informatics Society (GI).

Conference Program

Tuesday, September 16th, 2025

Time Presentation / Description Speaker/Author/Session Chair
08:00 - 08:30 Registration
08:30 - 10:15 Workshop - Practical Malware Analysis and Memory Forensics for Incident Response <SLIDES> Ricardo J. Rodríguez (University of Zaragoza)
10:15 - 10:30 Coffee Break
10:30 - 12:15 Workshop - Practical Malware Analysis and Memory Forensics for Incident Response <SLIDES> Ricardo J. Rodríguez (University of Zaragoza)
12:15 - 13:00 Lunch
13:00 - 13:10 Opening Remarks
13:10 - 14:00 Opening Keynote - RAM Raiders: At the Edge of Memory and the Law <SLIDES> Ricardo J. Rodríguez (University of Zaragoza)
14:00 - 15:30 Session 1
14:00 - 14:30 Fine-Tuning Large Language Models for Digital Forensics: Case Study and General Recommendations <PAPER/SLIDES> Michelet, Gaëtan (University of Augsburg, University of Lausanne); Henseler, Hans (Netherlands Forensic Institute, Leiden University of Applied Sciences); van Beek, Harm (Netherlands Forensic Institute, Open Universiteit); Scanlon, Mark (University College Dublin); Breitinger, Frank (University of Augsburg)
14:30 - 15:00 Leveraging LLMs for Memory Forensics: A Comparative Analysis of Malware Detection <PAPER/SLIDES> Lang, Jan-Hendrik; Schreck, Thomas (HM Munich University of Applied Sciences)
15:00 - 15:30 Human Factors in AI-Driven Cybersecurity: Cognitive Biases and Trust Issues <PAPER/SLIDES> Hagen, Raymond (Norwegian Digitalisation Agency, Norwegian University of Science and Technology); Øverlier, Lasse (Norwegian University of Science and Technology); Helkala, Kirsi (Norwegian Defence University College)
15:30 - 15:35 Poster Introduction
15:30 - 16:00 Coffee Break
16:00 - 17:00 Session 2
16:00 - 16:30 From IaC to IoC -- Using Infrastructure as Code (IaC) to Generate Synthetic Datasets of Compromised (IoC) Linux Systems for Use in Digital Forensics <PAPER/SLIDES> Göbel, Thomas; Baier Harald (Universität der Bundeswehr München Fakultät für Informatik)
16:30 - 17:00 Old Wine in New Wineskins: How Remnant Data Challenges Forensics and the Law <PAPER/SLIDES> Hilgert, Sebastian (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe)
17:00 Departure to Social Event at the Hohenzollern Castle and Conference Dinner

Wednesday, September 17th, 2025

Time Presentation / Description Speaker/Author/Session Chair
09:00 - 09:30 Registration
09:30 - 10:30 Session 3
09:30 - 10:00 Limits to the Forensic Analysis of Container Applications in Cloud Environments <PAPER/SLIDES> Schmid, Kerstin (Friedrich-Alexander University Erlangen-Nuremberg); Bayreuther, Konstantin (DHBW Mannheim);Freiling, Felix (Friedrich-Alexander University Erlangen-Nuremberg)
10:00 - 10:30 Metrics Matter - Source Camera Forensics for Large-Scale Investigations <PAPER/SLIDES> Klier, Samantha; Baier, Harald (Universität der Bundeswehr München Fakultät für Informatik)
10:30 - 11:00 Coffee Break
11:00 - 12:00 Practitioners Panel Schütz, Philip (LKA NRW);Steinel, Jürgen (SySS Gmbh);Schemberger, Björn (CSBW)
12:00 - 12:45 Lunch
12:45 - 14:15 Session 4
12:45 - 13:15 DiskForge: Timestomping on Disk Images for Educational Benefit <PAPER/SLIDES> Pohl, Niclas (Friedrich-Alexander University Erlangen-Nuremberg); Voigt, Lena (Friedrich-Alexander University Erlangen-Nuremberg); Hargreaves, Christopher (University of Oxford); Fein, Christofer (Hochschule Niederrhein); Freiling, Felix (Friedrich-Alexander University Erlangen-Nuremberg)
13:15 - 13:45 Evaluating tamper resistance of digital forensic artifacts during event reconstruction <PAPER/SLIDES> Vanini, Céline (Université de Lausanne); Hargreaves, Chris (University of Oxford); Breitinger, Frank (University of Augsburg)
13:45 - 14:15 Validating a Set of Candidate Criteria for Evaluating Software Tools and Data Sources for National CSIRTs’ Cyber Incident Responses <PAPER/SLIDES> Mohd Kassim, Sharifah Roziah Binti (CyberSecurity Malaysia); Li, Shujun; Arief, Budi (University of Kent - School of Computing Canterbury)
14:15 - 14:30 Coffee Break
14:30 - 15:30 WS - Insights into the practical work of CERT BWL Schemberger, Björn (Cybersicherheitsagentur Baden-Württemberg)

In Cooperation with