IMF 2013

7th International Conference on
IT Security Incident Management & IT Forensics

March 12th - 14th, 2013
Nuremberg (Nürnberg), Germany

Conference of SIG SIDAR
of the German Informatics Society (GI).

Conference Programme

Tuesday, March 12th, 2013

Time Presentation / Description Speaker
10:00 Registration and Welcome Coffee
11:00 Welcome (Room Conference Center 1) Felix Freiling (Conference Chair)
Friedrich-Alexander-Universitaet Erlangen-Nuernberg, Germany
11:15 Key Note:
Measuring the Cost of Cybercrime
Rainer Boehme
University of Muenster, Germany
12:15 Lunch
13:15 Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management
Karin Bernsmed and Inger Anne Tondel
14:00 Identifying a Shared Mental Model Among Incident Responders
Robert Floodeen, John Haller and Brett Tjaden
14:45 Preparing for the Smart Grids - Current Practice for Information Security Incident Management in the Power Industry
Maria B. Line
Norwegian University of Science and Technology
15:30 Coffee Break
16:00 mvHash-B - a new approach for similarity preserving hash function
Frank Breitinger, Knut Petter Astebol, Harald Baier and Christoph Busch
CASED / Hochschule Darmstadt, Gjovik University College, CASED / Hochschule Darmstadt, CASED / Hochschule Darmstadt
16:45 Selective Imaging Revisited
Johannes Stuettgen, Andreas Dewald and Felix Freiling
Friedrich-Alexander-Universitaet Erlangen-Nuernberg
17:30 Wrap-Up Moderated by Holger Morgenstern (Program Chair), Germany
18:30 Bus leaves 18:30 for Social Event (19:00): Dinner at Alte Kuech'n/Im Keller (Albrecht Duerer Street 3, 90403 Nuremberg, Germany, Bus transfer from (18:30) / to (23:30) Hilton is organized.

Wednesday, March 13th, 2013

Time Presentation / Description Speaker
09:00 Registration and Welcome Coffee
09:25 Greetings (Room Conference Center 1)
09:30 Sponsor talk by Datev
DATEV Company Presentation
Stefan Scheller
10:00 Sponsor talk by Datev
DATEV NET - internet made secure
Jörg Spilker
10:30 Coffee Break
11:00 Developing a Cloud Computing Based Approach for Forensic Analysis using OCR (short paper)
Matthias Trojahn, Lei Pan and Fabian Schmidt
Volkswagen AG, Deakin University, ISC Gebhardt
11:30 On Bayesian Trust and Risk Forecasting for Compound Systems (short paper)
Stefan Rass and Sebastian Kurowski
Alpen-Adria Universitaet Klagenfurt, Institute of Applied Informatics, System Security Group, Klagenfurt; Information Management, Fraunhofer IAO
12:00 Lunch
13:00 Key Note:
Recent Cyber Attacks: Inherent Risks, Countermeasures, Perspectives
Klaus Brunnstein
University of Hamburg
14:00 Digital Forensic Tool Testing meets Anti-Forensics
Martin Wundram, Felix Freiling and Christian Moch
TronicGuard GmbH, Friedrich-Alexander-Universitaet Erlangen-Nuernberg
14:45 Forensic Application-Fingerprinting based on Filesystem Metadata
Sven Kaelber, Andreas Dewald and Felix C. Freiling
Friedrich-Alexander-Universitaet Erlangen-Nuernberg
15:30 Coffee Break
16:00 Statistical Pattern Recognition Based Content Analysis on encrypted network traffics (Veröffentlichung nicht freigegeben)
Robert Altschaffel, Robert Clausing, Stefan Kiltz, Christian Kraetzer, Tobias Hoppe and Jana Dittmann
OVGU Magdeburg
16:45 Visualizing Indicators of Rootkit Infections in Memory Forensics
Stefan Voemel and Hermann Lenz
Friedrich-Alexander-Universitaet Erlangen-Nuernberg,Thor GmbH
17:30 Wrap-Up Moderated by Oliver Goebel
RUS-CERT, Universitaet Stuttgart, Germany
17:45 End of Day Two

Thursday, March 14th, 2013 - WORKSHOP DAY

Time Presentation / Description Organisation
08:30 Welcome Coffee
09:00-10:20 Workshop (Room Salt Lake City):
Hands-on reverse engineering of complex modern malware by example of the Stuxnet code (Veröffentlichung nicht freigegeben)
Heiko Patzlaff
(Siemens CERT, Germany)
10:20 Coffee Break
10:40-12:00 Workshop (Room Salt Lake City):
Hacking Embedded Crypto Implementations using Fault Injection
Johannes Bauer
(Robert Bosch GmbH, Germany)
12:00 Lunch
13:00-16:00 Workshop (Room Salt Lake City):
Tools and Processes for Forensic Analyses of Smartphones and Mobile Applications
  • Importance of digital evidence of smartphones
  • Background on the Android plattform
  • Digital evidence aquisition and analysis on Android phones
  • Forensic main memory aquistion and analysis on Android smartphones
Michael Spreitzenbarth and Tilo Mueller
Department of Computer Science Friedrich-Alexander-University Erlangen-Nuremberg
14:30 Coffee Break
14:45-16:00 Continue Workshop
16:00-16:45 Sponsor Presentation (Room Salt Lake City):
XRY Tool presentation:
  • Extraction and Analysis of an Android-Mobile-Device
  • Encrypted files and texts
  • Automatic decryption of Apps (e.g. pictures and messages)
  • Analysis of the decrypted information in an Analytical tool
Gerhard Gunst, Martin Westmann (Micro Systemation)

16:45 End of Workshop Day

The conference would qualify for CPE hours for ISACA certifications (CISA, CISM, CRISC and CGEIT) and (ISC)² certification CISSP. Participants can earn up to 18 CPE for continuing their professional education.