IMF 2011

6th International Conference on
IT Security Incident Management & IT Forensics

May 10th to 12th, 2011
Stuttgart, Germany

Conference of SIG SIDAR
of the German Informatics Society (GI).

Conference Programme - Presentations available (sorry not all yet)

Tuesday, May 10th, 2011

Leibniz-Rechenzentrum, Germany
Time Presentation / Description Speaker
10:00 Registration
11:00 Welcome Detlef Günther (General Chair)
Volkswagen AG, Germany
11:15 Key Note:
International challenges regarding Forensic IT Investigations and Forensic Readiness (PDF)
  • Challenges regarding cross border investigations (both practical and legal)
  • Public/private cooperation in cross border investigations
  • Technical challenges today and in the future
  • The growing need for forensic readiness
Mark Hoekstra
Grant Thornton Forensic & Investigation Services B.V., Netherlands
12:15 Integrated Security Incident Management - Concepts and real-world Experiences (PDF)
Stefan Metzger, Wolfgang Hommel and Helmut Reiser
13:00 Lunch
14:00 Security Aspects of Piecewise Hashing in Computer Forensics (PDF)
Harald Baier and Frank Breitinger
Hochschule Darmstadt, Germany
14:45 Computational Documentation of IT Incidents as Support for Forensic Operations (PDF)
Sebastian Kurowski and Sandra Frings
Fraunhofer IAO, Germany
15:30 Coffee Break
16:00 Forensics Investigations of Multimedia Data: A Review of the State-of-the-art (PDF)
Rainer Poisel and Simon Tjoa
Fachhochschule St.Poelten, Austria
16:45 Design and Implementation of a Documentation Tool for Interactive Commandline Sessions (PDF)
(Short Paper)
Andreas Dewald, Felix C. Freiling and Tim Weber
Universitaet Mannheim, Germany
17:05 End of Day Wrap-Up Moderated by Holger Morgenstern (Program Chair), Germany
17:15 End of Day One
19:00 Social Event: Dinner at Goldfish (Schlossstr. 57, 70176 Stuttgart, Germany, including Whisky Tasting moderated by Bernhard Weber (

Wednesday, May 11th, 2011

Time Presentation / Description Speaker
09:00 Registration
09:25 Greetings
09:30 Introduction of Sponsors:
Cellebrite GmbH
mh-Service GmbH
10:15 Usability of Forensics Tools: A User Study (PDF)
Hanan Hibshi, Timothy Vidas and Lorrie Cranor
Carnegie Mellon University, USA
11:00 Coffee Break
11:30 A Common Scheme for Evaluation of Forensic Software (PDF)
Mario Hildebrandt, Stefan Kiltz and Jana Dittmann
Universitaet Magdeburg, Germany
12:15 Towards Forensic Data Flow Analysis of Business Process Logs (PDF)
Rafael Accorsi, Claus Wonnemann and Thomas Stocker
Albert-Ludwigs-Universitaet Freiburg, Germany
13:00 Lunch
14:00 Key Note:
DIGITAL FORENSICS – Best Practice for the Future
  • Looking at the development of IT, it became crucial to change the way of thinking in the forensic approach for seizing digital evidence. The amount of data, the global distributed approach of criminals, the rapid growth on digital devices need an adaptation by investigators, both law enforcement and private industry. The presentation will give you an insight in a solution to deal with these problems from the scene of crime work up to archiving evidence after the end of a trial.
  • Bernhard Otupal, Security Solution Specialist EMEA
    Dell SA, France
    14:45 Towards a Rapid-alert System for Security Incidents (PDF)
    Stefan Rass
    Alpen-Adria-Universitaet Klagenfurt, Austria
    15:30 Coffee Break
    16:00 Automated Audit of Compliance and Security Controls (PDF)
    Gerhard Koschorreck
    UPW ProjectServices GmbH, Germany
    16:45 Use of Machine Learning Classification Techniques to detect Atypical Behaviour in Medical Applications (PDF)
    (Short Paper)
    Terrence Ziemniak
    Resurrection Health Care, USA
    17:05 End of Day Wrap-Up Moderated by Oliver Göbel
    RUS-CERT, Universitaet Stuttgart, Germany
    17:15 End of Day Two

    Thursday, May 12th, 2011 - WORKSHOP DAY

    Time Presentation / Description Organisation
    09:00-12:00 Workshop:
    Mobile Device Forensics | Comprehensive – Concise - Forensically Sound
    • The forensics process for mobile devices
    • From Seizure to archive - Tools to support the process
    • Reliable Device Identification - UFED Phone Detective
    • Data acquisition/extraction methods - Logical, physical, file system dump
    • Fundamentals on boot loaders and clients to support flash memory acquisitions
    • Investigation of geo data from mobile GPS’s and Smartphones
    • How communities can support mobile investigations
    Peter Warnke, Sales Director
    Cellebrite GmbH, Germany
    12:00 Lunch
    13:00-16:00 Workshop:
    Computer Forensics: Preservation of Evidence
    • The basics of digital forensics – how to preserve the forensic integrity
    • Volatile data – important or not?
    • An overview of the forensic solutions in the market
    • The work in the Lab - Real-World Case Studies
    • Linux as a forensic tool
    Dimitri Kusnezov, CTO
    mh Service GmbH, Germany
    Oliver Eichner, CTO
    DataLab GmbH, Germany
    16:00 End of Day Three - Workshop Day

    The conference would qualify for CPE hours for ISACA certifications (CISA, CISM, CRISC and CGEIT) and (ISC)² certification CISSP. Participants can earn up to 18 CPE for continuing their professional education.