IMF 2025
14th International Conference on
IT Security Incident Management & IT Forensics
September 16th - 17th, 2025
Albstadt, Germany
http://www.imf-conference.org/
mailto:2025@imf-conference.org
Conference under the Auspices of SIG SIDAR
of the German Informatics Society (GI).
Conference Program
Tuesday, September 16th, 2025
| Time | Presentation / Description | Speaker/Author/Session Chair | |
|---|---|---|---|
| 08:00 - 08:30 | Registration | ||
| 08:30 - 10:15 | Workshop - Practical Malware Analysis and Memory Forensics for Incident Response ## Prerequisites for Attendees Participants must bring their own laptop with all the required material installed (specifically, they must be able to run Docker containers). Some basic experience with Linux console and Python programming is advised. |
Ricardo J. Rodríguez (University of Zaragoza) |
|
| 10:15 - 10:30 | Coffee Break | ||
| 10:30 - 12:15 | Workshop - Practical Malware Analysis and Memory Forensics for Incident Response ## Prerequisites for Attendees Participants must bring their own laptop with all the required material installed (specifically, they must be able to run Docker containers). Some basic experience with Linux console and Python programming is advised |
Ricardo J. Rodríguez (University of Zaragoza) |
|
| 12:15 - 13:00 | Lunch | ||
| 13:00 - 13:10 | Opening Remarks | ||
| 13:10 - 14:00 | Opening Keynote - RAM Raiders: Forensic Analysis on the Edge of the Law and Memory | Ricardo J. Rodríguez (University of Zaragoza) | |
| 14:00 - 15:30 | Session 1 | ||
| 14:00 - 14:30 | Fine-Tuning Large Language Models for Digital Forensics: Case Study and General Recommendations | Michelet, Gaëtan (University of Augsburg, University of Lausanne); Henseler, Hans (Netherlands Forensic Institute, Leiden University of Applied Sciences); van Beek, Harm (Netherlands Forensic Institute, Open Universiteit); Scanlon, Mark (University College Dublin); Breitinger, Frank (University of Augsburg) | |
| 14:30 - 15:00 | Leveraging LLMs for Memory Forensics: A Comparative Analysis of Malware Detection | Lang, Jan-Hendrik; Schreck, Thomas (HM Munich University of Applied Sciences) | |
| 15:00 - 15:30 | Human Factors in AI-Driven Cybersecurity: Cognitive Biases and Trust Issues | Hagen, Raymond (Norwegian Digitalisation Agency, Norwegian University of Science and Technology); Øverlier, Lasse (Norwegian University of Science and Technology); Helkala, Kirsi (Norwegian Defence University College) | |
| 15:30 - 16:00 | Coffee Break | ||
| 16:00 - 17:00 | Session 2 | ||
| 16:00 - 16:30 | From IaC to IoC -- Using Infrastructure as Code (IaC) to Generate Synthetic Datasets of Compromised (IoC) Linux Systems for Use in Digital Forensics | Göbel, Thomas; Baier Harald (Universität der Bundeswehr München Fakultät für Informatik) | |
| 16:30 - 17:00 | Old Wine in New Wineskines: How Remnant Data Challenges Forensics and the Law | Hilgert, Sebastian (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe) | |
| 17:00 | Departure to Social Event at the Hohenzollern Castle and Conference Dinner | ||
Wednesday, September 17th, 2025
| Time | Presentation / Description | Speaker/Author/Session Chair |
|---|---|---|
| 09:00 - 09:30 | Registration | |
| 09:30 - 10:30 | Session 3 | |
| 09:30 - 10:00 | Limits to the Forensic Analysis of Container Applications in Cloud Environments | Schmid, Kerstin (Friedrich-Alexander University Erlangen-Nuremberg); Bayreuther, Konstantin (DHBW Mannheim);Freiling, Felix (Friedrich-Alexander University Erlangen-Nuremberg) |
| 10:00 - 10:30 | Metrics Matter - Source Camera Forensics for Large-Scale Investigations | Klier, Samantha; Baier, Harald (Universität der Bundeswehr München Fakultät für Informatik) |
| 10:30 - 11:00 | Coffee Break | |
| 11:00 - 12:00 | Practitioners Panel | Schütz, Philip (LKA NRW);Steinel, Jürgen (SySS Gmbh);Schemberger, Björn (CSBW) |
| 12:00 - 12:45 | Lunch | |
| 12:45 - 14:15 | Session 4 | |
| 12:45 - 13:15 | DiskForge: Timestomping on Disk Images for Educational Benefit | Pohl, Niclas (Friedrich-Alexander University Erlangen-Nuremberg); Voigt, Lena (Friedrich-Alexander University Erlangen-Nuremberg); Hargreaves, Christopher (University of Oxford); Fein, Christofer (Hochschule Niederrhein); Freiling, Felix (Friedrich-Alexander University Erlangen-Nuremberg) |
| 13:15 - 13:45 | Evaluating tamper resistance of digital forensic artifacts during event reconstruction | Vanini, Céline (Université de Lausanne); Hargreaves, Chris (University of Oxford); Breitinger, Frank (University of Augsburg) |
| 13:45 - 14:15 | Validating a Set of Candidate Criteria for Evaluating Software Tools and Data Sources for National CSIRTs’ Cyber Incident Responses | Mohd Kassim, Sharifah Roziah Binti (CyberSecurity Malaysia); Li, Shujun; Arief, Budi (University of Kent - School of Computing Canterbury) |
| 14:15 - 14:30 | Coffee Break | |
| 14:30 - 15:30 | WS - Einblicke in die praktische Arbeit des CERT BWL | Schemberger, Björn (Cybersicherheitsagentur Baden-Württemberg) |
In Cooperation with
