Topics & Speakers
Conference Topics
• Network Security
•
Forensic (network) Tracing
•
Legal Aspects
•
Social Awareness regarding the Internet
Chairperson
Monica den Boer
Academic Dean Police Academy of The Netherlands; Professor
in Comparative Public Administration, in particular the internationalization
of the police function, Police Academy Chair at the VU University
Amsterdam, Netherlands.
Professor den Boer graduated from Tilburg University, Netherlands,
and the European University Institute in Florence, Italy. Before
joining the Police Academy, she was Managing Director at the
Institute for European Law Enforcement Administration in Brussels,
Associate Professor of Public Administration at Tilburg University,
Senior Lecturer for Justice and Home Affairs at the European
Institute of Public Administration in Maastricht and a researcher
in Leiden and Edinburgh.
She has published widely on Justice and Home Affairs cooperation
in the EU, cross-border policing and organised crime, counter-terrorism,
the Schengen Agreements, legal semiotics, as well as governance,
accountability and information and communication technology. Her
publications include Investigating Organised Crime in European
Border Regions (with Spapens, 2002), Policing Europe:
Theory, Law and Practice (with Anderson et al., 1995) and Policing
Across National Boundaries (ed. with Anderson, 1994). At EIPA,
she edited Controlling Organised Crime (with Doelle et
al., 2000), Schengen Still Going Strong; Evaluation and Update (2000), Taming
the Third Pillar (1998), Schengen, Judicial Cooperation
and Policy Coordination (1998), Undercover Policing and
Accountability from an International Perspective (1997), and The
Implementation of Schengen (1997). |
|
 |
Keynote Speakers
Eric Thompson
AccessData
Digital Forensics and Electronic Discovery in a Terabyte
World
The continued rapid advancement of disk storage technology is
having a significant impact on computer forensics and electronic
discovery. Acquisition, storage and analysis of voluminous amounts
of data are creating a significant problem for the industry. This
presentation will examine the ‘volume’ problem with
a focus on how the digital forensics software is improving to help
keep pace with disk technology.
www.accessdata.com |
|
 |
| |
|
|
Arda Gerkens
Member of Dutch
Parliament
www.tweedekamer.nl |
|
 |
| |
|
|
Hans
van Grieken
Capgemini Nederland - Vice President Business Innovation
Network
www.capgemini.com |
|
 |
| |
|
|
Anthony Reyes
HTCIA
Anthony Reyes is a retired New York City Police Department Computer
Crimes Detective. While employed for the NYPD he investigated computer
intrusions, fraud, identity theft, child exploitation, intellectual
property thief, and software piracy.
He sat as an alternate member of New York Governor George E.
Pataki's Cyber-Security Task Force, and presently serves as President
for the High Technology Crime Investigation Association. He is
the Education & Training Working Group Chair for the National
Institute of Justice’s Electronic Crime Partner Initiative.
Anthony is also an Associate Editor for the Journal of Digital
Forensic Practice, and an editor for The International Journal
of Forensic Computer Science.
He is an Adjutant Professor, and is the Chief Executive Officer
for the Arc Enterprises of New York, Inc. on Wall Street. Anthony
has over 20 years of experience in the IT field. He teaches for
several government agencies, and large corporations in the area
of computer crime investigations, electronic discovery, and computer
forensics, and lectures around the world.
www.htcia.org |
|
 |
| |
|
|
Symantec – Tom
Welling
Internet Security Threats - current developments
The Symantec Internet Security Threat Report offers analysis and
discussion of threat activity over a six-month period.
It covers Internet attacks, vulnerabilities, malicious code, phishing,
spam and security risks as well as future trends.
Tom Welling from Symantec will take you through the key findings
of the latest edition of the report, which was released 4 weeks
ago.
www.symantec.com |
|
|
| |
|
|
General Marc Watin-Augouard
Ministere de la Défense, République Française |
|
|
| |
|
|
Jean-Claude De Cordes
Council of Europe
The Convention on Cybercrime as a Framework for Cybercrime
Legislation and International Cooperation
www.coe.int |
|
|
| |
|
|
De Kinderconsument - Bamber
Delver
Managing Director / author of books about children & internetsafety
In the Netherlands Bamber Delver was the very first to speak and write about
children and internetsafety. He initialized several projects with kids like:
tests of computerfiltering, actions against commercial stalking websites and
contests for kids of their homemade websites. Delver wrote 4 books about the
subject untill today and takes part in the expertgroup Digikids, advising the
police and justice department. His latest book about cyberbullying was launched
in Dutch Parliament. He believes in taking responsibility by all of us: parents,
companies, ministeries, and last but certainly not least: the kids themselves.
In his presentation he takes a look into the cyberworld of internet and mobiles,
webcam communities and games. He looks at the fun these media kids provide and
talks about why kids take risks as well. Bamber Delver’s presentations
are always associated with positivity and pleasure. So: enjoy!
www.kinderconsument.nl |
|
|
Parallel Sessions
 FOX-
IT – Thijs Bosschert
USB sticks: an Investigators’ Nightmare?
Nowadays USB memory sticks are a common good in daily life, almost everyone has
one. As a (direct) result of this they are also common in digital forensic investigations.
What are the things that can be done with USB sticks that could potentially scare
an investigator?
www.fox-it.com
 WetStone Technologies – Chet Hosmer
eCrime and Steganography
With the increase of computers becoming the tools and the targets for
crime it is imperative to have multiple lines of protection. Network
IDS, host based IDS, antivirus scanners and firewalls are not enough.
More sites are adopting the ecommerce model and with purchasing and
banking being done electronically it is critical to protect the hosts
and servers involved. Trojans, Keyloggers, and other malicious software
have been running rampant in the news and are no longer attacking home
based systems, but are setting their sites on systems hosting important
websites. Online banking, 401K, Loan Application sites are all ideal
targets for malicious software. Beyond the outsider threat corporations
need to be concerned with the malicious software being used internally
as well as externally. Steganography one of many tools used internally
takes advantage of human and software weaknesses to see embedded data.
Learn to protect your hosts against these types of malicious software
and insider infiltration and see what embedded data is floating through
your networks.
www.wetstonetech.com
FOX- IT – Gertjan Schoenmaker
Wiretapping of the 21st Century
With the ubiquity of the internet, Communications Forensics is rapidly
growing in importance. Where IP traffic could previously be analysed
using tools like Wireshark (Ethereal), or basic internet monitoring
centers, “Web 2.0”, VoIP and the rise of online applications
require new tools, such as FoxReplay Analyst to reconstruct the traffic
for natural analysis.
www.fox-it.com
Guidance Software – Mike Fowler
NIST 800-61 and 800-86: Integrating Forensic Best Practices
into your Incident Response Practice
In March of 2004, NIST published 800-63 Computer Security Incident
Handling Guide and then followed it in August of 2006, with the publication
of 800-86 A Guide to Integrating Forensics Techniques into Incident
Response. Taken together these two documents set forth a solid foundation
of best practices for incident response and the role of forensics.
This lecture reviews these two documents and presents an outline for
comprehensive compliance in the areas of people process and technology.
The presentation includes a detailed analysis of a decision tree for
handling incident.
www.guidancesoftware.com
Guidance Software – Mike Fowler
Mobil phone forensics - Acquisition, Analysis and Signal
Blocking
Mobile phones are no longer just about communicating with another person.
Today, they are information-rich devices that contain a wealth of data
ranging from pictures to SMS conversations to last-called person to
last-known connected cell tower. Many times, locked somewhere in these
devices lies the answer or clues that are that are critical to investigations.
Just like a computer, these devices have their known unique file systems,
configurations and applications. As a result, mobile phones represent
one of the next great challenges vexing computer forensic investigators
worldwide. There are partial solutions available that perform various
levels of cell-phone analysis on the SIM card of phone itself, however,
none take the approach of Guidance Software. As the World Leader in
Digital Investigations™, we understand the challenges of the
global investigator. We have developed ‘Neutrino’, a new
solution to acquire, analyze and report not only on the logical phone
data and SIM card, but the physical phone data as well. Come learn
about our industry pioneering approach to cell phone forensics and
get a glimpse of the future as David Petty talks about the fundamentals
of mobile phone forensics and demonstrates how we arm investigators
now and in the future with te tools needed to combat cyber crime.
www.guidancesoftware.com
FOX-IT - Paul Bakker
How Fox-IT Cracked Several Encrypted USB Sticks and Why
We Did it.
A lot of ‘secure’ USB sticks boast encryption, biometrics
and self-destructing mechanisms. An investigation of a batch of these
secure USB sticks shows surprising weaknesses and flaws allowing retrieval
of secured data from the USB sticks in question. Do you want to know
your possibilities when encountering a secure USB stick?
www.fox-it.com
Guidance Software – Mike Fowler
Detecting Advanced Malware Such as Rootkits and Diskless
Compromises
EnCaser Enterprise possesses truly revolutionary capabilities when
it comes to detecting the presence of rootkits, or investigating deskless
systems that have been compromised. Conducting an investigation on
a compromised system requires access to the volatile information stored
in memory, which will be lost if the system is taken offline for forensic
imaging. In the case of diskless systems, a new image is loaded at
every power up cycle resulting in a complete loss of any information
residing in memory. This lab covers the collection and analysis of
volatile data and how an investigator can use the tool to accomplish
these types of investigations with minimal time, effort and money.
www.guidancesoftware.com
Guidance Software – Mike Fowler
Lab solutions, collaborative work and review platforms
as well as a review of advanced/new enscript capabilities and plug
ins.
The traditional model of one investigators/one case is breaking down.
Cases have become more complex and the loads larger. Simply scaling
the current model isn’t cost effective. Training forensics
investigators is challenging, costly and time consuming. Fortunately,
it isn’t necessary for trained forensics investigators to conduct
all phases of an investigation. A well-trained forensics investigator
must conduct the more technical elements of the investigation, but
anyone familiar with the case should be able to review evidence and
construct a report. The problem has always been that these untrained
investigators don’t understand forensics tools and can’t
interface well with the data or build a case. This is exactly the problem
Lab Edition was designed to solve. As a collaborative platform, Lab
Edition allows a forensics investigator to farm out the less technical
work of a case to untrained investigators in a controlled and easy-to-use
interface. This enables efficient and effective review and reporting
but ensures no damage is done to the data. This presentation demonstrates
how Lab Edition works and its usefulness as a force multiplier for
forensics investigators.
www.guidancesoftware.com
High Tech Crime Unit The Hague - Daniel van der End
Video Investigation
- possibilities of video
enhancement using Cognitech Video Investigator and Video Active.
- what
can be done using regular video enhancement techniques and what cannot?
- guidelines
for retrieval of video data from digital CCTV systems.
- some examples
of retrieving video from digital CCTV systems.
- tools.
Logica CMG – Arnoud van Zuijlen
The Future of Biometrics: Multimodal searching and Fusion
Identity has emerged to become one of the key concerns around the world,
due to the ongoing threat of terrorism and identity theft. Governments
and companies need to establish secure and reliable methods to verify
a person’s identity. With the growing usage of biometrics as
a method to identify / verify someone’s identity, the accuracy
of these biometric algorithms and the proper application of it are
getting more important. Combining multiple forms of biometric technologies
will create a more secure and reliable solution for identifying / verifying
someone’s identity.
www.logicacmg.nl
 Microsoft IT Academy – Daniel van
Soest
Overview Windows Server 2008
This year sees the launch of Windows Server 2008, the new server
platform.
In this session, we will look at the new possibilities offered by this platform
and the most important changes, devoting special attention to the roles for the
administrator. Over the course of an hour, an overview will be given of the following
points:
- More Control
– Server Management
– Server Core
– WS-Management
- Increased Protection
– Operating System Hardening
– Network Access Protection (NAP)
– Branch Office Deployments
www.microsoft.com
Capgemini Nederland - Maarten Oosterink
What organizations need to know about network forensics
Network Forensics, or at least the bit commercial organizations have
to deal with, have rapidly evolved. Maarten Oosterink will discuss
to what extend (European) organizations need to deal with Network Forensics.
He’ll also guide you trough the future of Network Forensics and
what changes organizations should prepare themselves for.
www.capgemini.com
Open Line - Jeremy van Doorn
Security and flexibility through virtualization
This presentation will discuss the impact of server virtualization
in datacenters. It will discuss the flexibility that is gained by implementing
virtualization and will focus on the new security options that become
available by implementing virtualization. The virtualization layer
has a unique space between the hardware and the operating system, which
allows it to perform unique functions in secure environments.
www.openline.nl
Secode – Robert Ståhlbrand
Internet Banking Security
- The increasing numbers of security breaches in Internet
Banking and Securities business. History and future.
- The weakness
of current Internet Banking Systems and the attacks towards it.
- An
in depth analyze of a trojan constructed for man-in-the-middle attacks.
- How
the IDS/IPS technology needs customization to provide sufficient
protection
www.secode.com
Microsoft IT Academy – Ir.
Martin Vliem, CISSP CISA
Networking in an Anywhere Secure Access World;Vision,
technologies and considerations.
Today an increasing number of companies try to work out a way to enable
their employees to work location and time independent in a flexible
way. Whilst allowing anywhere access to a corporate network is rather
simple to accomplish, enabling that in a secure way is challenging.
This session will present a vision on how companies and organizations
can enable Anywhere Secure Access to a corporate network, where several
network security paradigm shifts are introduced. Furthermore we will
show what components and technologies will become important in realizing
this vision and what technologies already can be used today.
The most detailed part of this presentation will provide more detail
on the network specific technologies and will give some insight into
where the Forensic attention should focus in the anywhere access world.
www.microsoft.com
 Zuyd University – Frits Simon – Managing Director
Faculty ICT
Network Forensic and Education
The Network Forensic Research curriculum will be presented. A specialization
of the Bachelor’s degree course of Network Infrastructure Design,
this course offers students the opportunity to concentrate on a domain
of swiftly growing importance in society. The course offers companies
and governmental organizations a chance to recruit specialized personnel,
for whom the demand is increasing.
www.hszuyd.nl
Loket MBO ICT - ECABO Kenniscentrum voor de economisch-administratieve,
ICT- en veiligheidsberoepen – Hans Blankendaal – Senior
Adviseur ICT
Network Forensics in Vocational Education in The Netherlands
Hans Blankendaal works for ECABO; a Centre of expertise on vocational
education, training and labourmarket in the Netherlands. Hans wants
to share with you the experiences of the past years in developing a
qualification on network forensics. He will focus on the accomplishments
and is going to elaborate on the present state of the project. Of course
he’s also eager to hear
your point of views concerning network forensics and education.
www.ecabo.nl
KPMG – Harry Onderwater
Corporate Security Management, More than the Sum of its
Parts
Corporate Security Management is more than just network security. Harry
Onderwater will explain the underlying relationship between IT security,
physical security, personal security, safety and risk management and
the accompanying responsibilities
www.kpmg.nl
Microsoft Consulting Services - T.J. Campana – Investigative
Consultant
Vista Forensics
For forensic investigator knowledge in depth of the Microsoft operating
systems XP and Vista absolutely necessary. Both operating not only
contain more technical features but are also the real basics of all
evidence. Microsoft trainer T.J. Campana, known for his high quality
training of XP Forensic and Vista Forensic will present 2 half day
sessions Bitlocker Forensics, a half day Volume Shadow Copy and a half
day Vista Forensic Artifacts at the conference. These trainings are
made by Microsoft specially for Law Enforcement and should be a standard
training for all digital investigators.
www.microsoft.com
Radboud University - Kees Koster
Towards forensic Text Mining
Text Mining has been defined as "the combined,
automated process of analyzing unstructured natural language text
in order to discover information and knowledge that are typically
difficult to retrieve". We first discuss the differences between
text mining and the related fields of data mining, classification
based search and information extraction and then the potential for
such techniques in various forms of forensic search.
www.cs.ru.nl/~kees
Dutch Forensic Institute – Arjen van de Wetering
New Development in Digital Evidence
The software engineering group of the Netherlands Forensic Institute
develops software on request for examination of digital evidence. Several
products have been developed, of which some are open source. The products
defraser and TULP2G are open source, however more new developments
will follow, such as software for timeline analysis. In this presentation
an in depth overview of software engineering and the challenges at
a digital evidence section from a forensic institute will be provided.
www.forensischinstituut.nl
SBV Forensic Data Analysis – Gabriel Hopmans
Establishing conclusive proof in Forensic IT with help
of Taxonomies
The search-process when one is using Forensic
Data Analysis Tools is leaning on the analyst’s knowledge.
But suspicions, indications of irregular behavior or a charge all
be can translated into taxonomies for meaning based computing. In
this presentation we will show knowledge systems in which search-processes
are supported semi-automatically.
Ministery of Justice Albania - Diana Stillo
Prosecutor Office Albania - Mariglen Biti
The practical Results and Consequences of the Cybercrime
Convention of the Council of Europe
The Convention
on Cybercrime of the Council of Europe is the only binding international
instrument on this issue. It serves as a guideline for any country
developing comprehensive national legislation against Cybercrime and
as a framework for international cooperation between State Parties
to this treaty. The Council of Europe helps countries to ratify, accede
and implement these treaties through the Project on Cybercrime. Within
this Project on Cybercrime the Council has organized a conference in
Belgrade early 2007. During the PACO-conference many Eastern-European
countries discussed legislation, corporation and implementation of cybercrime
and cybercrime-legislation. JC de Cordes will give a presentation on
the Council’s Cybercrime Projects, Mrs. Diana Stillo, Director
International Corporation Courts, Ministery of Justice Albania and Mr.
Mariglen Biti, Director IT of the General Prosecutor Office Albania will
explain the results of that conference in Albania. They also will inform
the conference about the best ways of corporation in investigations between
East and West – Europe.
The program is subject to change.
|
