Workshops ABC AccessData (1): F12
Big Data’s impact on Forensics by Tim Leehealey, CEO AccessData Case sizes are growing incredibly fast and have forced forensics users to adopt awkward workflows that are sub optimal. AccessData is addressing this issue head on with a large list of key features designed to alleviate this exact problem and enable forensics investigators to more quickly sift through enormous volumes of data quickly and easily. In this session we will look at some of these key features and the technology enabling them and discuss the positives and negatives that these new technologies bring.
AccessData (2):
FTK/Summation 6.0 by Tim Leehealey, CEO AccessData FTK/Summation 6.0 is set to launch early September. We will use this session to demonstrate the combined solution and show users some of the more compelling new features. Users can expect to see a fully integrated Summation and FTK solution enabling users to seamlessly hop back and forth between the two products to better facilitate the needs of their respective users. furthermore we will exploring the new forensics focused features in FTK and some of the new eDiscovery focused features in Summation and the integration between the two.
F4
Adallom: IR8
Amped Software (1): F9
Amped Software (2): F11
The pro-active Cloud Security platform. Are you in control of all of your cloud data? Do you know what cloud applications are currently in use by your organisation? With Adallom you will have visibility, governance and real-time protection of all of your data in the cloud. Audience: Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers, IT-Managers Productive Forensic Video Analysis: Converting DVR Videos, Enhancing Images and Preparing a Report for the Courtroom with Amped FIVE The seminar will reveal the truth about image and video analysis and provide a summary of all steps needed to get evidence out of the source (typically a digital video recorder), extract parts of interest, properly enhance them, take measurements, and prepare the results for presentation in the courtroom. This session will teach analysts how to improve their workflow by using the software Amped FIVE, which is being used daily by top government forensic labs worldwide. New Frontiers in Image and Video Tampering Detection and Camera Ballistics This session will focus on the growing demand for authenticating images and videos in the forensic landscape. This workshop will demonstrate the current tools available in Amped Authenticate, the leading software for forensic image authentication, and the new revolutionary image and video authentication tools being developed as part of the project MAVEN, funded
by the European Union, which will be implemented into the Amped Authenticate software. BlackBag:
iOS9 and El Capitan : Implications for your Investigations
F1 CodeSealer: IR1 & IR5
DataExpert (1): IR6
Invisible end-to-end websession security, protecting you as well as your customers. With the new EU Data Protection Regulation companies that are active with online transaction have to rethink about how to protect customer data, passwords, financial data and account information when approx 80% of their customers are working from malware infected or insecure clients? CodeSealer will explain how you can achieve a 100% customer coverage for the protection of your websessions on desktops, tablets, mobile browsers and web view applications. Deze presentatie wordt twee keer gegeven. Language: English Audience: IT-Managers, Security Officers, Security Engineers, SOC/CERTmanagers, Compliance Officers, Data Protection Officers, Managers Ebusiness. Incident Response: Are you in control or only compliant? door Arjan Kolvoort / Remco van der Lans With only network protection elements e.g. Firewalls, AV/IDS/IPS and SIEM installations you can be compliant towards several regulations e.g. ISO27001/PCI-DSS /etc... But in practice, are you in control of where your data resides and how to respond towards both incidents and the new EU General Data Protection Regulation? This session will elaborate on how to achieve better visibility, governance and detection of your data, wherever your data resides, on premise, on mobile phones/tablets, laptops or in the cloud. And most of all how to define the real impact and suited response for your company. Audience: Security Officers, Security Engineers, SOC/CERT-managers, SOC analysten, Data Protection Officers, IT-managers.
DataExpert (2): IR2
Cyber Forensic End-point Security with Encase Enterprise door Arjan Kolvoort / Remco van der Lans This session will cover the mechanism of Malicious Activities Analytics, Accelerated Incident Response and Deep Forensic Investigation to help you fight malware and do internal investigations before incidents will happen. DataExpert Incident Response will provide you with an overview of how to do endpoint behaviour analysis and endpoint Forensics in a networked environment with Encase Enterprise. This session will cover Proactive Threat Hunting, Event Validation, Remediation and Automation.
Audience: Security Officers, Security Engineers, SOC/CERT-managers, SOC analysten, Data Protection Officers DataExpert: CA11
DataExpert: CA12
DataExpert CA13
DataExpert CA14
Hands-on sessie IBM i2 iBase, deel 1 van 2 In de laatste jaren is het gebruik van iBase toegenomen. Als gevolg is het aantal functionaliteit- en analyse vragen toegenomen. In deze sessies zullen we een aantal hints & tips geven over veel voorkomende zaken zoals importeren, het conceptualiseren van een datamodel (bijv. wanneer is een adres een entiteit, label of relatie?), zoeken of queries uitvoeren. Schrijf u snel in want het aantal plekken is beperkt! Doelgroep: Politie, RIEC’s, iBase gebruikers. Max. 30 plaatsen beschikbaar! LET OP: Schrijft u zich ook in voor deel 2 van deze sessie? Hands-on sessie IBM i2 iBase, deel 2 van 2 In de laatste jaren is het gebruik van iBase toegenomen. Als gevolg is het aantal functionaliteit- en analyse vragen toegenomen. In deze sessies zullen we een aantal hints & tips geven over veel voorkomende zaken zoals importeren, het conceptualiseren van een datamodel (bijv. wanneer is een adres een entiteit, label of relatie?), zoeken of queries uitvoeren. Schrijf u snel in want het aantal plekken is beperkt! Doelgroep: Politie, RIEC’s, iBase gebruikers. Max. 30 plaatsen beschikbaar! LET OP: Schrijft u zich ook in voor deel 1 van deze sessie? DE Analyst Challenge 2015, deel 1 van 2 “Welke organisatie heeft de beste digitale analist van Nederland?” Deze vraag zal beantwoord worden op de Digital Experience 2015! Een nieuwe traditie is geboren: de DataExpert Analyst Challenge. In wedstrijd verband gaat u met andere analisten de strijd aan om 2 tot 3 cases zo goed mogelijk op te lossen door gebruik te maken IBM i2 Analyst’s Notebook en IBM i2 iBase. Weet u uw skills en ervaring optimaal in te zetten en uw zenuwen in bedwang te houden? Wellicht dat u dan de Wisseltrofee mee naar kantoor kan nemen en de prestigieuze titel mag dragen van DataExpert Analyst of the Year. Sprekers: Erik van Kempen en Jelle Nieuwland, Softwaretrainers Doelgroep: Gebruikers Analyst’s Notebook en iBase Max. 30 plaatsen beschikbaar! LET OP: Schrijft u zich ook in voor deel 2 van deze sessie? DE Analyst Challenge 2015, deel 2 van 2 “Welke organisatie heeft de beste digitale analist van Nederland?” Deze vraag zal beantwoord worden op de Digital Experience 2015! Een nieuwe traditie is geboren: de DataExpert Analyst Challenge. In wedstrijd verband gaat u met andere analisten de strijd aan om 2 tot 3 cases zo goed mogelijk op te lossen door gebruik te maken IBM i2 Analyst’s Notebook en IBM
i2 iBase. Weet u uw skills en ervaring optimaal in te zetten en uw zenuwen in bedwang te houden? Wellicht dat u dan de Wisseltrofee mee naar kantoor kan nemen en de prestigieuze titel mag dragen van DataExpert Analyst of the Year. Sprekers: Erik van Kempen en Jelle Nieuwland, Softwaretrainers Doelgroep: Gebruikers Analyst’s Notebook en iBase Max. 30 plaatsen beschikbaar! LET OP: Schrijft u zich ook in voor deel 1 van deze sessie? DataExpert CA15
Crime Analysis Training - introductie en roadmap N.a.v. de vraag van klanten en organisaties hebben we een nieuwe serie trainingen toegevoegd aan ons portfolio: criminaliteitsanalyse trainingen voor beginners en gevorderden. Tijdens deze sessie geven we u meer inzicht in de mogelijkheden en nodigen we u graag uit om de inhoud, op basis van uw wensen, te verbeteren.
DCMR Milieudienst Rijnmond: Het RIAN Toezicht Model DCMR houdt toezicht op een schone en veilige omgeving. Chris zal u CA8 een kijkje geven in de keuken bij het Team Informatie & Analyse en legt de nadruk op risico- en resultaatgestuurd toezicht en handhaven. Deze innovatieve aanpak betreft niet alleen het gebruik maken van leidende technologie zoals Analyst’s Notebook en SPSS Modeler, maar betreft voornamelijk het aanpassen van de interne processen en denkwijze. In een omgeving waar de risico’s steeds complexer worden is het efficiënter maken, professionaliseren van de toezicht en handhavingactiviteiten hard nodig. Spreker: Chris Smit, Team Leader Informatie & Analyse Doelgroep: Milieu- en Omgevingsdiensten, Gemeenten en Provincies Taal: Nedelands Drone Hacking: F15
Fraudehelpdesk.nl: CA6
Drones are everywhere and their use by government, law enforcement, the private sector and hobbyists is only going to increase. With the increased use, the price will fall and put these devices into the hands of more and more responsible users. But what about those who wish to use this technology irresponsibly or with criminal intent in mind? This session will focus on low-end drones commercially available today and some of the risks they pose to to the public and challenges they pose to law enforcement and military. Fraudehelpdesk.nl en de strijd tegen phishing Fraudehelpdesk.nl is dé organisatie in Nederland die zich inzet bij de strijd tegen online fraude. Particulieren zijn het slachtoffer maar ook zeker de talloze organisaties in Nederland. Phishing doormiddel van social engineering, Spear Phishing, Cryptoware. Het zijn zomaar een aantal onderwerpen waardoor we elke dag weer bedreigd worden. Waar komt het vandaan, hoe herkent je het en misschien wel het belangrijkst, hoe voorkom je het?
Sprekers: John Kellij, Procesmanager – Fraudehelpdesk.nl / Stichting Aanpak Financieel-Economische Criminaliteit in Nederland (SAFECIN) en Elmer Lastdrager – PhD student Universiteit Twente bij Fraudehelpdesk.nl Doelgroep: Analisten, handhavers, beleidsmakers, provincies en politie, finance Taal: Nederlands Gemeente Bergen op Zoom: CA5
Guidance Software (1): F3
Guidance Software (2): F2
IBM: CA2
IBM: CA7
iBase en Analyst Notebook als ondersteuning in de gemeentelijke doelstellingen Steeds vaker krijgt ook de gemeente te maken met ondermijnende criminaliteit. Om hier een goede integrale aanpak op los te laten is het noodzakelijk dat de gemeente zijn informatiehuishouding op orde heeft. Patrick Roodenburg, Informatiemakelaar LIP/DIP, presenteert hoe de gemeente dit heeft gerealiseerd. Doelgroep: Analisten, handhavers, beleidsmakers bij gemeenten, provincies en politie Taal: Nederlands Getting the most out of EnCase Forensic v7 This session will help examiners using EnCase Forensic v7 work smarter by presenting simple functions they may have overlooked or may have never known existed. Addressing Solid State Drive (SSD) forensic acquisition challenges This session will help you understand the rapidly evolving SSD landscape and addresses data acquisition challenges forensic examiners are faced with.
IBM i2 Enterprise Insight Analysis - Maximising the use of your data to combat fraud and criminal activity The IBM i2 portfolio continues to evolve to address the increasing need to analyse vast quantities of data from an ever growing variety of sources. This session will take you through some of the new and forthcoming capabilities of the i2 portfolio and show you how customers are leveraging the ability to collaborate, share and disseminate intelligence more effectively than ever for faster informed decision making. Presenter: Julian Midwinter, Business Unit Executive - Safer Planet Europe Doelgroep: alle geïnteresseerden Taal: Engels IBM Watson Analytics: analytics die de gebruiker begrijpt Het probleem dat de meeste gebruikers ervaren, is dat ze zelf moeten bepalen welke data ze gebruiken, welke grafieken ze in hun rapportages moeten gebruiken en in welke richting de analyses moeten gaan. Veel beslissingen binnen het bedrijfsleven worden nog steeds vanuit een ‘gut feeling’ genomen.
IBM Watson Analytics maakt daar een einde aan. In plaats van zelf eindeloos te zoeken in gegevens en cijfers om antwoord te krijgen op belangrijke vragen, kunt u Watson vragen stellen als: 'met welke waardevolle klanten maak ik de meeste kans om een deal te sluiten in de komende dertig dagen?’ Spreker: Damiaan Zwietering, Predictive Analytics Specialist IBM: CA10
IBM Analytics - the big picture, innovations and futures. How can the combined analytics power of IBM help solve today's problems? This session will take you through some of the ways i2 and the wider analytics portfolio are innovating to make better sense of data faster. Cognitive computing, far - reaching solutions from IBM analytics and ground breaking new, 3D visualisation techniques from the innovation team will give you a view on the future of intelligence analysis. Presenter: Adam Etches, WW Solution Architect and Alister Brain, IBM i2 Product Innovation Taal: Engels
IBM RedCell: CA3
IBM Security (1): IR11
Emerging Trends - Financial Crimes. Understanding your Adversary Fraudsters use increasingly innovative ways to target individuals, organisations and businesses, with impact varying from damage to to reputation and compliance obligations to revenues. This session will focus on emerging threats and the tactics that fraudsters are using today. Covering data breaches and their impact, how compromised data is sold in the dark web, and tactics such as card cloning, skimming, call spoofing, phishing attacks and trade based money laundering. Understand how organisations are maximising their financial crime analytics and intelligence teams to combat fraud, and some of the innovative ways they are using not only their own data but open source data to support that activity. Presenter: Steven D'Alfonso, Financial Crimes Intelligence Specialist Taal: Engels Integrated Security Intelligence Overview New technological capabilities come with new vulnerabilities. How do you keep up with attacks when there is a shortage of IT security skills and rising costs to secure your data? How fast can you address an attack when your solutions aren’t integrated? This session will give you an overview of IBM’s enterprise security portfolio customized to your company’s needs. Focus on disrupt new threats, deploy security innovations and reduce the cost and complexity of IT security. IBM can safeguard your most critical data from compromise. Find out how IBM can help you optimize your security practices, stop advanced threats, protect critical assets, safeguard the cloud and mobile, and use security as a competitive advantage. Language: English Audience: Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers, IT-Managers
IBM Security (2): IR13
How to isolate and contain work data in the BYOD era: MaaS360 Secure Productivity Suite™ How do you enable your employees to securely access corporate data from iOS, Android and Windows Phone’s while preserving the mobile experience on their personal devices? This session gives you an overview of IBM’s MaaS360 Secure Productivity Suite. MaaS360 delivers a comprehensive set of cross-platform solutions to isolate and contain work data in the BYOD era. It is the only complete cloud-based solution for smartphones and tablets that enables employees to securely access corporate data while preserving the mobile experience on their personal devices. MaaS360 Secure Productivity Suite addresses key concerns of data loss risks. Language: English Audience: Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers, IT-Managers
Magnet Forensics (1): Advanced Evidence Analysis with Magnet IEF Meant for experienced IEF users, this session will provide in-depth instruction F13 on the newest analysis features that have been added to IEF Report Viewer. Learn how these new analysis tools can be used to quickly identify important facts, validate your findings, share results with non-technical stakeholders, and prepare evidence for presentation in a courtroom. Magnet Forensics (2): Investigating Smartphones with Magnet ACQUIRE and IEF The amount of data being generated by mobile devices has exploded, F14 resulting in exponentially more work for forensic examiners. To make matters more difficult, increased security features being introduced to iOS and Android devices (including encryption and locked bootloaders) are preventing examiners from recovering the crucial evidence they need. In this session, we will demonstrate how our new smartphone acquisition tool, Magnet ACQUIRE, can help examiners overcome some of these new challenges. Magnet ACQUIRE can be used to quickly extract important data from iOS and Android devices, providing you with reliable method for obtaining smartphone images. In addition, we will take an in-depth look at recovering and analyzing smartphone and Internet application data. Mandiant / FireEye (1): IR14
Responding to Advanced Persistence Threats (APT’s), insights from the frontline. A walkthrough of an APT incident response by Mandiant. During this talk, we review how attackers gained a foothold to a customer environment and maintained access to reach their objectives. Mandiant’s Incident Response Consultant and Forensic practitioner Bart Vanautgaerden shares a customer breach from detection to response and shares tips for prevention and remediation. During this session, you will learn what are the takeaways from these real-life breaches, and how to stay ahead of the game when attacker don’t play fair.
Speaker: Bart Vanautgaerden - Incident Response Consultant and Forensic practitioner Audience: Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers, IT-Managers Mandiant / FireEye (2): IR7
From the Frontlines: Hear about the lifecycle of a breach, the latest threat actors, how they work and what they do. Audience: Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers, IT-Managers
MD5: F5
Virtualisation Presentation The VFC presentation looks at VMware's freely available Player and Disk Mount utilities, along with the Computer Forensics disk mount tool such as Mount Image Pro or FTK Imager, to re-create a subject machine in a matter of seconds. The presentation discusses the techniques and methodologies used in the processes required to virtualise a computer together with some problem solving solutions and case studies. The presentation will also discuss “what is virtualisation” snapshots, migration, failover and software. There are numerous specialist software applications available to assist the investigation and analysis of digital media which has been forensically acquired. Whilst these tools can and do provide a great depth of analysis and will reveal data fragments of material no longer readily available, it is often the case that the 'scene of the crime' part of the examination process is overlooked as an additional source of potentially invaluable information. In the 'real' world, it is almost unthinkable not to examine in detail the actual crime scene and then perform 'Forensics' examinations on evidence gathered from the scene. In the 'virtual' world of Forensics Computing, the same is not true and all too often it is only the underlying data and information that resides on the storage devices that is examined in detail. This enables the investigator to experience the 'desktop' as seen by the original user in an entirely Forensics manner in a read only virtual environment. The presentation will be provided by Michael Penhallurick, a senior Computer Forensics analyst with MD5 Ltd. In 2005 an abridged version of his research was published in Digital Investigations, a magazine aimed directly at the Computer Forensics arena. His successful methods of transposing digital data into a virtual machine environment have been read and utilised by investigators across the globe. Building from this research, Michael has now developed a standalone application known as VFC (Virtual Forensic Computing) that enables an investigator to experience almost any Windows based system within seconds of acquisition which will avoid the need to have access to a full Computer Forensics application or the need to restore Computer Forensics image files to another PC to try and boot them.
MH Service: F10
How to face the challenges of On-Site “Data-Acquisition” and “Analysis”? Benefits of the 2nd Generation of the “Forensic Laptop”!
NetSkope:
CloudSecurity: 5 Must-Haves for Enabling SaaS While Securing Data and Complying with Regulations. Allow is the New Block: Netskope enables you to find, understand, and secure cloud apps in real-time and across any app. Our granular policies let you shape activities, not block apps. That’s how cloud security solutions should work. During this session you will get more details on how to find, understand and secure data across all of your cloud applications. Language: English Audience: Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers, IT-Managers
IR3 & IR15
Oxygen Forensics: F6
PassWare:
Mobile Forensics: Modern ways of communication. Hidden and deleted data Modern devices are not just phones for calls but modern communication devices which keep a lot of personal data. The experts’ job is to analyze this information and the purpose of this presentation is to share knowledge on how to find and identify it. Not obvious things they have learnt once and forever not to be stuck when you stumble on them but problems that raise when some changes in the world of mobile devices happen (and they do happen frequently), or that are not highlighted by the tools they are using. Efficient Decryption and Cloud Forensics Documents, mobile devices, hard drives, cloud - where else could encrypted evidence reside? This workshop covers efficient methods to decrypt it, including live memory analysis and data acquisition from Cloud services.
F7
PhishMe:
Security Awareness & Protection on Phishing attacks With 91% of attacks starting with spear phishing, numerous high-profile breaches emanating from a single phish, and typical incident detection times spanning hundreds of days, the PhishMe solution disrupts the core of the adversary’s attack chain – their targets and tactics. PhishMe has developed a phishing threat management solution that:
IR9
-
Prepares employees to be more resilient and vigilant against targeted cyber attacks Empowers employees to easily report suspicious emails to the internal security teams in a timely manner Provides incident responders with the ability to effectively prioritize, analyze, and act on suspect email reports detected by users, producing actionable intelligence that can be integrated with and employed by an organization’s existing security ifrastructure and analytics capabilities. Speaker: Paul Witchell - Business Development at PhishMe Audience: IT-Managers, Security Officers, Security Engineers, SOC/CERT-managers, Compliance Officers, Data Protection Officers.
rola Security Solutions: CA1
rola Security Solutions CA4
SoftwareZaken.nl: IR12
SPSS: CA9
Need to share - rsFrame® platform for investigation, intelligence and analysis. rsFrame® is a platform for Information Management for the Security Sector. Numerous powerful features help investigators to retrieve and to analyze relevant information. rsFrame® is a platform which allows collaboration, but it allows users to share information from the very first of an investigation – thus enabling investigators to act with high speed and precision. Doelgroep: investigators, analysts, decision-makers Taal: Engels rsCoala® - standardization of communication data. rsCoala® - allows the standardization of communication data. Data from the surveillance of telecommunication are delivered in multiple formats – depending on the provider. These data have to be transferred into a consistent format in order to be ready for analysis and to get relevant information quickly and reliably. Presenter: Nina Keller and/or Dirk Linneman Doelgroep: investigators, analysts, more practical level Taal: Engels Introductie gegevensbescherming en cybersecurity Veel organisaties voldoen niet aan de regels voor bescherming persoonsgegevens. Hierdoor ontstaan privacy-risico’s en lopen organisaties het risico op hoge boetes (vanaf 2016 tot 2% van de omzet). Met deze workshop willen we iedere organisatie de kans geven zich bij te scholen op het gebied van gegevensbescherming, door het behandelen van de huidige en toekomstige regels. Deze workshop is bedoeld voor elke professional die betrokken is bij gegevensverwerking en goed op de hoogte wil zijn van alle regels. De workshop is aanbevolen voor consultants, informatie-architecten en CTO’s. Ook is de workshop zeer geschikt voor security officers en voor de nieuwe rol van Functionaris Gegevensbescherming (FG). De nadruk ligt niet op technische aspecten van beveiliging, maar vooral op goede inrichting en organisatie. Hierdoor is de workshop goed te volgen voor mensen zonder technische achtergrond. In de workshop wordt een praktijkvoorbeeld aangehaald om het proces van gegevensbescherming door te lopen. Spreker: Dr. Sieuwert van Otterloo – IT Expert / oprichter SoftwareZaken Taal: Nederlands Doelgroep: IT/Security-consultants, informatie-architecten, CTO’s, CIO’s, Security Officers en medewerkers in de nieuwe rol van Functionaris Gegevensbescherming (FG)
Hoe haalt u waardevolle voorspellende inzichten uit uw data? Hoe weet u wat u niet weet? Waarschijnlijk een vraag waar velen van ons wel eens van wakker liggen. Met IBM SPSS Predictive Analytics kunt u de kracht in handen hebben om een antwoord te vinden op deze vraag. Na het volgen van deze sessie weet u hoe u de
volgende stap kunt nemen in uw data intelligence. Dé voorbereiding op de toekomst! Doelgroep: Analisten, Beleidsbepalers, Projectmanagers, Taal: Nederlands Tracks Inspector: F8
Varonis: IR4 & IR10
The Digital Evidence Dashboard The Digital Evidence Dashboard (DED) introduces new concepts in Tracks Inspector that support detectives, experts and senior investigative officers to better collaborate when it comes to the investigation of digital evidence. The DED aims to avoid overcharging of digital forensics experts, to give more control to senior officers over their case and to enable detectives to find “low hanging fruit” in digital evidence by using an easy to use web-based solution. In this presentation we will explain the concepts of the DED and how have been implemented in Tracks Inspector 2.1. Taal: Nederlands Is your data at risk? See who can access sensitive data, monitor access activity, and prevent data breaches in your company. Audit your data in minutes, not days. Ensure the right access to the right data, monitor use, flag abuse. Identify and lockdown sensitive content, remain compliant, detect and prevent breaches e.g. Cryptolocker. Varonis is essential in helping organisations to comply towards the new EU Data Protection Regulation on the Breach Notification Requirement. Deze presentatie wordt twee keer gegeven. Language: Nederlands Audience: IT-Managers, Security Officers, Security Engineers, SOC/CERTmanagers, Compliance Officers, Data Protection Officers.