Some short thoughts from Hamburg

An interesting but exhausting week draws to a close. I spoke to many great people about totally different aspects of IT security … and my brain is now full of ideas. I also gave a talk named “Taking Down Credit Card Forums – an Analysis” which caused some nice discussions. Thx for that … I’ll be hopefully be able to work up my inbox folder during the weekend. See you soon again, Hamburg!

Talk: “Sicherheit und Forensik in der Cloud” – CloudConf 2010, Stuttgart

In November, I’ll give a talk together with a colleague at the CloudConf 2010 in Stuttgart. So if you are interested in security and forensic aspects of the “cloud”, join us there. We are looking forward to a fertile discussion.

Verinice XP Talk

Andreas will give a talk at the Verinice XP in Göttingen in September about our current ISMS project here at the RUB. Unfortunately, I will not be at the conf … but the program can be viewed here.

Talk on Identity Theft of Gaming Consoles

By the way, I will give a talk about the identity theft issue of current gaming console accounts. Get more information here. Date:

Fr, 26.11.2010, 09:00 – 11.30, Bochum ITS Breakfast

On my way back to Bochum – back from Berlin

I spent the last days in Berlin attending the TRUST 2010 conference at the Ritz-Carlton hotel. I also gave a talk about cloud forensics during the “Workshop on Trust in the Cloud” which was again the reason for plenty of interesting discussions. All in all, the conference was pretty well organized but I realized that the trusted computing community is something very special.

Unfortunately, I will probably miss the soccer match tonight …

Good Night Quote

For those who choose to ignore the importance of knowing how to perform forensics in a virtualized environment, you can always use the golden security rules of last resort: drink and pray (and not necessarily in that order).

With this in mind – hope to see you at TRUST 2010 in Berlin next week! (btw: This quote comes from the new book “Virtualization and Forensics”  – looking forward to reading this book!)

Back from Barcelona and SecureCloud 2010

The SecureCloud Conference 2010 in Barcelona is over. The event was well-organized by all the organizing parties (ENISA, ISACA, IEEE and CSA) although the detailed number of participants was not clear due to the 0-entrance fee. I met a lot of very interesting people from all around the globe each of them having their own special opinion about the “cloud” and its security concerns.

It was a pleasure for me to give a talk about this pretty new research topic “forensics in cloud computing environments”. I was astonished about the huge amount of feedback – thanks to all of you who discussed this topic with me! This is definitively a sign that there is still a lack of research in this field! Therefore, it is a pity that I didn’t manage to finish my research paper/work in time. I think it will still bother me until summer  – obviously current projects keep me busy!

Some people already asked me about the slides. I therefore uploaded them on my webspace: Get the PDF here! Thanks again to the organizing comittee and hopefully see you at the next SecureCloud – in 2011!

Talk at the a-i3/BSI – Symposium 2010

I will give a brief talk about the future of identity theft at the upcoming a-i3/BSI conference in April together with my professor. The complete agenda can be downloaded here.

Talk about Forensics in Cloud Environments – Secure Cloud 2010 in Barcelona

The SecureCloud 2010 in March in Barcelona is a premier educational and networking event hosted by the ENISA, the CSA and ISACA, three of the leading organizations shaping the future of Cloud Computing Security. It is the first event to focus specifically on state of the art practices to promote security, privacy and trust within cloud computing from technical, assurance and governance perspectives.

After the keynote speech of Dr. Udo Helmbrecht, Executive Director of ENISA and former BSI Director, I will give a talk called “Forensics 2.0: Challenges in the Cloud” which focuses on the aspects of digital forensics in cloud environments.

You should notice that there is no entrance fee for the conference. You are only asked to register here where you also receive the e-ticket similar to this one:

So, just to release some brief information of my talk, here is the abstract. But I will probably change some things

Abstract: Cloud Computing is probably one of the most discussed keywords of the last months and presents an outstanding chance for the IT business itself. However, still a lot of customers are reluctant to pushing their complete businesses into the cloud. One of the main problems customers are concerned about with cloud computing and security is the thread of the unknown. Cloud providers often don’t want their customers to see what’s behind the cloud curtain for several reasons.

Therefore, IT compliance, governance, data privacy and the possibility for digital investigations display still a huge unsolved problem in the Cloud Computing business. Concerning digital forensics, the physical access to servers is not given anymore which constitutes a complete new challenge for the investigator. In this talk we will focus on the new challenges in digital forensics customers have to face if they decide to outsource their data into the cloud. In addition, proposals for potential solutions will be discussed.