In order to advance the fields of IT-Incident Management and Forensics the special interest-group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) organises an annual conference, bringing together experts from throughout the world, to discuss state of the art in the areas of Incident Management and IT-Forensics (IMF). IMF promotes collaboration and exchange of ideas between industry, academia, law-enforcement and other government bodies.

The scope of IMF 2006 is broad and includes, but is not restricted to the following areas:

IT-Incident Management:

• Purposes of IT-Incident Management
• Trends, Processes and Methods within IT-Incident Management
• Formats and Standardisation in the IT-Incident Management
• Tools for the IT-Incident Management
• Education and Training in the field of IT-Incident Management Awareness
• Determination, Detection and Evaluation of Incidents and Sensors
• Procedures for Handling Incidents
• Problems and Challenges while establishing CERTs/ CSIRTs
• Sources of Information/ Information Exchange/ Communities
• Dealing with Vulnerabilities (vulnerability response)
• Current Threats
• Early Warning System
• Organisations (Nat. CERT-Associations, FIRST, TERENA/ TI, TF-CSIRT)

IT-Forensics:

• Trends and Challenges within IT-Forensics
• Methods, Processes and Applications for IT-Forensics ( Networks, Operating Systems, Storage Media, ICT-Systems etc.)
• Evidence Protection in IT-Environments
• Standardisation of Evidence Protection Processes
• Data Protection- and other legal implications for IT-Forensic Investigations
• Juristic Relevance of IT-Forensic Investigations
• Tools for IT-Forensics
• Forensic readiness