BitLocker, data encryption and HPAs: 3 lectures from Bronze Sponsor CRU/WiebeTech

HTCIA conference Bronze sponsor WiebeTechJames Wiebe has been a fixture in the digital forensics community for years: WiebeTech write-blockers are known throughout the industry, and even after selling the company to CRU-DataPort in January 2008, Wiebe remained vice president of research and development overseeing WiebeTech as a unique brand.

Conference attendees can expect to meet Wiebe in two capacities: at the WiebeTech booth, and as a lecturer in three presentations:

Bitlocker and the Forensic Investigator

Date: Tuesday, September 21, 2010 Time: 10:30AM

Bitlocker is Microsoft®’s standard encryption tool, which they fully support and have been enhancing,” says Wiebe. “As a result, it is ubiquitous among corporations and individuals.”

Any forensic professional who needs to know how to deal with search warrants with regard to Bitlocker (and encryption in general) should attend the session, which will include:

  • Technical information on Bitlocker’s encrypting engine
  • Background technical information on encryption
  • On which operating system versions Bitlocker can be found
  • What kind of keys Microsoft provides for users.

Wiebe will also describe a typical Bitlocker case, along with methodologies for key recovery.

Detecting Hidden Areas on Suspect Hard Drives

Date: Wednesday, September 22, 2010 Time: 10:30AM

Wiebe will present a survey of methodologies for hiding data on hard drives, in particular Host Protected Areas and Device Configuration Overlays (HPAs and DCOs). “HPAs are very common,” he says. “An understanding of where HPAs are used (e.g. BIOS backup) will preclude most legitimate uses.”

Wiebe will discuss both legitimate and potential illegitimate and illegal uses of HPAs, including examples of each. The lecture will also include technical information, which shows how HPAs are manipulated at the code level, and descriptions of various hardware and software tools, which allow forensic investigators to detect, document, and manipulate HPAs.

Forensic investigators will walk away from this lecture understanding how to image – and correctly analyze – seized hard drives. “Investigators should always look for HPAs,” saysWiebe. “If they are not imaged, the investigator has not imaged the entire disk.”

The Use of Ciphers in Crime Fighting History

Date: Wednesday, September 22, 2010 Time: 3:30PM

Ciphers and steganography have been used by criminals over the years to taunt forensic investigators and hide information. Wiebe will discuss and explain several historical cases. Among them: the famous Zodiac killer cipher, along with the question of whether steganography (a masking cipher) was used by Sept 11 terrorists.

Wiebe will present both codes and steganographic examples, along with case facts for context and illustrations which illustrate the difficulty of breaking encryption. Wiebe will also provide background information on how cipher science provides a basis for modern encryption technique. Finally, he’ll talk about statistical analysis that can help show a cipher’s likelihood of being a hoax.

This discussion is meant to be informative, fast moving, challenging and fun. “I enjoy ‘connecting with the audience,’” says Wiebe. “I like to see that I’ve kept their attention, and that they’ve learned something. I like the questions, and I like the ongoing opportunity to improve my product.”

WiebeTech Booth Activities

A conference Bronze sponsor, WiebeTech will have a booth. Product demonstrations are planned for digital forensics, data storage and encryption, and booth visitors can enter to win USB WriteBlockers. Notable about these products:

  • They are the smallest forensic USB write-blocking devices on the market.
  • They capture and image 20%-25% faster than the competing product.
  • They provide easy, write-blocked access to USB drives at 8-10 MB/s.
  • They work with USB Mass Storage Devices, and are compatible with single storage devices with Multiple Mountable Volumes (multiple LUNs)

One Response to BitLocker, data encryption and HPAs: 3 lectures from Bronze Sponsor CRU/WiebeTech

  1. […] you’re interested in aviation, you might enjoy James Wiebe’s blog. As we noted a little while ago, James will be giving three presentations on encryption, BitLocker, and a history of the use of […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: