2012 HTCIA Conference Call for Speakers

December 14, 2011

If you’ve considered presenting to other high tech crimes investigators in 2012, we hope you’ll submit a paper to us! As always, the 2012 HTCIA International Training Conference & Expo organizers seek to provide the best possible training on the latest topics in high technology crime by the best speakers available.

To this end we’re soliciting speakers for the conference in the following areas (not an exhaustive list):

  • Information security
  • Investigations (identity theft, child pornography, cyber crime, intellectual property theft, white-collar, and corporate)
  • Computer forensics
  • eDiscovery
  • Legal issues
  • Courtroom testimony techniques
  • Financial crimes – tax evasion & money laundering
  • International trends – situations – experience
  • White collar & corporate investigations
  • Legal issues – civil & criminal
  • Legal mock trial
  • Report writing for forensic examiners
  • Report writing for investigations

The 2012 HTCIA International Conference & Training Expo will be held September 16-19, at the Hershey Lodge, Hershey, PA. If you would like to speak on any of the above topics, or have a topic of your own, please contact Jimmy Garcia, chair of the Program Committee – jrgarcia@da.lacounty.gov. We look forward to hearing from you!


Learning from the next generation: Student research at #HTCIACon

September 29, 2011
Jon Ford Virtual Desktop research

Jon Ford describes his Virtual Desktop research

Before the HTCIA conference, we blogged about a new style of presentation: student poster presentations, which would give graduate and undergraduate college students the chance to talk to professionals about their research.

Six students were on hand in Indian Wells, presenting on a wide range of topics from information security to law enforcement volunteer jobs:

Infosec and e-government

Tim Perez is a doctoral student at Dakota State University and is working on a dissertation entitled “E-Government Security Concerns for Municipal Government Entities.” Having worked for eight years as an information technologist for a local law enforcement agency, Perez sees that communities with small budgets and few regulatory requirements tend to focus less on security.

However, measures like online bill pay, which increase both efficiency and convenience, make security necessary because they deal with personally identifiable information. Perez’ research focuses on how to communicate these issues in a way that municipal managers will understand.

Learning incident response by doing

Another project that brought together law enforcement, security, and education was a Cal Poly Pomona Senior Project. Chris Curran, at the time a college professor and SoCal HTCIA Chapter President, approached students to design an entire scenario, from players to the crime to the resulting analysis.  The completed project would then be used as a final exam for other forensic students.

Student Steve Gabriel came up with the scenario involving a fictional disgruntled university IT employee, who had “stolen” critical source code and hidden it in a System 33 file when he went to a new job. Gabriel utilized multiple web browsers, along with Trillian instant-messaging and Outlook email software. Several other students played the other fictional roles, communicating and using digital media that was later imaged and provided as “suspect” evidence.

To find the evidence and create an answer key for Curran, Gabriel and the others used FTK, EnCase, AccessData’s Registry Viewer, and a SQLite database viewer. Gabriel said the project received good feedback for being an incident response-type case with multiple exploit layers and 25 gigabytes of evidence.

Security vs. performance with supercomputing

On the preventive side of network security was work that Cal State-San Bernardino students Kyle Sandoval, David Warner and Estevan Trujillo had done for the 2011 Computer System, Cluster and Networking Summer Institute at Los Alamos National Laboratories. Their research broke ground on the cost of deploying firewalls on each node of a supercomputing cluster, rather than on the 4,000-node cluster as a whole.

The reason: security measures should always be installed on each separate computer, but supercomputers are so expensive to power that even a five percent drop in computational performance – such as what a firewall might result in – can exponentially add to their cost.

Thus in their project, Sandoval, Warner and Trujillo used a Linux cluster and created multiple IPTables rule sets. They used these to run a series of benchmarking tools that measured bandwidth, latency, and MPI job performance. They wanted to determine what performance implications IPTables firewall had on a cluster.

With just 10 test machines and a 6-week period, the research concluded simply that more research was needed – and the students anticipate that the lab will continue their work.

Virtualization for mobile device management

Jonathan Ford is a student at Cal State University and a volunteer for a nearby sheriff’s department, which was starting to provide official-use iPads to its officers. A number of issues presented themselves with that initiative:

First, the iPads’ remote access to a virtual machine would work for 10 to 20 users, but large numbers – the kind that would be seen on an average shift – made the virtual machine unstable and caused it to crash. Second, different users would need different levels of access to records depending on their role. Finally, to minimize the risk from vulnerabilities – not just on iPads, but also on the other 3,000 or so disparate devices in use – the agency needed a way to manage a variety of operating systems, software and users.

Ford’s answer: a Virtual Desktop, which would save both time and money by enabling:

  • upgrades and patches to occur just once rather than for each system
  • data to be stored on a server
  • administrators to keep a list of which users had access to which software applications

The second part of Ford’s research shows law enforcement agencies the benefits of integrating academic research into their everyday operations. “Many agencies cannot hire full-time employees, but they still need support with computer forensics and security – the fields students want experience in,” he says. “Writing grants for research means each can get what they need.”

How law enforcement can benefit from student volunteers

Cal State-Sacramento student Alex Krepelka had earned a GCFA and wanted to use it. But he didn’t just stop at volunteering for the Butte County District Attorney’s Office – he turned it into research, the better with which to help law enforcement develop their own computer forensics and security volunteer programs.

Krepelka thinks it would help if agencies could fall back on a set of national standards for forensic investigations that will go to trial – from county to county, some agencies allow for volunteers while others do not, but many agencies have backlogs of hundreds of cases. He also thinks that if students knew they could get valuable real-world experience from organizations that needed their expertise, more would study computer security and forensics.

The value of HTCIA student affiliations

Krepelka believes that organizations like the HTCIA can help – and that’s where the final research project comes in. Austin Pham, a student at Cal Poly Pomona, presented on the Forensic and Security Technology (FAST) organization, HTCIA’s student charter at that school. FAST affords students the opportunity to take workshops on data acquisition, analysis and reporting – as well as on industry standard forensic tools, including EnCase and FTK.

This is thanks to its affiliation with the HTCIA SoCal chapter and the forensic professionals who are members there. “We hold six meetings a quarter and some training workshops throughout the year,” says Pham, “and we always get great turnout.” During the student charter’s first signing, in fact, 25+ students expressed interest in membership, and the organization has grown ever since.

Pham added that he and other FAST students had all volunteered to assist with our conference, because of all that HTCIA had invested in them. They registered participants, directed attendees to lecture and lab rooms, and assisted presenters with equipment and other needs.

All six student presenters told us that they had seen a good amount of foot traffic, which resulted in some good comments and questions – especially those for whom the topics hit home. The feedback will help them validate and refine their research, ultimately making it stronger for the entire community.

Anna Carlin, the instructor who coordinated the presentation, adds that the students themselves benefit in a variety of ways: not just with the ability to conduct more credible research, but also with exposure to the very professionals who are in a position to give them jobs or grants.

Did you meet our students in Indian Wells? Want to see future research presented at our conferences? Leave us a comment and let us know what you think!

Recalling the 2011 HTCIA International Conference

September 20, 2011

It’s already been a week since we packed dozens of lectures, 14 hands-on labs, and a sold-out expo hall into our three days at Indian Wells. Here’s a run-down of some of our highlights:

Monday: Cliff Stoll, and Vendor Showcases

The day (and conference) started off strong with Clifford Stoll’s keynote. Clear about the fact that he was making a presentation he first gave in 1986 – and has given several times since then – Stoll nonetheless kept his audience entertained and educated, presenting “evergreen” material that is as relevant today as it was 25 years ago. Among his highlights:

Cliff Stoll arpanet hacking investigationCliff Stoll networking demonstrationCliff Stoll investigation budgets, mandates

Northern California member Ira Victor followed up with an in-depth interview of Cliff, which he recorded for his Cyber Jungle podcast.

Following the day’s main lab and lecture events, Platinum sponsors Micro Systemation AB and AccessData showcased new products in the Emerald ballrooms.

Amid music, hors d’oeuvres and drinks, MSAB unveiled the worldwide preview of XRY 6.0, including an improved user interface, better export options, and Watchlist automation. MSAB will be providing training at our Philadelphia/Delaware Valley chapter in October, followed by training in South Florida in late October-early November. They’re available to come to any chapter needing mobile phone forensics training – is yours one of them?

Meanwhile, AccessData’s Keith Lockhart talked a bit about Early Case Assessment. During the well-attended and well-received presentation, Lockhart went through this e-discovery product, discussing features such as its ability to filter large amounts of data, to handle collaborative web-based review of that same data, and most of all, its immediate cost savings for forensic and legal teams.

And after all was said and done, participants gathered at the Stir Nightclub on-site for the traditional Northeast Chapter Party!

Tuesday: What we liked best, and our Annual Banquet

Just to keep abreast of what was going on from our participants’ point of view, we asked what they liked best about our conference. Some of the responses:

In the evening came our banquet, a richly rewarding experience that started with drummers from the intercollegiate musical group Senryu Taiko and ended with a hilarious comedy routine from “The Lovemaster,” Craig Shoemaker. In between we enjoyed ribeye steak, a 25th Anniversary chocolate torte, and opening for Craig, comedian Richard Aronovitch.

But the evening’s core lay in our awards ceremonies, where we presented plaques to the winners of our Case of the Year, Chapter of the Year, and Lifetime Achievement Awards. This year, as last year, the Case of the Year winners got a standing ovation for their hard work in putting a killer behind bars. And contenders for Chapter of the Year got a challenge: give SoCal a run for their money!

HTCIA 2011 Case of the Year winners Eichbaum, Cook, Sunseri & Maloney

HTCIA 2011 Case of the Year winners Eichbaum, Cook, Sunseri & Maloney

HTCIA 2011 Lifetime Achievement Award winner Ken Citeralla, Northeast Chapter

HTCIA 2011 Lifetime Achievement Award winner Ken Citarella, Northeast Chapter

HTCIA 2011 Chapter of the Year: Southern California

HTCIA 2011 Chapter of the Year: Southern California's board members

Wednesday: Wrapping up great learning experiences

By Wednesday everyone’s brains were just about full, but our labs and lectures enjoyed good attendance nonetheless:

Other conference highlights: lunchtime raffles, international tweets & still more networking

Lunchtimes offered good food and great prizes. Over chicken and pasta (Monday), cold cuts (Tuesday), and Chinese cooking (Wednesday), participants had the chance to buy tickets to enter our raffles. Giveaways included:

Vendors got in on the action too:

If you were following our hashtag #HTCIACon on Twitter, you may have noticed a few foreign-language tweets. As an international organization, we love to see our members reaching out to their own communities in their native languages. Spanish and Dutch participants did exactly that, including a longer blog post by member and presenter Andres Velazquez.

HTCIA conferences would be nothing without networking and the exchange of amazing ideas. Jim Hoerricks wrote about it, and posted some of those ideas in his blog. We also heard from Albert Barsocchini, who came with an e-discovery perspective.

Did you write or podcast about the HTCIA conference or good outcomes you gleaned? Please let us know in comments!

Pre-conference: An eye toward the future days… and years

September 12, 2011

Sunday, Sept. 11 saw us start to welcome our conference participants, have some fun with those who arrived early, and make some plans – not just for the days, but also for the years ahead:

Our earliest event, the 8 a.m. golf tourney, had a successful 42-player turnout. Sally Vesley, marketing communications manager with tourney sponsor CRU-Dataport/WiebeTech, says it was one of the most fun workdays she has ever had. “They were great golfers,” she says. “We gave away four pairs of golf shoes, a golf cart, and of course USB write blockers.” The write blockers went to the top 3 winners:

  • Jim Keith, Closest to Pin
  • Terry Willis, Longest Drive (and winner of the whole tourney)
  • Brian Collins, part of the winning team

Vesley also says she’s planning another tourney for next year’s conference in Hershey, Pennsylvania.

At 11 a.m. registration opened to welcome our first conference participants. Many had arrived the night before or that morning, and lined up to get their badges and conference materials, including shirts and pins, our program, and free software.

Also at 11 a.m., the expo hall opened so that the vendors could set up their booths in advance of the Vendor Reception planned for the evening. Notable exhibits: Wireshark University‘s tropical tiki display (complete with network-devouring shark!), and Paraben’s crime-scene contest. Both sponsors are giving away free stuff: Paraben is making its Chat Examiner software available to participants, while Wireshark U. is providing one-year All Access Passes to its training!

At 1 p.m., chapter presidents (or board representatives) gathered for the International Board of Directors meeting. Among the items discussed there:

  • Membership, including student membership. We currently stand with 38 chapters and 17 student charters, 3,227 members and 214 student members. Our student members continue to be an outstanding addition to our organization, providing needed research and volunteer work to support our regular members.
  • Internet Safety for Children (ISFC). Shadi Hayden, of our Silicon Valley chapter, talked about the renewed interest in the ISFC, which had seen much success in the mid-2000s. Shadi has been working hard to recruit regional volunteers to help with website content and outreach to allied organizations like Internet Crimes Against Children (ICAC) task forces and the OJJDP, so that the ISFC can be a conduit of information between public and private sector investigators. This conduit will include an ISFC website “facelift,” which will allow us to share information both publicly and for member investigators only.
  • Strategic Planning & Communications. In July a Strategic Planning Committee came together to chart the HTCIA’s course over the next five years and beyond. The committee performed a SWOT analysis, determined its goals and strategic objectives, and came up with ideas needed to drive the HTCIA toward those objectives – including a new website, better training and education, and improved communications.
  • The Consortium of Digital Forensics Specialists. Incorporated this year as a way to consolidate the voice of the digital forensics profession, the CDFS asked the HTCIA to become a collective nonprofit member of this complementary (not competing) organization. Board members voted to join – we’ll be sure to update you on future developments as we support this newest organization!

Officers also took care of organization business, including votes on bylaw changes and on International Executive Committee members for the coming year. Joining incoming International President Ron Wilczynski (Northern California) will be: 1st Vice President Tom Quilty (Silicon Valley), 2nd Vice President Jimmy Garcia (Southern California), Secretary Peter Morin (Atlantic Canada), and Treasurer Jose Soltero (Southern California).

Finally, we wish to remember all our members who were affected ten years ago by the 9/11 terrorist attacks. From our New York City members who lost friends and family members – or responded – at the World Trade Center, to other members who committed quantities of time and energy to investigating terrorism, we keep you in our thoughts and our hearts. Your spirit is reflected in the words of our Northeast member Cynthia Hetherington, who was supposed to be aboard United 93:

View more of our photos from pre-conference events and setup at our Facebook page. Be sure to “like” our page while you’re there, so you can see the latest updates over the next few days!

HTCIA 2011: A recap of the fun stuff

September 6, 2011

In recent weeks we’ve provided snapshots of several of our labs and lectures. We’ve got a lot of high quality training, most of our labs are filled and we’re excited about the learning which we know will be happening. However, with the conference just one week away, we also wanted to provide a recap of the fun stuff you can expect when you arrive in Indian Wells!

Sunday morning: Golf Tourney

On Sunday, September 11, 2011, Bronze sponsor CRU-DataPort/WiebeTech will be sponsoring a tournament at the Indian Wells Golf Resort starting at 8:00am. The tournament fee is $75 per player and includes green fees, cart and deluxe golf and digital forensic prizes.

For more details, see our earlier blog post!

Sunday night: Movie Night

Silver Sponsor Vound (makers of Intella email forensics software) is sponsoring a Movie Night on the Rose Lawn. Co-founder Peter Mercer asked for a movie with kangaroos, and/or cricket. Will we deliver?

Monday morning: Keynote Speaker Cliff Stoll

A quirky but charismatic speaker, Cliff Stoll is known for his “restless energy,” as the TED Talks site notes:

You may not be sure where he’s going, but the ride is always part of the adventure.

An astronomer (though his astronomy career took a turn when he noticed a bookkeeping error that ultimately led him to track down a notorious hacker), researcher and internationally recognized computer security expert — who happens to be a vocal critic of technology — Stoll makes a sharp, witty case for keeping computers out of the classroom. Currently teaching college-level physics to eighth graders at a local school, he stays busy in his spare time building Klein bottles.

Monday night: Northeast Chapter Party

What would an HTCIA annual conference be without the traditional Northeast Chapter Party? This is still tentative on our schedule, but we can’t imagine going without this year. Even if we do, the Renaissance Esmeralda has informed us of their desire to have their nightclub open for Monday Night Football. Either way, see you there!

Tuesday: Awards Banquet with Comedian Craig Shoemaker

Our Tuesday evening dinner is an opportunity for us to recognize our association’s biggest contributors. Here we bestow our Chapter of the Year, Case of the Year, and Lifetime Achievement Awards. This year, meet our winners: our Southern California chapter, Central Valley chapter members James Eichbaum and Jim Cook (and maybe, the detectives and deputy DA they assisted), and Ken Citarella of our Northeast chapter.

The evening’s entertainment will come courtesy of Craig Shoemaker, ABC American Comedy Awards’ Comedian of the Year in 1998. An actor and voiceover artist as well as stand-up talent, Shoemaker has worked in stand-up comedy for 20 years. Viewers voted his half-hour Comedy Central special as one of the network’s Top 20 stand-up specials of all time, and his forum, Laughter Heals, serves people suffering from life-threatening illnesses along with their families.

Our lectures form the core of our training and education efforts, but we’re also known for the networking that can only come when new friends and good friends alike come together to share, eat, drink and have a good time. Join us in Indian Wells – we think it’ll be the event of the year!

Partnerships with students, other associations make SoCal Chapter of the Year

August 30, 2011

After an extremely intense Chapter of the Year competition, we’re proud to announce that we’ve awarded our annual honor to our Southern California chapter! The variety of activities and events they put together, plus their innovative outreach efforts, have raised the bar for all our chapters and their members. Some highlights:

Student chapter promotion

While the California State Polytechnic University (Cal Poly) Pomona’s student Forensic and Security Technology (FAST) group had been in existence since 2008, it formalized its HTCIA charter in 2010. SoCal chapter president Chris Curran says, however, that it’s not just about having the charter – it’s also about supporting the students in their career paths.

“We invite our students to attend our regular chapter meetings, which several of them have done,” says Curran. “It’s a great opportunity for them to get a feel for what the field is all about, and also to make contacts with potential employers as well as future colleagues.”

The SoCal chapter also gives students access to its job board, which Curran says has a twofold purpose: 1) graduating seniors can apply if they want, but 2) all the students can see the qualifications they’ll need to apply.

And students are encouraged to help represent HTCIA at conferences. A number of Pomona students volunteered at our conference in Atlanta last year, and will be in Indian Wells again this year. In addition, students helped association members staff a booth at both the ISACA Spring Conference and the AccessData User Conference.

This year, the Cal Poly Pomona students showed their appreciation and spirit by designing custom graduation sashes that they wore with their caps and gowns. These sashes are available to any other student charter with graduating members.

Joint training sessions with other associations

The SoCal chapter has taken steps over the past year to build and strengthen relationships with members in other organizations, including the local chapters for the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). Those relationships led to joint training sessions and networking opportunities.

“It’s important for our members to share information, get new contacts and even encourage cross-pollination between the associations,” says Curran. “High tech crime involves so many aspects of technology that you may encounter some uncommon issue where a contact with background in information security or auditing becomes useful.”

Training and education for children and parents

“We gave three presentations on Internet safety – two at elementary schools and one at a middle school,” says Curran. “The schools made sure to invite the parents along with children at all grade levels. The idea was for them to increase their understanding of the good and bad on the Internet, and increase their communication as a result.”

In addition, longtime HTCIA members Donn Hoffman and David Nardoni presented at the Cyber Challenge Camp, as part of a panel on ethics.

Congratulations to our Southern California chapter, and many thanks to our members there for the hours of hard work put into these efforts. We’re looking forward to presenting the 2011 Chapter of the Year plaques in just two weeks. We hope you’ll join us!

One more week of conference registration!

August 29, 2011

HTCIA 2011 International Training Conference & ExpoDidn’t get a chance to register last week for our upcoming HTCIA International Conference & Training Expo? Well, you have another chance. We’ve had such a great response, we decided to see if we could get record attendance! Therefore, we have decided to keep registration open one more week until Friday, September 2. After this date, registrations will be accepted on-site.

Please note: The Renaissance Esmeralda is almost full. We have arranged for guests to stay at the Hyatt Grand Champions Resort, which is within walking distance of the Renaissance, as our overflow hotel. When making your reservation with the Hyatt, reference “HTCIA” to receive the $103/night group rate.

Don’t delay – register today!