Open source Android forensics: An HTCIA student charter project

March 8, 2012

We always like to hear about the cool new projects our students are engaging in, so we were excited to see University of Cincinnati student charter president Shadi Dibbini post on our Facebook page:

When we saw the site osaf-community.org, we definitely wanted to talk more with Shadi about his team’s project!

HTCIA: How did you get the idea for Open Source Android Forensics? How long have you been working on it thus far?

SD: My team started working on this project at the beginning of the school year, late September, and it has to be completed by the beginning of May. In May, we will be presenting at the University of Cincinnati’s Tech Expo event. The Tech Expo is a showcase of senior design projects from IT students, and students from other programs. The event is entirely open to the public, so feel free to come down and check out all the cool projects.

I came up with the idea of Open Source Android Forensics (OSAF) because I really enjoy forensics, and I have been a smartphone enthusiast for the past 8 years. A little off topic here, but believe it or not, I used to buy a new smartphone every three months so that I can have the best device that’s currently out on the market… I learned pretty fast that I was wasting my money, so I quit buying that many phones.

Besides the fact I enjoy forensics and smartphones, what caught my eye a few years ago, during the rise and popularity of Android, was the fact that Google does not have a vetting procedure for the applications that are published on the market. Google is smart by allowing any publisher to rapidly release applications without having to wait or gain approval (cough..cough..Apple)… however, Apple is smart by vetting applications to protect their users.

In recent news though, Google did come up with a new application security scanner called “Bouncer” after realizing that they did have a huge issue with Android malware. Back in Q3 2011, there was a report that had stated that malicious Android apps have risen 473% in about a year or so… that is a lot of malware.

This report pretty much sparked my ingenuity for coming up with the OSAF project. The OSAF project was initially going to be just the OSAF-Toolkit, a Linux OS that has been injected with all the latest Android application analysis software, but I wanted more than that. I wanted to not only create a application ripping toolkit, I wanted to create a community where anyone interested in Android malware analysis can have a one stop shop for any information they need.

I want people to stop at our site before any other site, and  I want people to collaborate with each other, share new techniques and methodologies, and share their findings after they have ripped apart an application (hence the threat index).

Another honorable mention is that my team is currently working on documentation on how to perform analysis against any application. This is an A-Z guide of what tools to use, how to use them, what to look for during static/dynamic analysis and etc… We do not want to give people a toolkit and say, “here you go, figure it out yourself” like many other projects have done.

HTCIA: What need does your research and site fill that others were missing?

SD: Not to be cocky or anything, but the entirely “FREE” price point for a toolkit, documentation and a collaborative work environment is argument enough that our site is better than the rest. I see other companies/sites charging a lot of money for training, certifications, information and etc.

I, at one point, wanted to take some certifications in forensics and information security, but the training and certifications were just way too much money for a college undergrad to afford. So I looked at this project from a college kid’s perspective… If it’s free, it’s for me… That’s why we decided to name the project OSAF. We wanted every aspect of it to be entirely open source.

HTCIA: How many people are working on the project?

SD: There are 4 of us IT seniors, including myself, working on the project right now. I couldn’t have picked a better team for this project. They are very smart and dedicated individuals wanting to make this project the best it can be. I think the reason why we are so dedicated as a team is because the project itself is very fun and unique. I feel like we are pioneers in this sort of work because I can’t find any site online that is dedicate to creating an entire environment dedicated to android malware analysis.

HTCIA: What are your goals for the site over the long term?

SD: I want the OSAF project to be well recognized in the forensics and malware analysis community. I eventually want to get more people on board to help analyze applications, maintain the site and answer any questions people may have. One day, I hope companies will be knocking on our door asking if they can sponsor us, in order to help fund and build the project, while keeping it 100% free of charge.

HTCIA: How long have you been a student HTCIA member? How long have the other students been?

SD: I am actually the founder and President of the University of Cincinnati’s HTCIA student chapter. I started the student chapter back in May 2011. I think we have a little over 20 student members (a mix of IT, IS and Criminal Justice students) in our chapter so far, but I have been getting a lot of email lately about new students interested in joining the chapter.

My team members for this project are not student members of HTCIA sadly. I would like for them to be members, but we only have 3 more months of school before we graduate. I will definitely get them to become full HTCIA members upon graduation.

HTCIA: Anything else you want to mention about the project?

SD: I just want people to know about us and the goals of our project. We can agree that the web is entirely too large right? I feel like it is hard for start-up sites, like us, to make it big these days unless they provide content that interests a vast majority of people, or if the site provides a service that interests organizations.

We want OSAF to be a site that provides both content and services of interest. Organizations, and the general public, have to realize that mobile malware is not going to magically disappear any time soon. Criminals will eventually get more crafty in the way they embed malicious code into applications; who knows, maybe to the point where the malicious codes circumvents the Android permissions mechanism.

That’s where OSAF has an advantage over anyone else. Anyone can ask OSAF to analyze an application, a community member will perform analysis, give the analysis report/results to the OSAF admins for review, then the OSAF admins will publish the finding on the threat index. Ripping apart applications is the only real way to find Android malware, because we all know how well Android “Anti-Virus” works.

Find and bookmark osaf-community.org, and keep an eye out for the site’s development, currently slated for completion in May! Shadi says that the toolkit is currently available online for download, and the malware analysis documentation will be complete in May as well.

Image: victoriawhite2010 via Flickr


DFIROnline: Defragmenting the digital forensics community with HTCIA member Mike Wilkinson

February 9, 2012

In our posts for monthly HTCIA chapter meetings, we’ve done something a bit unusual: linked to a virtual conference call that isn’t a chapter meeting. The monthly, hour-long DFIROnline is the brainchild of New England chapter member Mike Wilkinson (@MikeWilko on Twitter), who invites some of the most well-respected minds in the digital forensics and incident response (DFIR) community to interact with participants via live chat.

DFIROnline, like most of our chapter meetings, is open to anyone. We asked Mike to talk more to us about how he got the idea, why he’s doing it, and where it’s going:

HTCIA: How long have you been an HTCIA member, and what led to your creation of the DFIROnline
meetups?

MW: I have only been a member of the HTCIA since I moved to the US in August 2010. I had been aware of the HTCIA for many years prior to that and was considering setting up a chapter in Sydney, prior to leaving the NSW Police Force. I had run into Paul Jackson, at a [law enforcement] conference the previous year, where I presented a proposal for creating an organization similar to the CDFS, he had just got the Asia Pacific HTCIA chapter up and running and was very enthusiastic about the HTCIA.

I was inspired to create the meetups after watching on from the sidelines as Harlan Carvey started his NoVA [forensic] meetups. I would have loved to get along to one of the meetings, but the travel from Burlington VT to North Virginia was just a little hard to manage!

I ran into Harlan at PFIC and was talking about the meetups with him there. A few days later I thought that maybe an online meetup would work, I contacted Harlan to see if he was interested in getting involved and he was keen, I don’t think it would have worked so well without his support.

HTCIA: What about this particular format (as opposed to a webinar or conference call) did you think would be more beneficial than others?

MW: I have been using this format for in my online classes for the Masters program at Champlain College, and found that it worked well in class. The interface is highly customizable and allows a high level of participant interaction, far more than I have seen with other systems.

So far we have had a heap of chat going on at the same time as the presentation, the audience can ask questions and contribute suggestions as the presentation is running. Last session we had a bunch of helpful links posted and a lot of friendly banter, along with a drinking game, just to make it more interesting!

It also provides a video feed of the presenters so you get to see the person who is talking. In the first session we had a tour of Harlan’s office which was pretty cool. So although it is not the same as getting together face to face it does get pretty close.

Finally it does not require user registration, which helps to keep everything quite informal. Personally I find that if I have to register for something I am much less likely to get involved, I guess I just hate giving out my details.

HTCIA: Why do you think the community is so fragmented, and how can programs like this one help?

MW: This is something that has been bugging me for years. There is no simple answer to this and David Kovar wrote a great post on it last year, everyone in the industry should read it here.

I think historically there has been a high level of mistrust between LE/government and private practitioners. In some cases this may be well founded but for the most part people of both sides have a high level of integrity and are just doing their job.

This is compounded by the different closed lists, whether it is IACIS, HTCIA, CCE or DFIR each one is only open to a select group of people, in some cases based on if you hold a certification and in other if you work for the right organization. In either case you are artificially excluding some great people.

The other part of the problem is the different types of work we do. Forensics for LE is quite different to incident response. Some things (for example documentation) that I take for granted coming from a LE forensic background appear quite novel or even pedantic to some IR people.

Moving forward we should be focusing on what we have in common, rather than what our differences are. I would like to see a situation where the only barrier to involvement was appropriate ethical behaviour. Unfortunately there are a handful of people out there whose behaviour should result in their exclusion from the profession. However this group is very small and it is a pity to stifle the development of the profession in order to defend against this tiny group.

HTCIA: What kind of information sharing do you want to encourage?

MW: Well as an academic everything, from a LE perspective I recognize that there is a small amount of information that once it becomes common knowledge can hinder investigations.

However the at this point in time the bad guys are far more organized and specialized than we are. There is so much duplication of work going on as a result of poor sharing that massive amounts of time are wasted.

Harlan has a great example he uses, where if one person spends 20 hours solving a problem and shares it with another five people, it has the potential to save 100 hours of work, as they will not have to repeat his/her efforts.

One other thing I think everyone needs to realize is that they all have something to contribute. In my online classes we have lots of discussion and I find that it does not matter how long someone has been in the profession they always have something to contribute.

One of the things I love about teaching is getting to interact with all these great people. Just the other day I had a student who has only just completed his bachelors degree and is just starting out in the profession suggest a solution I had never considered. We need to realize that no one has all the answers and it is always worthwhile listening to others as you never know what you might learn.

HTCIA: What would you like to see for the meetups by the end of the year?

MW: More people involved and more great presentations. At the moment the time we run at is not much good for the rest of the world. I would like to run at least one session for Europe and another for Asia Pacific. I have already had people put their hand up to present in Europe and I could probably put some pressure on a few really smart people I know in Australia to do something. I just have to find the time to organize it.

HTCIA: Anything else you want to discuss?

MW: Yes, I have high hopes for [HTCIA partner] CDFS; I think it is the first time we have had an organization with transparent leadership and good representation of all parts of the profession. It is great to see it moving forward, I hope it continues to do so and take my hat off to the handful of people that have put the time into making it happen.

Also on a more personal note I have just created a new Master of Science in Digital Forensic Science, with a fair bit of help from a number of people listed here. This program is designed for people who already have a solid background in digital forensics and are looking for advanced education. Officially enrollment does not start until the fall term, but we can get students into a class over the summer if they are keen.

Again, DFIROnline is open to anyone. It’s next planned for February 16, with sessions planned on cryptology along with e-discovery case studies. Hope you’ll be there!


February for HTCIA: Chapter meetings and other notable events

February 3, 2012

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got four upcoming special events as well as regular chapter meetings this month:

HTCIA Chapter Meetings

February 7

HTCIA Ottawa will present “Inclusion of Forensic Video Analysis Within an Agency’s Digital Forensic Program” in Russell’s Lounge at the Ottawa Police Association from 5:30-8 p.m. Jeff Spivack, an IAI Board Certified Forensic Video Examiner, will demonstrate how forensic multimedia analysts obtain investigative leads and actionable intelligence from files that might otherwise be discarded.

Spivack has worked as a Forensic Multimedia Analyst with the Las Vegas Metropolitan Police Department, and has been accepted as an expert witness in courts throughout the U.S. In addition to conducting case work, Jeff is also Cognitech, Inc.’s Forensic Video Software Certification Instructor, and Senior Instructor of Video Forensics for Forensic Data Recovery, Inc., Cognitech’s Canadian affiliate.

For more information and to register, see the Ottawa HTCIA website. Non-HTCIA members are welcome for a guest fee of $15.00.

Also on February 7, our Southern California chapter will be holding a joint meeting with ISACA Los Angeles. A dinner meeting at Monterey Hill Restaurant (3700 W Ramona Blvd., Monterey Park, CA), the presentation, a computer forensics case study, will run from 5:30-8:30 p.m.

Guidance Software’s head of Risk Management, Andy Spruill, will provide his first-hand account of the landmark Victor Stanley, Inc. v. Creative Pipe, Inc. the intellectual property theft case that spawned not one, but two, landmark legal decisions in the world of digital forensics and eDiscovery. To register, please visit ISACA LA’s website.

February 9

Atlanta HTCIA will present “Forensics in your PJs” from 7:30-9:30 a.m. A breakfast meeting at American InterContinental University in Dunwoody, Georgia, the meeting will show you how to use various resources and tools on the internet to gather data. From Facebook to blogs what you can learn while sitting in your PJs!

Speaker Buffy Christie is Senior Director of Equifax Global Security.  Buffy has a BS in Criminal Justice, Forensic Science.  She is a CFE (Certified Fraud Examiner)  and is President of the Southeastern IAFCI (International Association of Financial Crimes Investigators).

To register for this event, visit Atlanta HTCIA’s EventBrite page.

February 10

Texas Gulf Coast HTCIA will meet from 1:00-3:00 p.m. at the FBI Greater Houston Regional Computer Forensics Laboratory. Those planning to attend will need to be vetted by the FBI prior to the meeting. In order to attend, contact Ms. Julie Campbell, Receptionist, Pathway Forensics (713.301.3380) and provide her with your name, DOB and DL#. Chapter members should also RSVP to the Evite invitation that was sent to the e-mail account on file with HTCIA International.

February 14

Midwest HTCIA is offering an Android forensics and software demo by Christopher Triplett, Sr. Forensic Engineer of viaForensics. From 8:30-11:30 a.m., Mr. Triplett will cover Android File Systems, Android Forensic Analysis Techniques, and a demonstration of viaForensics’ viaExtract product.

Midwest HTCIA’s chapter meetings are located in Oakbrook Terrace, IL at the ICE office (16th floor, Oakbrook Terrace Tower).

February 15

Minnesota HTCIA will meet in the Ridgedale Library, RHR West Room in Minnetonka.

February 16

Member Mike Wilkinson’s monthly DFIR Online Meetup will feature Peter Coons and John Clingerman providing e-discovery case studies , along with Jonathan Rajewski speaking on “N unaqf ba (cra/cncre) rkrepvfr va onfvp pelcgbybtl/pelcgnanylfvf”… or, “A hands on (pen/paper) exercise in basic cryptology/cryptanalysis.” Join in at 8:00 p.m.!

February 17

Washington state HTCIA will be meeting between 10am-12pm. Topic and speaker both TBD.

February 21

Central Valley HTCIA will be meeting at 12:00 noon at the Stanislaus County Sheriff’s Office, 250 East Hackett Road in Modesto, CA. Tentative topics are a presentation on TOR by Cullen Byrne, and an update on the group Anonymous by an FBI representative. Lunch to be provided.

Austin HTCIA, meanwhile, will meet from 1:30 to 3pm at the REJ Building. Rick Andrews will be going over navigation in EnCase v7. Come with questions!

February 22

Atlantic Canada HTCIA will meet from 5:30-7:30 p.m. with Jan Cox from Oracle presenting on the topic of SQL injection, among other things. An update on the chapter’s conference planning efforts will also take place.

February 24

From 11:00 A.M. – 3:00 P.M. at University Hall, Room 465 (51 Goodman Dr. in Cincinnati), Ohio HTCIA will be offering a presentation on Incident Response: Live Memory Capture and Analysis. Presenter Justin Hall has 15 years of experience in the information technology field and has spent the last seven focused on information security.

Mr. Hall is currently a security architect for CBTS, a technology services provider in the Cincinnati area – consulting with the firm’s enterprise customers in developing vulnerability management, incident response, and endpoint & network defense programs. He is a frequent speaker at information security community events, a SANS mentor, and holds a GCIH, GCFA and GPEN.

Following Mr. Hall’s presentation, lunch will be provided and the chapter’s business meeting conducted.

Also on Friday, our Kentucky chapter will meet at 1:oopm at Boone County Sheriff’s Office. Tom Webster will present about Internet Evidence Finder.

February 29

San Diego HTCIA will meet at the Admiral Baker Clubhouse in San Diego. Lunch will be served at 11:30, with the presentation (yet to be determined) running from 12:00-1:00 p.m. HTCIA members are also welcome to attend the 10 a.m. board meeting that day.

Lunch is free for all current members, $20 for guests, and $35 for new members with completed  HTCIA membership forms. RSVP is required, so please RSVP ASAP to treasurer@htcia-sd.org! This will assist in planning for seating and food requirements.

Northern California HTCIA will also be meeting on February 29. Topic and location to be determined.

Special Training Events

February 6-11: SANS COINS event coming to Los Angeles!

Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10”! Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs/

February 15

ISSA Ottawa and Women in Defence & Security will be co hosting a National Capital Security Partners’ Forum Event featuring Marene Allison, VP & CISO of Johnson and Johnson. The opening speaker will be Rennie Marcoux, Assistant Secretary to the Cabinet (PCO); the closing speaker will be Carol Osler, VP Physical Security TD Bank. For more information and to register, see http://www1.carleton.ca/npsia/upcoming-events/4409-2

February 20-24

Free law enforcement training! Minnesota HTCIA is advertising “Fighting Cyber Crime”, 40 POST credits’ worth of courses at the St Cloud State Campus. The training is a response to the increased ease with which people can access the Internet to commit crimes, as well as the increased emphasis on issues of homeland security. Participants will learn ways to uncover, protect, and exploit digital evidence to respond to crimes. Register via the course flyer at http://www.mn-htcia.org/documents/Cybercrimecourseflyer.pdf.

February 27-March 1

The New York District Attorney’s Office has partnered with the National White Collar Crime Center to offer Cybercop 101 – Basic Data Recovery & Acquisition (BDRA) to qualified members. This 4 day course teaches the fundamentals of computer operations and hardware function, and how to protect, preserve and image digital evidence.

This class introduces participants to the unique skills, best practices and methodologies necessary to assist in the investigation and prosecution of computer crime. It includes presentations and hands-on instruction on such topics as Partitioning, Formatting, Data Storage, Hardware and Software write blockers, the Boot Up process, and Duplicate Imaging. Register here for this and future courses!

REMEMBER: To get discounts or free training (where applicable), you must be a member.  Please join or renew your 2012 membership today!


HTCIA Lifetime Achievement Award winner Ken Citarella: A generation’s worth of institutional knowledge

August 31, 2011

One of the things we enjoy most about giving out our annual awards is the opportunity to highlight how our members’ best work contributes to our overall community. This is certainly the case with our 2011 Lifetime Achievement Award winner, Ken Citarella, Managing Director of Investigations for Guidepost Solutions.

In his role at Guidepost, Mr. Citarella directs investigations concerning fraud, information assurance, employee misconduct, and related matters. Most notably, he is directing the investigation of suspected fraud claims submitted to the Gulf Coast Claims Facility due to the catastrophic BP oil spill. Previously Mr. Citarella served in the Westchester County (NY) District Attorney’s Office for 27 years, including as Deputy Division Chief of the Investigations Division and Bureau Chief of the High Technology Crime and Economic Crime Bureaus.

Mr. Citarella is a nationally recognized authority on computer and white collar crime, having obtained convictions for computer intrusions, malicious software attacks, a software time bomb, spamming, digital child pornography, and the use of the Internet for child exploitation. In doing so, he helped to pioneer the investigation and prosecution of computer crimes in New York State and nationally.

In addition to his career with the DA and his work at Guidepost Solutions, Mr. Citarella has worked with a commercial litigation law firm and with the Corporate Investigations Division of Prudential Insurance. He is also an Adjunct Professor of Law at New York Law School, where he teaches a cybercrime course, and a Certified Fraud Examiner.

Mr. Citarella has been an HTCIA member since the mid-1980s and was the founding President of its Northeast Chapter in 1990.

“As one of our longest time members, Ken has a generation’s worth of institutional knowledge, which he has worked hard to bring to the investigative community throughout his career,” says Duncan Monkhouse, HTCIA International President.

“I am honored to accept this award from HTCIA, the foremost organization of its kind in the world,” says Mr. Citarella. “The members of HTCIA pioneered the fight against high technology crime by asking questions about how to acquire digital evidence that would be admissible in court, what criminal statutes would address the crimes we were seeing and what new ones we would need.

“As an organization we have grown the same way, by asking how we can assist each other in trying to bring some law and order to the frontier of cyberspace.  The pride I have felt for more than 25 years as a member of HTCIA has never been stronger, and I am confident HTCIA will help meet the continual challenge to grow strong as cyber threats continue to grow ever more threatening.”

Mr. Citarella will formally accept his award at the 2011 HTCIA International Training Conference & Expo, September 12-14 in Indian Wells, CA. Please join us in congratulating him!


Our members’ March contributions

April 5, 2011

Our members find many ways to contribute to the high tech crime investigation community. They teach, present at conferences, and write. We’re introducing a new series: monthly blog posts that round up our members’ work.

Recapping March:

HTCIA co-sponsored (together with our SoCal chapter) the Western Regional Collegiate Cyber Defense Competition. We’re pleased to announce that the Cal Poly Pomona team won! They’re advancing to nationals this coming weekend. Good luck SoCal team, and kudos to Dr. Dan Manson for organizing the regional event!

Midwest member Tom Yarrish debuted a new blog: RAM Slack, where his inaugural post discusses E01 images together with SIFT (the SANS Investigative Forensic Toolkit).

Eric Huber, in our Northeast chapter, discussed a variety of topics in his two blog posts this month. These included live response and the cloud, the underground economy around stolen intellectual property, and English football — among many other topics!

Part of Eric’s blog played off Midwest member David Kovar’s excellent post about the fragmentation of the digital forensics community. You might expect that as a community grows, it splinters into specialized groups… but that’s not what he’s talking about. Be sure to read the comments for more.

Northeast member Steve Branigan wondered whether virus scanners would be a thing of the past, as virus writers outpace the defenders. Could a virtual operating system be the answer?

Ottawa chapter member Chris Pierre blogged about how law enforcement needs to get past thinking that internet investigators are only for white collar and divorce investigations. Chris also blogged about some training that he and his firm are involved with, so be sure to check out his other postings.

Joe Garcia, also in our Northeast chapter, posted a Cybercrime 101 podcast episode about online child exploitation. He also blogged about securing iOS devices, focusing on Long as opposed to Simple passcodes and how they work.

Speaking of iOS devices, a fourth Northeast chapter member, Ryan Kubasiak, posts regular updates to his blog AppleExaminer.com.

Finally, our International 2nd Vice President, Tom Quilty of the Silicon Valley chapter, wrote about the impact of disasters on the international supply chain — notably, that the disruption of supply in a just-in-time inventory system makes it easier for counterfeit parts and goods to enter the stream of commerce.

Certainly, these blogs and other activities represent only a small subset of our members’ contributions to our community. So please, if you’re a member or you know of a member’s accomplishment that you’d like to see highlighted next month, please leave us a comment below, tweet us, or leave a comment on our Facebook page!


Next-Gen Networking: Our Student Member-Volunteers

October 7, 2010
Josh Chin, Michael Chau & Edmund Cheung, HTCIA student volunteers

Josh Chin, Michael Chau & Edmund Cheung, HTCIA student volunteers

If you attended our conference in Atlanta, you encountered our student volunteers at some point: at the registration desks for the event and the labs, in the corridors to assist with wayfinding, and (in one case) taking pictures for our Facebook page. If you were a speaker, you worked with at least one student volunteer long before arriving in Atlanta.

Our students weren’t just there to help us out. They were there to learn and to network, too: they’re the next generation of cybercrime investigators, and their work helped them as well as us. And they did such a great job with it all that we wanted to take the time to introduce them by name.

Edmund Cheung assisted with registration and helped get our speakers situated in their rooms. “I was also appointed to the position of conference photographer,” he says. “I basically ran around taking picture from the exhibit hall, to the lab sessions, and Tuesday night’s dinner.”

Having been involved with conference planning from the beginning of the year, Edmund found it rewarding to see how his and fellow volunteers’ hard work came together. But that wasn’t the only benefit. “I had a great time networking with a lot of great people, getting to know each other better, and hearing their stories about why they enjoy doing what they’re doing or just the importance of combating high tech crimes.”

A full-time fourth-year student at California State Polytechnic University (Cal Poly) Pomona, Edmund is studying Business Administration with a focus in Computer Information Systems, and a minor in General Management. Upon graduating, he plans to pursue a career in computer forensics, possibly as part of an electronic crimes task force, and to obtain a graduate degree along with certifications.

Like many professionals in the industry, Edmund says he’s captivated by the way the technology is ever growing and changing – one of the main reasons he attended the conference. He plans to join HTCIA “to be part of an association that wants to promote awareness and educate those who want to battle against electronic crimes. [Also], I get to interact with and learn from the men and women in this community who enjoy their work in investigations that deal with sophisticated technologies.”

Michael Chau, like Edmund, volunteered with registration and speakers. “By helping out in this year’s conference, I was able to meet new people that share the same interest as I do,” he says. “I would say the best thing about being there was the fact that everyone is associated or wanting to be associated with [investigating] the high-tech crime that is going on in today’s reality. I love the atmosphere this association brings to the community – that of people who enjoy learning and being associated with the prevention of high-tech crimes.”

Also a a full-time student attending Cal Poly Pomona, Michael is pursuing his bachelor’s degree in computer information systems. He plans to work as a network analyst or in a network security position. “Being part of the first group to graduate from my high school’s technology program allowed me to realize that this particular field is what I want to do as my career,” he says. “Technology is always growing and that fascinates me.”

Josh Chin‘s volunteer role was similar: to work with guest speakers on coordinating logistics as well as ensuring their needs were met. Pre-conference, he was part of the team that collaborated with potential speakers on compiling their proposals and requests. During the conference, Josh worked with Edmund and Michael to assisted both speakers and attendees.

“For our attendees, we guided them to different workshops and lectures as well as addressed any concerns they may have regarding the conference,” says Josh. “For our speakers, we made sure they were settled in well, answered any questions and addressed any concerns they may have had. We also looked in from time to time on our speakers or made necessary adjustments to the conference schedule to balance speakers’ flight delays or cancellations”

Josh appreciated the opportunities his volunteer work gave him “to work with each of the speakers as well as network with different attendees. It was wonderful meeting everyone. Joining HTCIA is a brilliant opportunity to make friends in law enforcement, as well as gain an infinite amount of wealth and knowledge on computer forensics, and a glimpse at the challenges we’re facing on fighting cyber crime.”

Josh, likewise a Cal Poly Pomona student earning a degree in Business Administration with a concentration in Computer Information Systems and an emphasis on Information Assurance, plans “to make a positive difference and impact on cyber space, and to take a bite out of cyber crime. This field is an opportunity to make a difference in the world, ensuring that our next generation will be prepared to face the next set of cyber challenges.”

Ryan Jafarkhani did not attend the conference, but volunteered alongside Josh and Edmund as the point of contact between speakers and HTCIA. “I ensured that the speaker’ needs and questions were answered, [and I] helped solve any issues that arose. I also coordinated with the speakers to retrieve information and documentation required by the HTCIA,” he says.

Already a graduate of Cal Poly Pomona with a Bachelor of Science degree in Business Administration (emphasis on Computer Information Systems), Ryan is an IT/Finance Auditor Associate with Beckman Coulter Inc., a manufacturer of medical lab instruments.

“I do plan on going into the computer forensics and security field in the near future,” he says. “Ever since I was young, I’ve always wanted to be a detective of sorts. Computer forensics provides me the opportunity to solve complex problems, work in a dynamic industry and provides the challenging career I am looking for.

“Joining the HTCIA gives me the opportunity to network with very bright and talented individuals who provide information and insight in areas of computer forensics that I may have never been exposed to before. Joining the HTCIA also exposes me to talent in both private and public (government) industries.”

Are you a student interested in joining HTCIA?

The GPA requirement we used to have has been waived completely, and school charters are active in Washington state, New England and Ohio. Those who are studying computer science, forensics, criminal justice, law enforcement, corrections, accounting, auditing, or similar program of study are eligible; 10 or more Student Members from one college or university may form an HTCIA School Charter.


The power of the HTCIA investigator network

September 13, 2010

HTCIA's strength lies in its networkOne of HTCIA’s great strengths, and the quality for which it is perhaps best known, is the power of its network. Whether in public or private sector, members know that they can call on one another whenever they need assistance – or when they think they can help their colleagues.

Executive Secretary Art Bowker had this experience recently. Reading a news article about cybercrime, Bowker noticed a comment made following the article was not, technically, a response.

Instead, the poster – apparently a woman – described being jilted by a vice president in a large and well-known corporation. Searching on the username attached to the comment, Bowker found multiple other comments on other news sites. Several of them mentioned that the commenter was thinking of suicide every day.

“To me it seemed like someone had a lot of anger [and was] expressing it on the Internet,” he says. “As it appeared numerous times, I took some screen shots and looked up HTCIA members who worked at the corporation to alert them.”

Located in Ohio, far from the company’s headquarters, Bowker had never communicated with these particular members before. But the company’s security intelligence analysis team manager responded.
“They were apparently unaware this was going on, and had been for about six months,” says Bowker.

From networking to security education

“I think in this day and age, companies should be putting alerts on themselves out there,” says Bowker, “preferably rather complicated ones beyond just their name. If a person can go on any news site and post a comment, the company needs to be aware of it – particularly if those comments get worse… threatening, etc.

“This person could actually show up at their door and shoot someone, and hindsight would show they had been posting all over the place their thoughts, including on suicide. This shows companies what they need to do to protect themselves.”

To Bowker, who has been an HTCIA member for 10 years, this case wasn’t just about members coming together to stop a security incident or help someone in need. It also means that the members he contacted are in a better position to educate 1) the C-suite on the need for social media monitoring, and 2) other employees – and HTCIA members in their own community – on how to respond if they ever see or hear something among themselves.

“It is about knowledge sharing, about techniques as well as dangers, with our members and obviously the public. Thank goodness we had HTCIA members from this company, as I would have spent time trying to find out whom to advise about it,” Bowker says.

Image: Ella’s Dad via Flickr