February for HTCIA: Chapter meetings and other notable events

February 3, 2012

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got four upcoming special events as well as regular chapter meetings this month:

HTCIA Chapter Meetings

February 7

HTCIA Ottawa will present “Inclusion of Forensic Video Analysis Within an Agency’s Digital Forensic Program” in Russell’s Lounge at the Ottawa Police Association from 5:30-8 p.m. Jeff Spivack, an IAI Board Certified Forensic Video Examiner, will demonstrate how forensic multimedia analysts obtain investigative leads and actionable intelligence from files that might otherwise be discarded.

Spivack has worked as a Forensic Multimedia Analyst with the Las Vegas Metropolitan Police Department, and has been accepted as an expert witness in courts throughout the U.S. In addition to conducting case work, Jeff is also Cognitech, Inc.’s Forensic Video Software Certification Instructor, and Senior Instructor of Video Forensics for Forensic Data Recovery, Inc., Cognitech’s Canadian affiliate.

For more information and to register, see the Ottawa HTCIA website. Non-HTCIA members are welcome for a guest fee of $15.00.

Also on February 7, our Southern California chapter will be holding a joint meeting with ISACA Los Angeles. A dinner meeting at Monterey Hill Restaurant (3700 W Ramona Blvd., Monterey Park, CA), the presentation, a computer forensics case study, will run from 5:30-8:30 p.m.

Guidance Software’s head of Risk Management, Andy Spruill, will provide his first-hand account of the landmark Victor Stanley, Inc. v. Creative Pipe, Inc. the intellectual property theft case that spawned not one, but two, landmark legal decisions in the world of digital forensics and eDiscovery. To register, please visit ISACA LA’s website.

February 9

Atlanta HTCIA will present “Forensics in your PJs” from 7:30-9:30 a.m. A breakfast meeting at American InterContinental University in Dunwoody, Georgia, the meeting will show you how to use various resources and tools on the internet to gather data. From Facebook to blogs what you can learn while sitting in your PJs!

Speaker Buffy Christie is Senior Director of Equifax Global Security.  Buffy has a BS in Criminal Justice, Forensic Science.  She is a CFE (Certified Fraud Examiner)  and is President of the Southeastern IAFCI (International Association of Financial Crimes Investigators).

To register for this event, visit Atlanta HTCIA’s EventBrite page.

February 10

Texas Gulf Coast HTCIA will meet from 1:00-3:00 p.m. at the FBI Greater Houston Regional Computer Forensics Laboratory. Those planning to attend will need to be vetted by the FBI prior to the meeting. In order to attend, contact Ms. Julie Campbell, Receptionist, Pathway Forensics (713.301.3380) and provide her with your name, DOB and DL#. Chapter members should also RSVP to the Evite invitation that was sent to the e-mail account on file with HTCIA International.

February 14

Midwest HTCIA is offering an Android forensics and software demo by Christopher Triplett, Sr. Forensic Engineer of viaForensics. From 8:30-11:30 a.m., Mr. Triplett will cover Android File Systems, Android Forensic Analysis Techniques, and a demonstration of viaForensics’ viaExtract product.

Midwest HTCIA’s chapter meetings are located in Oakbrook Terrace, IL at the ICE office (16th floor, Oakbrook Terrace Tower).

February 15

Minnesota HTCIA will meet in the Ridgedale Library, RHR West Room in Minnetonka.

February 16

Member Mike Wilkinson’s monthly DFIR Online Meetup will feature Peter Coons and John Clingerman providing e-discovery case studies , along with Jonathan Rajewski speaking on “N unaqf ba (cra/cncre) rkrepvfr va onfvp pelcgbybtl/pelcgnanylfvf”… or, “A hands on (pen/paper) exercise in basic cryptology/cryptanalysis.” Join in at 8:00 p.m.!

February 17

Washington state HTCIA will be meeting between 10am-12pm. Topic and speaker both TBD.

February 21

Central Valley HTCIA will be meeting at 12:00 noon at the Stanislaus County Sheriff’s Office, 250 East Hackett Road in Modesto, CA. Tentative topics are a presentation on TOR by Cullen Byrne, and an update on the group Anonymous by an FBI representative. Lunch to be provided.

Austin HTCIA, meanwhile, will meet from 1:30 to 3pm at the REJ Building. Rick Andrews will be going over navigation in EnCase v7. Come with questions!

February 22

Atlantic Canada HTCIA will meet from 5:30-7:30 p.m. with Jan Cox from Oracle presenting on the topic of SQL injection, among other things. An update on the chapter’s conference planning efforts will also take place.

February 24

From 11:00 A.M. – 3:00 P.M. at University Hall, Room 465 (51 Goodman Dr. in Cincinnati), Ohio HTCIA will be offering a presentation on Incident Response: Live Memory Capture and Analysis. Presenter Justin Hall has 15 years of experience in the information technology field and has spent the last seven focused on information security.

Mr. Hall is currently a security architect for CBTS, a technology services provider in the Cincinnati area – consulting with the firm’s enterprise customers in developing vulnerability management, incident response, and endpoint & network defense programs. He is a frequent speaker at information security community events, a SANS mentor, and holds a GCIH, GCFA and GPEN.

Following Mr. Hall’s presentation, lunch will be provided and the chapter’s business meeting conducted.

Also on Friday, our Kentucky chapter will meet at 1:oopm at Boone County Sheriff’s Office. Tom Webster will present about Internet Evidence Finder.

February 29

San Diego HTCIA will meet at the Admiral Baker Clubhouse in San Diego. Lunch will be served at 11:30, with the presentation (yet to be determined) running from 12:00-1:00 p.m. HTCIA members are also welcome to attend the 10 a.m. board meeting that day.

Lunch is free for all current members, $20 for guests, and $35 for new members with completed  HTCIA membership forms. RSVP is required, so please RSVP ASAP to treasurer@htcia-sd.org! This will assist in planning for seating and food requirements.

Northern California HTCIA will also be meeting on February 29. Topic and location to be determined.

Special Training Events

February 6-11: SANS COINS event coming to Los Angeles!

Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10”! Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs/

February 15

ISSA Ottawa and Women in Defence & Security will be co hosting a National Capital Security Partners’ Forum Event featuring Marene Allison, VP & CISO of Johnson and Johnson. The opening speaker will be Rennie Marcoux, Assistant Secretary to the Cabinet (PCO); the closing speaker will be Carol Osler, VP Physical Security TD Bank. For more information and to register, see http://www1.carleton.ca/npsia/upcoming-events/4409-2

February 20-24

Free law enforcement training! Minnesota HTCIA is advertising “Fighting Cyber Crime”, 40 POST credits’ worth of courses at the St Cloud State Campus. The training is a response to the increased ease with which people can access the Internet to commit crimes, as well as the increased emphasis on issues of homeland security. Participants will learn ways to uncover, protect, and exploit digital evidence to respond to crimes. Register via the course flyer at http://www.mn-htcia.org/documents/Cybercrimecourseflyer.pdf.

February 27-March 1

The New York District Attorney’s Office has partnered with the National White Collar Crime Center to offer Cybercop 101 – Basic Data Recovery & Acquisition (BDRA) to qualified members. This 4 day course teaches the fundamentals of computer operations and hardware function, and how to protect, preserve and image digital evidence.

This class introduces participants to the unique skills, best practices and methodologies necessary to assist in the investigation and prosecution of computer crime. It includes presentations and hands-on instruction on such topics as Partitioning, Formatting, Data Storage, Hardware and Software write blockers, the Boot Up process, and Duplicate Imaging. Register here for this and future courses!

REMEMBER: To get discounts or free training (where applicable), you must be a member.  Please join or renew your 2012 membership today!


Keynote on Future Crimes: INTERPOL’s Marc Goodman

July 29, 2010

When it comes to future crimes, it may be tempting to dismiss concepts like robotic crime, artificial intelligence crime, and others. After all, we’ve got enough problems in the present, and no one can predict the future.

Or can they? Marc Goodman, Senior Advisor at Interpol Steering Committee on Information Technology Crime, argues that these are hardly concepts — they are already reality. We talked more with him about his keynote presentation, which describes why and how:

HTCIA: You’re speaking about highly technical subjects. How far in the future are they — closer than we think, or far enough to have time to think?

Most cybercrime investigators already have enough work to do and none of us is hurting for more cases. That said, I think it is important to look at what”s coming next in cybercrime. Though some of the issues I will be discussing sound far off (Robotic Crime, Artificial Intelligence Crime, Satellite Crime), in fact, these issues are already here.

There are real-world case examples of all the new forms of crime to be discussed. That said, most are not very common…just yet anyway. I think one of my favorite quotes will answer your question perfectly: “The future is already here, it is just not very widely distributed yet.” (William Gibson, Neuromancer).

In other words, these things are occurring everyday, though most are not aware of it. My goal is to help raise awareness of these issues and plot a public response to them.

HTCIA: Some examples are here and now (terrorists recruiting on MMPORPGs), Hollywood (robotics in law enforcement), or apparently superfluous (virtual goods theft, rape). Why and how are they relevant?

Law enforcement has always played catch-up. Throughout history bad guys have always had access to technology long before police officers. Whether discussing cars, automatic weapons, pagers, mobile phones or the Internet–police have always tried to retrospectively figure out what criminals were doing and then had to beg for funding to respond.

Cops see the trends early on, but it takes a long-time to ramp-up and get adequate resources to respond. Given the rapid pace at which technology is moving forward, playing catch-up all the time may put society and our future at significant risk. Therefore, I think it is critically important to study and respond to future forms of criminality now–before it is too late.

HTCIA: Most agencies nowadays are struggling with lack of resources to police the real world. How could they balance the two?

This is a really tough question, particularly given the state of our economy and the number of agencies actually laying off police personnel. As a former street-cop, I clearly understand that drive-by shootings and child abductions will always outrank more esoteric forms of criminality.

That said, much could be accomplished via effective partnerships with the private and educational sectors. It doesn’t cost anything for an investigator to visit a professor of robotics or AI at the local college or university. I think in particular there is a large role to be played by the federal government and its various law enforcement research arms such as NIJ and NCJRS.

Also, many of these emerging technologies have already been exploited by the military and defense communities, each of which offer technology-transfer programs for police agencies.

In summary, I am not suggesting every cop needs training in robotic operating system forensics, but I am suggesting that, particularly in large departments, it might not be a bad idea to have at least one person think about these issues occasionally.

HTCIA: How did you become interested in these areas — what made you move from more conventional cybercrime topics to the future?

I’ve been working in the high-tech crime field for almost 20 years. To be honest, I had become a bit bored with the standard questions we were hashing-out and re-hashing all the time. “Cybercrime is bad; we need greater international cooperation; public-private partnerships are important.”

I had heard the same themes repeated over and over again at dozens of conferences over the years. With absolutely no disrespect to any of my colleagues, I just felt we needed to move the conversation forward and become more proactive.

Cybercrime of 1990 or 2005 will have little in common with the technical threats we are facing in 2010 and beyond. The absolute game changer is the ubiquity of technology. Previously computers were big white boxes with television-sized monitors on our desks. As anybody today knows, thanks to Moore’s Law, the iPhone can do all the same things.

What people perhaps haven’t yet realized is that their refrigerators, cars and photocopiers all have hard drives in them. GPS forensics and location-based forensics will explode in the near future. We are producing more data than ever and it will be an increasing struggle to analyze it all. Today the Roomba robot vacuums the floor; tomorrow it may protect your home and actually fight off intruders.

Though it sounds like science fiction to some, I absolutely believe that we are on the verge of a new type of cybercrime revolution. I’d like to help move the conversation forward and develop a plan of response for the good-guys now, before it is too late.

HTCIA: Anything else you’d like attendees to know before they hear you talk?

Come in with an open mind and be prepared to have your assumptions challenged. 😉

Questions for Marc? Leave a comment and let us know!

Image: kevindooley via Flickr