Before we run down the list of January chapter events, we’d like to draw your attention to two new chapter website redesigns. HTCIA Asia-Pacific will contain all-new and updated content, having migrated from the old htcia.org.hk. Visit President Frank Law’s blog post to read more details, and be sure to follow HTCIA-APAC in its various social site locations!
Meanwhile, our Midwest chapter is building out its site with new content weekly, including Tips of the Week, listings of forensic tools, and of course updates on chapter meetings and events.
Visit the new sites, subscribe to their RSS feeds and learn from what they offer!
Upcoming January HTCIA meetings
Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got two upcoming special events as well as regular chapter meetings this month. Where available, we’ve posted meeting details; if none are available, we encourage you to visit the chapter website (linked below) and get in touch with the officers to learn more.
HTCIA Atlantic Canada Chapter Meeting, 5:30pm – 7:30pm. Eric Jones of Absolute Software (maker of LoJack and Computrace computer tracking software) will be focusing on the use of these tools for geolocation, forensics, and law enforcement.
The Atlantic Canada chapter meets in two physical locations:
- Fredericton New Brunswick at 64 Allison Blvd.
- Dartmouth Nova Scotia, 45 Alderney Dr.
There’s also a telephone conference line and a WebEx conference for those who can’t make it to the physical locations. Contact the chapter for more information!
Atlanta HTCIA will be holding Log2Timeline open source tool training from 11:30AM – 1:00PM at American InterContinental University’s Dunwoody, GA campus. Log2Timeline is used to create a “SuperTimeline” to help determine the sequence of events based on logs and artifacts found in a forensic image of a Windows based system.
Speaker Rodger Wille has been working incident response and forensics within the Federal Government for over 10 years. Rodger is currently the Digital Forensic Services Team lead for a Federal Agency based in Atlanta, where he is responsible for conducting digital forensic and malware analysis in response to computer intrusions and malware incidents.
Texas Gulf Coast HTCIA will be holding an “overview” type meeting from 1:00 PM – 3:00 PM (following an 11:30 a.m. social networking lunch at JAX Grill) at the United Way Community Resource Center. This meeting will focus on the meetings for 2012 and will include possible topics, speakers and training session(s). Please come with lots of ideas!
San Diego HTCIA is teaming with the city’s Information Systems Security Association (ISSA) chapter this month! Between 11:30 – 1:00 PM PST at the Admiral Baker Clubhouse, Mr. Robert Capp II, Senior Manager of Trust and Safety at StubHub, will be presenting on the results of an online fraud investigation against StubHub. Learn the limitations of traditional investigative methods for international crimes and how StubHub overcame these limitation to work effectively with various international law enforcement to arrest the criminals and seriously reduce company fraud.
Central Valley (CA) HTCIA will be meeting at 11:30 a.m. at 250 E Hackett Road, Room 152 in Modesto. Lunch will be provided, and the topics for the day include chapter goals for 2012, and interpreting hex code.
Florida HTCIA welcomes speaker Randall Huff, Security Director of TLO.com, from 9:00-11:00 a.m. at the IRS-Criminal Investigation 7850 SW 6th Court, Plantation, FL. Mr. Huff will be speaking on TLO as an organization, TLOxp used by and available to law enforcement as well as other tools developed by the the inventor of Autotrack and ACCURINT.
Michigan HTCIA will be meeting the same day at 10:00 AM at the Walsh College Novi Campus room #511. The presentation will be an overview of using social networks as an investigative tool. HTCIA members Mr. Steffan Gaydos and Wayne County Sheriff Deputy Erin Diamond will present issues affecting law enforcement, as well as private sector investigations. The presentation will conclude with a discussion on tools and methodologies for collecting online evidence.
DFIROnline, run by HTCIA member Mike Wilkinson of our New England chapter (though separately from chapter meetings), is a virtual meeting that brings together digital forensics and incident response professionals from all locations and all disciplines. Beginning at 2000 and running for about an hour, this month’s meeting will feature Harlan Carvey looking at malware detection on an acquired image and Eric Huber covering APTs.
Washington state HTCIA will offer a presentation on managing incident response investigations, given by Michael Panico of Stroz Friedberg, from 10:00 AM-12:00 PM.
Ontario HTCIA will be at the Toronto Police College 7 – 9 p.m.
Special Training Events: Atlanta, GA & Los Angeles, CA
On January 27, 2011, Atlanta HTCIA will be offering a special presentation on Understanding and Investigating Microsoft Volume Shadow Copy. This event will run from 10:00AM – 2:00PM; Christopher L. T. Brown, CISSP and the founder and CTO of Technology Pathways, will be presenting.
Field investigators often need to find information fast in the field. Recovering deleted files and performing advanced searches are often time consuming and thus prohibitive for field investigators. Both live system triage and analysis of off line images containing Microsoft VSC “Volume Shadow Copy” snapshots can often net a wealth of information to investigators who know how to process it.
Learn more and register at the Atlanta HTCIA chapter website!
February 6-11: SANS COINS is coming to Los Angeles! Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.
FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs.
HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10” Register now!