February for HTCIA: Chapter meetings and other notable events

February 3, 2012

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got four upcoming special events as well as regular chapter meetings this month:

HTCIA Chapter Meetings

February 7

HTCIA Ottawa will present “Inclusion of Forensic Video Analysis Within an Agency’s Digital Forensic Program” in Russell’s Lounge at the Ottawa Police Association from 5:30-8 p.m. Jeff Spivack, an IAI Board Certified Forensic Video Examiner, will demonstrate how forensic multimedia analysts obtain investigative leads and actionable intelligence from files that might otherwise be discarded.

Spivack has worked as a Forensic Multimedia Analyst with the Las Vegas Metropolitan Police Department, and has been accepted as an expert witness in courts throughout the U.S. In addition to conducting case work, Jeff is also Cognitech, Inc.’s Forensic Video Software Certification Instructor, and Senior Instructor of Video Forensics for Forensic Data Recovery, Inc., Cognitech’s Canadian affiliate.

For more information and to register, see the Ottawa HTCIA website. Non-HTCIA members are welcome for a guest fee of $15.00.

Also on February 7, our Southern California chapter will be holding a joint meeting with ISACA Los Angeles. A dinner meeting at Monterey Hill Restaurant (3700 W Ramona Blvd., Monterey Park, CA), the presentation, a computer forensics case study, will run from 5:30-8:30 p.m.

Guidance Software’s head of Risk Management, Andy Spruill, will provide his first-hand account of the landmark Victor Stanley, Inc. v. Creative Pipe, Inc. the intellectual property theft case that spawned not one, but two, landmark legal decisions in the world of digital forensics and eDiscovery. To register, please visit ISACA LA’s website.

February 9

Atlanta HTCIA will present “Forensics in your PJs” from 7:30-9:30 a.m. A breakfast meeting at American InterContinental University in Dunwoody, Georgia, the meeting will show you how to use various resources and tools on the internet to gather data. From Facebook to blogs what you can learn while sitting in your PJs!

Speaker Buffy Christie is Senior Director of Equifax Global Security.  Buffy has a BS in Criminal Justice, Forensic Science.  She is a CFE (Certified Fraud Examiner)  and is President of the Southeastern IAFCI (International Association of Financial Crimes Investigators).

To register for this event, visit Atlanta HTCIA’s EventBrite page.

February 10

Texas Gulf Coast HTCIA will meet from 1:00-3:00 p.m. at the FBI Greater Houston Regional Computer Forensics Laboratory. Those planning to attend will need to be vetted by the FBI prior to the meeting. In order to attend, contact Ms. Julie Campbell, Receptionist, Pathway Forensics (713.301.3380) and provide her with your name, DOB and DL#. Chapter members should also RSVP to the Evite invitation that was sent to the e-mail account on file with HTCIA International.

February 14

Midwest HTCIA is offering an Android forensics and software demo by Christopher Triplett, Sr. Forensic Engineer of viaForensics. From 8:30-11:30 a.m., Mr. Triplett will cover Android File Systems, Android Forensic Analysis Techniques, and a demonstration of viaForensics’ viaExtract product.

Midwest HTCIA’s chapter meetings are located in Oakbrook Terrace, IL at the ICE office (16th floor, Oakbrook Terrace Tower).

February 15

Minnesota HTCIA will meet in the Ridgedale Library, RHR West Room in Minnetonka.

February 16

Member Mike Wilkinson’s monthly DFIR Online Meetup will feature Peter Coons and John Clingerman providing e-discovery case studies , along with Jonathan Rajewski speaking on “N unaqf ba (cra/cncre) rkrepvfr va onfvp pelcgbybtl/pelcgnanylfvf”… or, “A hands on (pen/paper) exercise in basic cryptology/cryptanalysis.” Join in at 8:00 p.m.!

February 17

Washington state HTCIA will be meeting between 10am-12pm. Topic and speaker both TBD.

February 21

Central Valley HTCIA will be meeting at 12:00 noon at the Stanislaus County Sheriff’s Office, 250 East Hackett Road in Modesto, CA. Tentative topics are a presentation on TOR by Cullen Byrne, and an update on the group Anonymous by an FBI representative. Lunch to be provided.

Austin HTCIA, meanwhile, will meet from 1:30 to 3pm at the REJ Building. Rick Andrews will be going over navigation in EnCase v7. Come with questions!

February 22

Atlantic Canada HTCIA will meet from 5:30-7:30 p.m. with Jan Cox from Oracle presenting on the topic of SQL injection, among other things. An update on the chapter’s conference planning efforts will also take place.

February 24

From 11:00 A.M. – 3:00 P.M. at University Hall, Room 465 (51 Goodman Dr. in Cincinnati), Ohio HTCIA will be offering a presentation on Incident Response: Live Memory Capture and Analysis. Presenter Justin Hall has 15 years of experience in the information technology field and has spent the last seven focused on information security.

Mr. Hall is currently a security architect for CBTS, a technology services provider in the Cincinnati area – consulting with the firm’s enterprise customers in developing vulnerability management, incident response, and endpoint & network defense programs. He is a frequent speaker at information security community events, a SANS mentor, and holds a GCIH, GCFA and GPEN.

Following Mr. Hall’s presentation, lunch will be provided and the chapter’s business meeting conducted.

Also on Friday, our Kentucky chapter will meet at 1:oopm at Boone County Sheriff’s Office. Tom Webster will present about Internet Evidence Finder.

February 29

San Diego HTCIA will meet at the Admiral Baker Clubhouse in San Diego. Lunch will be served at 11:30, with the presentation (yet to be determined) running from 12:00-1:00 p.m. HTCIA members are also welcome to attend the 10 a.m. board meeting that day.

Lunch is free for all current members, $20 for guests, and $35 for new members with completed  HTCIA membership forms. RSVP is required, so please RSVP ASAP to treasurer@htcia-sd.org! This will assist in planning for seating and food requirements.

Northern California HTCIA will also be meeting on February 29. Topic and location to be determined.

Special Training Events

February 6-11: SANS COINS event coming to Los Angeles!

Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10”! Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs/

February 15

ISSA Ottawa and Women in Defence & Security will be co hosting a National Capital Security Partners’ Forum Event featuring Marene Allison, VP & CISO of Johnson and Johnson. The opening speaker will be Rennie Marcoux, Assistant Secretary to the Cabinet (PCO); the closing speaker will be Carol Osler, VP Physical Security TD Bank. For more information and to register, see http://www1.carleton.ca/npsia/upcoming-events/4409-2

February 20-24

Free law enforcement training! Minnesota HTCIA is advertising “Fighting Cyber Crime”, 40 POST credits’ worth of courses at the St Cloud State Campus. The training is a response to the increased ease with which people can access the Internet to commit crimes, as well as the increased emphasis on issues of homeland security. Participants will learn ways to uncover, protect, and exploit digital evidence to respond to crimes. Register via the course flyer at http://www.mn-htcia.org/documents/Cybercrimecourseflyer.pdf.

February 27-March 1

The New York District Attorney’s Office has partnered with the National White Collar Crime Center to offer Cybercop 101 – Basic Data Recovery & Acquisition (BDRA) to qualified members. This 4 day course teaches the fundamentals of computer operations and hardware function, and how to protect, preserve and image digital evidence.

This class introduces participants to the unique skills, best practices and methodologies necessary to assist in the investigation and prosecution of computer crime. It includes presentations and hands-on instruction on such topics as Partitioning, Formatting, Data Storage, Hardware and Software write blockers, the Boot Up process, and Duplicate Imaging. Register here for this and future courses!

REMEMBER: To get discounts or free training (where applicable), you must be a member.  Please join or renew your 2012 membership today!


Recalling the 2011 HTCIA International Conference

September 20, 2011

It’s already been a week since we packed dozens of lectures, 14 hands-on labs, and a sold-out expo hall into our three days at Indian Wells. Here’s a run-down of some of our highlights:

Monday: Cliff Stoll, and Vendor Showcases

The day (and conference) started off strong with Clifford Stoll’s keynote. Clear about the fact that he was making a presentation he first gave in 1986 – and has given several times since then – Stoll nonetheless kept his audience entertained and educated, presenting “evergreen” material that is as relevant today as it was 25 years ago. Among his highlights:

Cliff Stoll arpanet hacking investigationCliff Stoll networking demonstrationCliff Stoll investigation budgets, mandates

Northern California member Ira Victor followed up with an in-depth interview of Cliff, which he recorded for his Cyber Jungle podcast.

Following the day’s main lab and lecture events, Platinum sponsors Micro Systemation AB and AccessData showcased new products in the Emerald ballrooms.

Amid music, hors d’oeuvres and drinks, MSAB unveiled the worldwide preview of XRY 6.0, including an improved user interface, better export options, and Watchlist automation. MSAB will be providing training at our Philadelphia/Delaware Valley chapter in October, followed by training in South Florida in late October-early November. They’re available to come to any chapter needing mobile phone forensics training – is yours one of them?

Meanwhile, AccessData’s Keith Lockhart talked a bit about Early Case Assessment. During the well-attended and well-received presentation, Lockhart went through this e-discovery product, discussing features such as its ability to filter large amounts of data, to handle collaborative web-based review of that same data, and most of all, its immediate cost savings for forensic and legal teams.

And after all was said and done, participants gathered at the Stir Nightclub on-site for the traditional Northeast Chapter Party!

Tuesday: What we liked best, and our Annual Banquet

Just to keep abreast of what was going on from our participants’ point of view, we asked what they liked best about our conference. Some of the responses:

In the evening came our banquet, a richly rewarding experience that started with drummers from the intercollegiate musical group Senryu Taiko and ended with a hilarious comedy routine from “The Lovemaster,” Craig Shoemaker. In between we enjoyed ribeye steak, a 25th Anniversary chocolate torte, and opening for Craig, comedian Richard Aronovitch.

But the evening’s core lay in our awards ceremonies, where we presented plaques to the winners of our Case of the Year, Chapter of the Year, and Lifetime Achievement Awards. This year, as last year, the Case of the Year winners got a standing ovation for their hard work in putting a killer behind bars. And contenders for Chapter of the Year got a challenge: give SoCal a run for their money!

HTCIA 2011 Case of the Year winners Eichbaum, Cook, Sunseri & Maloney

HTCIA 2011 Case of the Year winners Eichbaum, Cook, Sunseri & Maloney

HTCIA 2011 Lifetime Achievement Award winner Ken Citeralla, Northeast Chapter

HTCIA 2011 Lifetime Achievement Award winner Ken Citarella, Northeast Chapter

HTCIA 2011 Chapter of the Year: Southern California

HTCIA 2011 Chapter of the Year: Southern California's board members

Wednesday: Wrapping up great learning experiences

By Wednesday everyone’s brains were just about full, but our labs and lectures enjoyed good attendance nonetheless:

Other conference highlights: lunchtime raffles, international tweets & still more networking

Lunchtimes offered good food and great prizes. Over chicken and pasta (Monday), cold cuts (Tuesday), and Chinese cooking (Wednesday), participants had the chance to buy tickets to enter our raffles. Giveaways included:

Vendors got in on the action too:

If you were following our hashtag #HTCIACon on Twitter, you may have noticed a few foreign-language tweets. As an international organization, we love to see our members reaching out to their own communities in their native languages. Spanish and Dutch participants did exactly that, including a longer blog post by member and presenter Andres Velazquez.

HTCIA conferences would be nothing without networking and the exchange of amazing ideas. Jim Hoerricks wrote about it, and posted some of those ideas in his blog. We also heard from Albert Barsocchini, who came with an e-discovery perspective.

Did you write or podcast about the HTCIA conference or good outcomes you gleaned? Please let us know in comments!

Platinum sponsor AccessData: Cross-pollinating with digital forensics, e-discovery and infosec training

August 24, 2011

AccessData HTCIA Platinum Star SupporterNo coverage about our conference would be complete without a mention of our longtime Platinum-level sponsor, AccessData. Not only are they holding a one-hour showcase on the latest version of their lab solution, which provides massive distributed processing and a web-based environment for collaborative analysis – they also have a range of diverse topics on digital forensics, information security and e-discovery.

“With the fast changing cyber landscape, more and more forensic examiners find themselves assisting with incident response and litigation support for their employers. Likewise, law enforcement is faced with a growing number of cybercrime cases involving hacking and malware,” says Keith Lockhart, AccessData’s vice president of training. “That’s why we’re providing a good selection of educational content on those topics, specifically geared toward forensic examiners who need this type of continuing education in order to keep up with the ever-changing demands of this industry.”

Social media, Macintosh analysis, decryption and Windows 7

On Monday morning, Sept. 12, AccessData’s Nick Drehel, senior instructor and curriculum manager, and Michael Staggs, senior consulting engineer, will present “The Realities of Investigating Social Media.” This lab will discuss myths in the marketplace and demonstrate the value of network forensics when it comes to a comprehensive social media investigation. Participants will learn what is possible using host analysis solutions versus packet analysis.

Tuesday morning, Drehel will also discuss “Next Generation Decryption,” in which participants will learn how to maximize their chances of success when attacking encrypted files. Attendees will learn best practices, ways to access “low hanging fruit”, and utilize PRTK and the AccessData “Art of War” methodology to recover passwords from files, user logon passwords and Intelliforms decryption.

Chris Sanft, another senior instructor with AccessData, will present two labs on Macintosh analysis and Windows 7 forensics. Sanft’s Mac analysis lab, which will take place Monday afternoon, will focus on using FTK and FTK Imager to examine HFS drive structure to image, examine, and report on Macintosh evidence.

On Wednesday afternoon, Sanft returns for a hands-on presentation about Microsoft Windows 7 operating system artifacts and file system mechanics. He’ll discuss the BitLocker Full Volume Encryption (FVE) technology and the new BitLocker To Go, along with the techniques that should be employed during evidence seizure and acquisition. Students will also review the changes in the Windows 7 registry and recover forensic artifacts from the registry.

E-discovery for forensics examiners, social media, and early case assessment

David Speringo, a senior e-discovery consultant for AccessData, will cover three e-discovery-related topics between Tuesday and Wednesday.

On Tuesday, he’ll present the lectures “What Every Forensic Investigators Should Know about eDiscovery and the Process” and “Social Media and eDiscovery.” The first will discuss e-discovery’s critical requirements which a forensic examiner must understand while getting to know a task that frequently falls outside their comfort zone. Participants are encouraged to ask questions about the nuts and bolts of the electronic discovery process!

“Social Media and eDiscovery,” meanwhile, will explore the need for organizations to have a social media policy in place – and to effect a proper e-discovery plan to capture and secure social media interactions over the network. Speringo will take participants through a discussion of policy creation, usage and those technologies which can facilitate either the collection or preservation of data, as well as the analysis of that data.

Wednesday’s lab, “Early Data Assessment and Early Case Assessment,” will teach participants how to quickly sort and filter through data before it goes into final review, making it easier for a legal team to determine probabilities of success for either a defense or settlement for a given piece of litigation. The lab will take the user through a case study using AccessData’s ECA software to analyze metrics, keywords, and file categorization.

Memory analysis, man-in-the-middle attacks, and handling advanced exploits

Rounding out AccessData’s labs will be three presentations on information security topics. On Monday, AD’s director of forensics training Ken Warren and NCFI network forensics instructor Rob Andrews will cover memory analysis fundamentals, including options for memory capture both in the field and in the lab. They’ll look at the artifacts that can be easily parsed from memory, along with techniques for searching memory and even retrieving graphics, unencrypted versions of text, passwords and more.

Warren and Andrews will return on Tuesday to present “Hands-On Hacking Investigation: Man in the Middle Attack,” which is a type of attack brought against unsuspecting users under many different situations. Warren and Andrews will discuss the techniques used to investigate this type of breach and discover the artifacts left behind after the attack.

On Wednesday morning, Michael Staggs and senior global security engineer Tom Wong will talk about “New Technology for the Improved Handling of Advanced Exploits.” In this session, attendees will learn about technological advancements that dramatically enhance an organization’s ability to detect, analyze and remediate threats. They will see how the integration of host analysis, network analysis and data auditing will arm organizations to better handle network exploits, data theft or even HR policy violations.

AccessData tools presentations

On Monday evening, Nick Drehel will return for a Happy Hour FTK Transition Workstation. The objective of this lecture-only presentation is to introduce attendees to the AccessData Forensic Toolkit 4.0 software. The lecture will cover the new enhancements to the program and database, and attendees will get the opportunity to ask questions about the new database.

On Wednesday morning, mobile forensics trainer Lee Reiber will cover extraction techniques for iPhone, iPad and Android devices using Mobile Phone Examiner Plus (MPE+) and FTK. Learn which tools extract the most data logically, and also learn how to physically image an Apple iOS device, including the iPad.

Interested in attending any of these labs? Register now so that you can sign up – seats are going quickly!

International investigations: Digital forensics and social media

July 8, 2011

Several of our lectures this year will discuss international issues with high tech crime investigations. Among the presentations: a joint talk on Tuesday, Sept. 13 about international social media investigation, from members Cynthia Navarro and Andres Velazquez; and on Wednesday, a Latin American perspective on digital forensics from Andres Velazquez.

A Latin American perspective on digital forensics

Velazquez, a Mexican digital forensics expert who built the country’s first private digital forensics labs through his company MaTTica, says one of the key differences between the United States and Latin American countries is the legal system structures. “US judges rely mainly on precedent, but in Latin America, judges rely solely on codes,” he explains. “So, if the defendant’s conduct does not meet the law’s requirements, it won’t be a felony.”

For example, a denial of service attack does not qualify as a felony. Nor does identity theft, or theft of other data, because the codes are based on physical robbery — the theft of tangible items. “A robbery charge depends on the absence of goods,” Velazquez explains, “but when the data is still there, according to the law, how can it have been stolen?”

In addition, civil or tort laws’ requirements are difficult to meet because none of the laws cover e-discovery, so examinations as US investigators understand them are not possible. And although a law in Mexico was passed last year that covers privacy of personal information, legislators have yet to approve guidelines, so investigators still face difficulty in this area.

Meanwhile, because many Internet service providers are headquartered in the US, Latin American investigators face difficulties with getting data because of international agreements. “Currently, we have to get a court order through our Exterior Relationships Secretary [comparable to the US Secretary of State],” Velazquez explains. “That has to go through the embassy, then through the US federal government, to the state, and then finally to the company. By the time the process is complete, it can be up to two years, and then the data we needed are gone.”

Agreements similar to the Budapest Open Access Agreement would help, but even at that, few Latin American attorneys and judges understand computers. Velazquez recalls a search he coordinated in which investigators seized only keyboards and monitors — but not the actual computers. Part of his mission is to educate and assist law enforcement and other investigators in the region.

Yet decisions continue to be made by the very judges who don’t understand computers, and to whom investigators have no access. The answer: for investigators to find a way to be in what Velazquez terms “unofficial contact” to start meeting needs, such as collecting forensic images with which forensic examiners can practice, or working with vendors to obtain metadata if not content.

Investigation mechanics from across the world

Until the laws sort themselves out, investigators are left with doing the best they can with what they have. Fortunately, although investigations are never “easy,” certain tools — among them social media — make the task easier than it was even a few years ago.

Cynthia Navarro, a California-based private investigator who will be co-presenting with Velazquez on social tools, says: “I have always said that with the internet we have no boundaries…. I have a project to watch how the narco in Mexico is affecting a specific town (and the surrounding towns.) It’s been easy, their mayor uses Twitter to warn the townspeople of street closures due to shootings, murders and rival gang takeovers. They they tweet when things are back to normal. This is the most up to date tracking anyone could ask for!”

Because social networking is for the most part publicly available, investigators deal with few legal issues. Navarro says she has encountered few cultural conflicts, and as for language barriers, “Thank God for Google Translate!” she says. “While it is not a perfect translation, you can get the gist of what is being said. I have used it for Spanish, German, Chinese, and Vietnamese with great success.”

Perhaps surprisingly, Facebook is the #1 resource for online investigators not just in the US, but overall, thanks to its widespread adoption in Europe as well as in Asia. Orkut is #2, says Navarro (due largely to its overwhelming popularity in Brazil), followed by Qzone and then Twitter. V Kontakte and LiveJournal are the most popular in Russia; a network called Hi5 attracts the most users from Thailand, Romania, Peru and Portugal, while Lide draws Czech users. Other countries have their own preferred social networking sites.

“For other countries, censorship and blocking can be a problem,” says Navarro. “I’ve heard that Zing is #1 for Vietnam because some Vietnamese ISPs have blocked it.” Other countries that block content: China, Uganda, Egypt, Iran, Saudi Arabia, and the United Arab Emirates.

Navarro adds that between investigation and teaching, the quality she appreciates most is learning. “Teaching to me is learning, we have to keep up in order to teach effectively,” she explains. “I am [also] lucky enough that there are always different things I investigate so I don’t get stuck on the same thing day in and day out.”

Interested in hearing what Andres and Cynthia will have to say, along with our other presentations on international perspectives? Join us in Indian Wells and register here: https://www.htciaconference.org/registration.html

Image: caruba via Flickr

Is your expertise a good fit for our conference?

April 13, 2011

It’s not too late to submit a proposal to speak at our conference! Recent blog posts have told you about the topics we seek, and also helped you justify speaking to your employer.

However, we also know that sometimes it can be a challenge to come up with good proposals. What if it looks too much like someone else’s? How much training on iPhone analysis do cell phone examiners really need? Hasn’t “the cloud” been done to death?

Here are a few tips to help you approach your proposal from another angle:

– Tell a story. Did you devise a particular methodology around a hard-to-capture piece of digital evidence? Develop an incident response strategy that saved your client time and/or money? Explaining how you solved a problem is not something that can be easily duplicated.

– What topics are being overlooked? Whether there are important aspects about iPhones, the cloud, cyber bullying, or other “hot” topics that the industry is missing out on, or other issues that get no play at all, tell us about them – and why your point of view is necessary.

– What lessons did you learn about practical, logistical issues like case management, reporting and documentation, training, court testimony, etc. that you want other investigators to know before they face the same issues?

– Talk about your relationships with other investigative professionals. Did you work together with an internal team, outside consultant, or task force to stop a threat or build a strong case? Tell us how you did it, and how we might do the same.

– What trends have you noticed in your region that may be applicable to others in your country and the world at large?

– Do you have a specialty that most other investigators don’t encounter, but should understand before they encounter it? Examples: printers and copiers, GPS devices, vehicles’ black boxes, digital video or images…

– What do people come to you for help with?

In short: don’t think so much about the topic, but rather the problems you can help other investigators solve. We look forward to seeing your proposal!

Jimmy Garcia
2011 Program Chair

This spring: Upcoming events

March 15, 2011

Throughout March, April and May our chapters will be hosting a number of training events — both regular meetings and regional conferences — and they’re looking forward to seeing members and non-members alike.

In March

On Tuesday, March 15 our Central Valley (CA) chapter will be hosting W.R. McKenzie, a Stanislaus County deputy district attorney. McKenzie will address a number of frequently asked questions about legal aspects of high tech investigations, including:

  • sexting, sextortion and sexual harassment via mobile phone
  • cell phone searches
  • discussion of 528.5PC (California’s penal code regarding impersonating another via the Internet)
  • discussion of 637.7PC (another penal code regarding GPS and the private citizen
  • non-law-enforcement searches of workplace computers
  • Q & A

The meeting will start at 11:45 am at the Stanislaus County Sheriff’s Department; lunch will be provided for members and their guests.

On Wednesday, March 16 our Western Canadian chapter will host Jason Smith, Account Executive for Guidance Software. He’ll be providing their views regarding the direction of forensics and forensic investigations over the next few years.  As part of the presentation Guidance will also be providing a demonstration of their Cybersecurity product for proactive auditing and incident response.  This product will be of definite interest for the members in private industry and law enforcement facing increasing demands by management to reduce or eliminate security incidents through proactive measures.

The meeting will begin at noon at the Nexen building in Calgary.

Wednesday, March 16 will also see our Florida chapter’s meeting. At the FDA building in Plantation, Bob Masterson of Windward Development will run through some Basic Linux Forensics. The meeting starts at 9am.

On Thursday, March 17, our Atlanta chapter will be, in conjunction with the Atlanta chapter of the  American Society for Digital Forensics and eDiscovery (ASDFED), hosting AccessData Group for a discussion of:

  • eDiscovery from a practitioner’s perspective
  • legal review & case data management
  • forensic investigations
  • the future of threat detection

The meeting will run from 10:30am – 1pm at the AIU Atlanta campus, located at 500 Embassy Row.

On Tuesday, March 22, our Northeast chapter will host a series of three presentations:

Cyber Situational Awareness through Graph Mining. Tina Eliassi-Rad, an Assistant Professor at the Department of Computer Science at Rutgers University, will outline applications of graph mining to various problems associated with cyber situational awareness.  In particular, it will discuss Eliassi-Rad’s work on (1) traffic profiling in presence of encryption and obfuscation, (2) anomaly detection in volatile networks, and (3) vulnerability-measure of a network and shield-value of a host in the network. Time-permitting, the presentation will detail a linear-time algorithm with a 94% success rate in identifying Web-based attacks.

Responding To Advanced Persistent Threat Intrusions:  Effective Tools, Tactics, and Protocols for Enterprise Intrusion Investigations. Stephen Windsor, who leads Booz Allen Hamilton’s Digital Forensics and Incident Response Team, will focus on effective incident management, investigative techniques, indicators of compromise and how to find them in the enterprise, and ultimately, remediation and risk mitigation techniques. He will follow this up with a conversation on developing an enterprise APT risk mitigation strategy.

Securing Your Mac. Waldo Gonzalez, a detective with the New York City Police Department Computer Crimes Squad, will give a step by step presentation about how investigators should secure and lock down their Macintosh computers from physical and network threats. Although the Mac OSX operating system is considered to be safer because viruses are mainly geared towards the Windows environment, it is still important to secure.

The meeting will run from 9:30 AM – 3:00 PM at Booz & Co. Inc., 101 Park Avenue in Manhattan. It will also be available via WebEx. See more details, including RSVP information, at the Northeast chapter website.

Between March 29 and April 1, the Minnesota chapter will be holding its 9th annual spring conference. Designed for security managers, law enforcement, county and state attorneys/prosecutors, corporate security investigators, homeland security administrators, students pursuing a forensics degree and others, the conference will feature lecture tracks on common investigative problems, three excellent keynote speakers, and breakout hands-on sessions will all be available. See our earlier blog post for many more details!

April meetings

On Wednesday, April 13th, our Arizona chapter will meet from 9:00 a.m. to 12:00 p.m. at the Tempe Police Department – Apache Substation. Featured speaker, InfinaDyne’s Paul Crowley, will present on CD/DVD forensics with CD/DVD Inspector version 4.1 and digital video indexing with Vindex. Meeting attendees will receive a disc containing trial versions of each application. (Remember: these tools will also be available free to all international conference participants!)

Thursday, April 14 from  9:00am – 12:00noon, our Delaware Valley chapter will host Michael L. Levy, Assistant United States Attorney and Chief, Computer Crimes in speaking on recent developments in the law regarding the seizures and searches of computers. In addition, Leonard Deutchman, General Counsel and Administrative Partner of LDiscovery, LLC will speak on theft of trade secrets and confidential information from the corporate perspective.

On Friday, April 15, our Northeast chapter will hold its monthly meeting from 9:30 AM – 3:30 PM. Speakers and topics are to be announced, but you can plan to attend at St. John’s University, NYC Campus. Learn more at the chapter website.

On Tuesday, April 19, our Ottawa chapter will be hosting John R. Schafer, PhD for a talk on Psychological Narrative Analysis (PNA). A new technique based on scientific research, PNA is a professional method that detects deception in both written and oral communications. It applies to social and professional environments, and is a passive technique that can benefit law enforcement officers, attorneys, and psychologists alike as they interview subjects.

Held at Toronto’s BMO Institute for Learning, in person or via a live webcast, the meeting will run from 1-3:30 PM. For more information and to register, please visit the website at www.cticanada.ca.

In May

Our Michigan chapter’s next meeting is scheduled for May 11. From 10:00 AM to 12:00 noon, Joel Weever, will present a “Malware Economy Update”. The meeting will be at the Troy Police Department.

And in Ottawa on May 26, our chapter is organizing a one-day training event, “From the Beginning.” Designed for first responders, the session will bring together subject matter experts in various fields to give you an updated view of the challenges faced by today’s first responders under different conditions.

The agenda will include:

  • The legal aspects and challenges for proper collection of digital information
  • Corporate responsibility when faced with a requirement (internal or external) to produce digital evidence current practices relating to computing systems – hard wired, mobile, networked or “in the cloud”
  • Critical data to collect and how to collect it while maintaining its integrity

In addition you will have an opportunity to question our subject matter experts relating to your specific circumstances.

Questions about any of these events? Visit the websites linked from this post, and find contact info there. You can also leave a comment below, and we’ll get back to you with the right contact information.

Call for Speakers: 2011 International Training Conference & Expo

January 7, 2011

HTCIA 2011 International Training Conference & ExpoIn just about eight months, we’ll be gathering at the Renaissance Esmeralda Resort, Indian Wells, CA for our annual International Training Conference & Exposition. As always, the object of our organizing committees is to provide the best possible training on the latest topics in high technology crime, by the best speakers available. To this end we are looking for speakers for the conference in the following areas (not an exhaustive list):

  • Cloud computing
  • Mac Forensics
  • Memory acquisition and analysis
  • Live Forensics
  • Cell phone Forensics
  • Windows 7 Forensics
  • Imaging
  • File structures
  • Your latest successes
  • Social Networking
  • E-Mail analysis
  • E-Discovery
  • Legal issues
  • Lock picking
  • GPS analysis
  • Artifacts of any kind
  • Linux Forensic tools
  • Linux System Analysis
  • Tape Forensics
  • Photo Forensics
  • Printer Forensics
  • Accounting packages
  • SQL Analysis
  • Network and TCP/IP
  • Social Networks for Law Enforcement (Twitter, MySpace, Face Book)
  • Managing Incident Response/Investigations
  • Vehicle black Box forensics
  • Emerging Laws re: eDiscovery-ESI
  • eDiscovery – new legal issues/ Working with Attorneys
  • Advance Issues of Email & Web Mail
  • Collecting internet evidence
  • Investigation of social web sites (MySpace, Face Book, Twitter etc.)
  • Managing Investigations – criminal and civil
  • Network Device Forensics (Log Files from network device) Router
  • Court Room Testimony techniques
  • Financial Crimes – Tax Evasion & Money laundering
  • International Trends – Situations – experience
  • White Collar & Corporate Investigations
  • Legal Issues – Civil & Criminal
  • Legal Mock Trial
  • Memory – court decisions
  • Human Resources Department Internal Investigations
  • Case Studies – criminal investigations (breaches, identity theft)
  • Case Studies – civil
  • Report Writing for Forensic Examiners
  • Report Writing for Investigations

If you would like to lecture on any of the above topics, or have one of your own, please contact Program Chair Jimmy Garcia at jrgarcia@da.lacounty.gov.