March for HTCIA: Chapter meetings and other notable events

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. Our meetings and events this month:

March 1

Ontario HTCIA will be featuring a March Madness Double Bill Event! The first meeting on March 1 will feature two sets of speakers. First, Guidance Software, where Robert Ulke and Joseph Pizzo, Account Executives from Guidance Software, will review EnCase 7.0 features and give participants a sneak peek at the upcoming edition of EnCase Enterprise.

Next, chapter officers Eugene Silva and Ben Whittaker will offer their thoughts on the proposed Bill C-30 Investigating and Preventing Criminal Electronic Communications Act  (also known as the ‘lawful access’ legislation) or the Online Surveillance Bill (forcing Internet service providers to collect customer information) from their own perspectives — law enforcement and ISP.

Perhaps a real-life debate will break out, along the lines of the 1970s Point – Counterpoint (as seen on 60 Minutes or as parodied on Saturday Night Live). Audience participation is encouraged! Bring your ideas to Peel Regional Police, 180 Derry Road, Mississauga, Ontario from 7-9pm.

A full day of training will be available from Texas Gulf Coast HTCIA, presenting the US Secret Service Electronic Crimes Task Force (ECTF) Quarterly Meeting from 8:30 AM – 3:00 PM. A special invitation has been extended to members of the HTCIA Texas Gulf Coast Chapter.

Hosted by the Fort Bend County Sheriff Office and taking place at the Gus George Academy, 1410 Williams Way, Richmond, TX, this special meeting will introduce the task force members to Fort Bend County, get information on service needs, initiate mutual contacts between departments and corporate citizens, and to provide a unique educational opportunity.

Topics to be presented include cell phone forensics, real world hack attack case studies, and the ECTF fraud and cybercrime prevention programs. Most important this will provide an introduction to personnel who can assist in asset forfeiture, cybercrime forensics, and investigations and foster stronger ties with the Fort County Sheriff, as well as others in the local area.

For more information and to learn how to RSVP, click here.

March 8

From 11:30 AM to 1 PM at American InterContinental University, Atlanta HTCIA presents “Before You Touch that Cell Phone.” Crime scene processing may be second nature to law enforcement, but how do those of us in the private sector respond to and handle an incident that might later result in criminal charges? Are we using the proper standard of care during incident reponse involving electronic devices that could later stand up in court? The purpose of this presentation will be the proper processing of electronic devices including DNA and latent fingerprints.

Speaker Michael Barker, president of C4 Group, Inc. and Atlanta chapter president, is licensed by the State of Georgia as a Private Investigator and PI Classroom and Firearm Instructor. He holds a number of computer certifcations including the CISSP, CISA and A+. He is currently completing a Masters in Information Security through the Univesity of Fairfax.

March 9

The following week, the Texas Gulf Coast chapter will also host its regular meeting at the United Way Community Resource Center, 50 Waugh at Feagan (near Waugh and Memorial). Speaker and topic TBA; the meeting will run from 1:00 – 3:00 PM, with a networking lunch at JAX Grill starting at 11:30 AM.

March 13

Ottawa HTCIA will present “The Wonderful World of Microsoft Computer Registry Analysis”,  at Russell’s Lounge at the Ottawa Police Association. Greg Bembridge, a Senior Computer Forensic Instructor with the Technological Crime Learning Institute (Canadian Police College, Ottawa) will be speaking on the “gold mine” of forensic information found within registry files: software programs which have since been deleted, externally connected devices, wireless networks that were used, firewall exception rules in place, and much much more.

The meeting, which runs from 5:30 – 7:30 PM at 141 Catherine St. in Ottawa, will include a cash bar and grill. Members come free (cost is included in your annual dues); non-members may register for $15.00. To register, visit the event on the web site.

Southern California HTCIA will offer David Nardoni speaking about memory forensics. In this hands-on lab, we will cover the basics of live memory collection and its importance during an investigation, especially involving malware. Attendees will explore the differences between memory collection and analysis tools. In addition, this lab will cover basic malware triage, tips and tricks, and pitfalls. The meeting will take place from 8:30 – 11:00 AM at the USSS Los Angeles Electronic Crimes Task Force, 725 South Figueroa Street – Suite 1300 (Ernst & Young Building, 13th Floor). Please RSVP to socalhtcia@gmail.com.

March 14

HTCIA Asia-Pacific is hosting a special evening event in Singapore! As a part of our ongoing collaboration with SANS, HTCIA members are welcome to join the following interesting and informative presentation: SANS-HTCIA Community Night Presentation: Introduction to Windows Memory Analysis by Chad Tilbury, SANS Certified Instructor. From 6:30 – 7:30 PM at the Grand Copthorne Waterfront Hotel.

Mid-Atlantic HTCIA‘s meeting will see two speakers. Mark Morgan from Guidance Software will discuss the EnCase Enterprise Cyber Security Module & EnCase Command Center, including hardware requirements, webserver API function, and integration with ArcSight and other IDS tools.

Following his talk, Amanda Thompson, a GWU graduate student employed at the Department of Homeland Security, will present her analysis of how the Microsoft Windows 8 operating system, which is set to be released later this calendar year, will differ from previous versions of Windows. Based on research using the Windows 8 Developers Preview Edition, Thompson will talk about the noticeable differences within the file system (NTFS), where user data resides (such as My Documents, etc.), and the Windows Registry (Microsoft, 2012).

The meeting will run from 9:00 AM to 12 noon at the Department of Education, 550 12th Street S.W. in Washington DC.

March 15

Member Mike Wilkinson’s #DFIROnline virtual meetup will feature Hal Pomeranz speaking on Linux forensics for non-Linux users, and Corey Harrell on ripping volume shadow copies — tracking user activity. Access the meetings via WriteBlocked.org, and follow along on Twitter if you have an account!

March 16

Northeast HTCIA will hold an all-day meeting from 9:00AM-3:00PM at Pace University’s Butcher Suite, 861 Bedford Road, Pleasantville, NY. Speaker and topic TBA.

Washington HTCIA‘s monthly meeting, also with speaker and topic TBA, will take place from 10 AM to noon at the Edmonds Community College main campus, Snohomish Hall room 123.

March 20

San Diego HTCIA presents a LIVE WiFi hacking demonstration setup, with data gathering; WiFi forensics presentation; and WiFi Q&A, complete with luncheon. Starting at 11:00 AM, Gerry Brown, CISSP and the chapter treasurer, will begin with a live WiFi hacking demo. Lunch (free for all current members, $20 for guests, and $45 for new members with completed  HTCIA membership forms) will be served from 11:30 to 12:00 PM; then, Glenn Jacobs, a Senior Information Assurance Engineer at JTT and chapter president,  will give a presentation on WiFi forensics. The afternoon’s activities will end with a Q&A.

The meeting is located at the Admiral Baker Clubhouse, 2400 Admiral Baker Drive in San Diego. HTCIA members are welcome to attend the chapter board meeting beginning at 10:00 AM. If you’ll be joining the meeting, please RSVP ASAP to treasurer@htcia-sd.org!

March 21

Michigan HTCIA presents Mobile Device Forensics: A Case Study of Cell Phone Evidence Recovered in a Homicide Investigation, presented by Detective Wade Higgason of the Livonia Police Department. Det. Higgason has examined more than 700 cellular telephones and more than 170 computers since 2005, when he was assigned to the Michigan ICAC Task Force for foreign, federal, state and local police agencies. The meeting will take place at at 10:00 AM at University of Detroit Mercy – McNichols Campus. Click here to RSVP and register for the event.

March 29

Ontario HTCIA’s March Madness continues with BlueBear and their flagship product called LACE (“Law Enforcement Against Child Exploitation”) and Mr Robert Beggs of Digital Defence, who will update our membership on the latest trends on how criminals are making money on the Internet.

This spring: Upcoming events

Throughout March, April and May our chapters will be hosting a number of training events — both regular meetings and regional conferences — and they’re looking forward to seeing members and non-members alike.

In March

On Tuesday, March 15 our Central Valley (CA) chapter will be hosting W.R. McKenzie, a Stanislaus County deputy district attorney. McKenzie will address a number of frequently asked questions about legal aspects of high tech investigations, including:

• sexting, sextortion and sexual harassment via mobile phone
• cell phone searches
• discussion of 528.5PC (California’s penal code regarding impersonating another via the Internet)
• discussion of 637.7PC (another penal code regarding GPS and the private citizen
• non-law-enforcement searches of workplace computers
• Q & A

The meeting will start at 11:45 am at the Stanislaus County Sheriff’s Department; lunch will be provided for members and their guests.

On Wednesday, March 16 our Western Canadian chapter will host Jason Smith, Account Executive for Guidance Software. He’ll be providing their views regarding the direction of forensics and forensic investigations over the next few years.  As part of the presentation Guidance will also be providing a demonstration of their Cybersecurity product for proactive auditing and incident response.  This product will be of definite interest for the members in private industry and law enforcement facing increasing demands by management to reduce or eliminate security incidents through proactive measures.

The meeting will begin at noon at the Nexen building in Calgary.

Wednesday, March 16 will also see our Florida chapter’s meeting. At the FDA building in Plantation, Bob Masterson of Windward Development will run through some Basic Linux Forensics. The meeting starts at 9am.

On Thursday, March 17, our Atlanta chapter will be, in conjunction with the Atlanta chapter of the  American Society for Digital Forensics and eDiscovery (ASDFED), hosting AccessData Group for a discussion of:

• eDiscovery from a practitioner’s perspective
• legal review & case data management
• forensic investigations
• the future of threat detection

The meeting will run from 10:30am – 1pm at the AIU Atlanta campus, located at 500 Embassy Row.

On Tuesday, March 22, our Northeast chapter will host a series of three presentations:

Cyber Situational Awareness through Graph Mining. Tina Eliassi-Rad, an Assistant Professor at the Department of Computer Science at Rutgers University, will outline applications of graph mining to various problems associated with cyber situational awareness.  In particular, it will discuss Eliassi-Rad’s work on (1) traffic profiling in presence of encryption and obfuscation, (2) anomaly detection in volatile networks, and (3) vulnerability-measure of a network and shield-value of a host in the network. Time-permitting, the presentation will detail a linear-time algorithm with a 94% success rate in identifying Web-based attacks.

Responding To Advanced Persistent Threat Intrusions:  Effective Tools, Tactics, and Protocols for Enterprise Intrusion Investigations. Stephen Windsor, who leads Booz Allen Hamilton’s Digital Forensics and Incident Response Team, will focus on effective incident management, investigative techniques, indicators of compromise and how to find them in the enterprise, and ultimately, remediation and risk mitigation techniques. He will follow this up with a conversation on developing an enterprise APT risk mitigation strategy.

Securing Your Mac. Waldo Gonzalez, a detective with the New York City Police Department Computer Crimes Squad, will give a step by step presentation about how investigators should secure and lock down their Macintosh computers from physical and network threats. Although the Mac OSX operating system is considered to be safer because viruses are mainly geared towards the Windows environment, it is still important to secure.

The meeting will run from 9:30 AM – 3:00 PM at Booz & Co. Inc., 101 Park Avenue in Manhattan. It will also be available via WebEx. See more details, including RSVP information, at the Northeast chapter website.

Between March 29 and April 1, the Minnesota chapter will be holding its 9th annual spring conference. Designed for security managers, law enforcement, county and state attorneys/prosecutors, corporate security investigators, homeland security administrators, students pursuing a forensics degree and others, the conference will feature lecture tracks on common investigative problems, three excellent keynote speakers, and breakout hands-on sessions will all be available. See our earlier blog post for many more details!

April meetings

On Wednesday, April 13th, our Arizona chapter will meet from 9:00 a.m. to 12:00 p.m. at the Tempe Police Department – Apache Substation. Featured speaker, InfinaDyne’s Paul Crowley, will present on CD/DVD forensics with CD/DVD Inspector version 4.1 and digital video indexing with Vindex. Meeting attendees will receive a disc containing trial versions of each application. (Remember: these tools will also be available free to all international conference participants!)

Thursday, April 14 from  9:00am – 12:00noon, our Delaware Valley chapter will host Michael L. Levy, Assistant United States Attorney and Chief, Computer Crimes in speaking on recent developments in the law regarding the seizures and searches of computers. In addition, Leonard Deutchman, General Counsel and Administrative Partner of LDiscovery, LLC will speak on theft of trade secrets and confidential information from the corporate perspective.

On Friday, April 15, our Northeast chapter will hold its monthly meeting from 9:30 AM – 3:30 PM. Speakers and topics are to be announced, but you can plan to attend at St. John’s University, NYC Campus. Learn more at the chapter website.

On Tuesday, April 19, our Ottawa chapter will be hosting John R. Schafer, PhD for a talk on Psychological Narrative Analysis (PNA). A new technique based on scientific research, PNA is a professional method that detects deception in both written and oral communications. It applies to social and professional environments, and is a passive technique that can benefit law enforcement officers, attorneys, and psychologists alike as they interview subjects.

Held at Toronto’s BMO Institute for Learning, in person or via a live webcast, the meeting will run from 1-3:30 PM. For more information and to register, please visit the website at www.cticanada.ca.

In May

Our Michigan chapter’s next meeting is scheduled for May 11. From 10:00 AM to 12:00 noon, Joel Weever, will present a “Malware Economy Update”. The meeting will be at the Troy Police Department.

And in Ottawa on May 26, our chapter is organizing a one-day training event, “From the Beginning.” Designed for first responders, the session will bring together subject matter experts in various fields to give you an updated view of the challenges faced by today’s first responders under different conditions.

The agenda will include:

• The legal aspects and challenges for proper collection of digital information
• Corporate responsibility when faced with a requirement (internal or external) to produce digital evidence current practices relating to computing systems – hard wired, mobile, networked or “in the cloud”
• Critical data to collect and how to collect it while maintaining its integrity

In addition you will have an opportunity to question our subject matter experts relating to your specific circumstances.

Questions about any of these events? Visit the websites linked from this post, and find contact info there. You can also leave a comment below, and we’ll get back to you with the right contact information.