Open source Android forensics: An HTCIA student charter project

March 8, 2012

We always like to hear about the cool new projects our students are engaging in, so we were excited to see University of Cincinnati student charter president Shadi Dibbini post on our Facebook page:

When we saw the site, we definitely wanted to talk more with Shadi about his team’s project!

HTCIA: How did you get the idea for Open Source Android Forensics? How long have you been working on it thus far?

SD: My team started working on this project at the beginning of the school year, late September, and it has to be completed by the beginning of May. In May, we will be presenting at the University of Cincinnati’s Tech Expo event. The Tech Expo is a showcase of senior design projects from IT students, and students from other programs. The event is entirely open to the public, so feel free to come down and check out all the cool projects.

I came up with the idea of Open Source Android Forensics (OSAF) because I really enjoy forensics, and I have been a smartphone enthusiast for the past 8 years. A little off topic here, but believe it or not, I used to buy a new smartphone every three months so that I can have the best device that’s currently out on the market… I learned pretty fast that I was wasting my money, so I quit buying that many phones.

Besides the fact I enjoy forensics and smartphones, what caught my eye a few years ago, during the rise and popularity of Android, was the fact that Google does not have a vetting procedure for the applications that are published on the market. Google is smart by allowing any publisher to rapidly release applications without having to wait or gain approval (cough..cough..Apple)… however, Apple is smart by vetting applications to protect their users.

In recent news though, Google did come up with a new application security scanner called “Bouncer” after realizing that they did have a huge issue with Android malware. Back in Q3 2011, there was a report that had stated that malicious Android apps have risen 473% in about a year or so… that is a lot of malware.

This report pretty much sparked my ingenuity for coming up with the OSAF project. The OSAF project was initially going to be just the OSAF-Toolkit, a Linux OS that has been injected with all the latest Android application analysis software, but I wanted more than that. I wanted to not only create a application ripping toolkit, I wanted to create a community where anyone interested in Android malware analysis can have a one stop shop for any information they need.

I want people to stop at our site before any other site, and  I want people to collaborate with each other, share new techniques and methodologies, and share their findings after they have ripped apart an application (hence the threat index).

Another honorable mention is that my team is currently working on documentation on how to perform analysis against any application. This is an A-Z guide of what tools to use, how to use them, what to look for during static/dynamic analysis and etc… We do not want to give people a toolkit and say, “here you go, figure it out yourself” like many other projects have done.

HTCIA: What need does your research and site fill that others were missing?

SD: Not to be cocky or anything, but the entirely “FREE” price point for a toolkit, documentation and a collaborative work environment is argument enough that our site is better than the rest. I see other companies/sites charging a lot of money for training, certifications, information and etc.

I, at one point, wanted to take some certifications in forensics and information security, but the training and certifications were just way too much money for a college undergrad to afford. So I looked at this project from a college kid’s perspective… If it’s free, it’s for me… That’s why we decided to name the project OSAF. We wanted every aspect of it to be entirely open source.

HTCIA: How many people are working on the project?

SD: There are 4 of us IT seniors, including myself, working on the project right now. I couldn’t have picked a better team for this project. They are very smart and dedicated individuals wanting to make this project the best it can be. I think the reason why we are so dedicated as a team is because the project itself is very fun and unique. I feel like we are pioneers in this sort of work because I can’t find any site online that is dedicate to creating an entire environment dedicated to android malware analysis.

HTCIA: What are your goals for the site over the long term?

SD: I want the OSAF project to be well recognized in the forensics and malware analysis community. I eventually want to get more people on board to help analyze applications, maintain the site and answer any questions people may have. One day, I hope companies will be knocking on our door asking if they can sponsor us, in order to help fund and build the project, while keeping it 100% free of charge.

HTCIA: How long have you been a student HTCIA member? How long have the other students been?

SD: I am actually the founder and President of the University of Cincinnati’s HTCIA student chapter. I started the student chapter back in May 2011. I think we have a little over 20 student members (a mix of IT, IS and Criminal Justice students) in our chapter so far, but I have been getting a lot of email lately about new students interested in joining the chapter.

My team members for this project are not student members of HTCIA sadly. I would like for them to be members, but we only have 3 more months of school before we graduate. I will definitely get them to become full HTCIA members upon graduation.

HTCIA: Anything else you want to mention about the project?

SD: I just want people to know about us and the goals of our project. We can agree that the web is entirely too large right? I feel like it is hard for start-up sites, like us, to make it big these days unless they provide content that interests a vast majority of people, or if the site provides a service that interests organizations.

We want OSAF to be a site that provides both content and services of interest. Organizations, and the general public, have to realize that mobile malware is not going to magically disappear any time soon. Criminals will eventually get more crafty in the way they embed malicious code into applications; who knows, maybe to the point where the malicious codes circumvents the Android permissions mechanism.

That’s where OSAF has an advantage over anyone else. Anyone can ask OSAF to analyze an application, a community member will perform analysis, give the analysis report/results to the OSAF admins for review, then the OSAF admins will publish the finding on the threat index. Ripping apart applications is the only real way to find Android malware, because we all know how well Android “Anti-Virus” works.

Find and bookmark, and keep an eye out for the site’s development, currently slated for completion in May! Shadi says that the toolkit is currently available online for download, and the malware analysis documentation will be complete in May as well.

Image: victoriawhite2010 via Flickr


Pre-conference: An eye toward the future days… and years

September 12, 2011

Sunday, Sept. 11 saw us start to welcome our conference participants, have some fun with those who arrived early, and make some plans – not just for the days, but also for the years ahead:

Our earliest event, the 8 a.m. golf tourney, had a successful 42-player turnout. Sally Vesley, marketing communications manager with tourney sponsor CRU-Dataport/WiebeTech, says it was one of the most fun workdays she has ever had. “They were great golfers,” she says. “We gave away four pairs of golf shoes, a golf cart, and of course USB write blockers.” The write blockers went to the top 3 winners:

  • Jim Keith, Closest to Pin
  • Terry Willis, Longest Drive (and winner of the whole tourney)
  • Brian Collins, part of the winning team

Vesley also says she’s planning another tourney for next year’s conference in Hershey, Pennsylvania.

At 11 a.m. registration opened to welcome our first conference participants. Many had arrived the night before or that morning, and lined up to get their badges and conference materials, including shirts and pins, our program, and free software.

Also at 11 a.m., the expo hall opened so that the vendors could set up their booths in advance of the Vendor Reception planned for the evening. Notable exhibits: Wireshark University‘s tropical tiki display (complete with network-devouring shark!), and Paraben’s crime-scene contest. Both sponsors are giving away free stuff: Paraben is making its Chat Examiner software available to participants, while Wireshark U. is providing one-year All Access Passes to its training!

At 1 p.m., chapter presidents (or board representatives) gathered for the International Board of Directors meeting. Among the items discussed there:

  • Membership, including student membership. We currently stand with 38 chapters and 17 student charters, 3,227 members and 214 student members. Our student members continue to be an outstanding addition to our organization, providing needed research and volunteer work to support our regular members.
  • Internet Safety for Children (ISFC). Shadi Hayden, of our Silicon Valley chapter, talked about the renewed interest in the ISFC, which had seen much success in the mid-2000s. Shadi has been working hard to recruit regional volunteers to help with website content and outreach to allied organizations like Internet Crimes Against Children (ICAC) task forces and the OJJDP, so that the ISFC can be a conduit of information between public and private sector investigators. This conduit will include an ISFC website “facelift,” which will allow us to share information both publicly and for member investigators only.
  • Strategic Planning & Communications. In July a Strategic Planning Committee came together to chart the HTCIA’s course over the next five years and beyond. The committee performed a SWOT analysis, determined its goals and strategic objectives, and came up with ideas needed to drive the HTCIA toward those objectives – including a new website, better training and education, and improved communications.
  • The Consortium of Digital Forensics Specialists. Incorporated this year as a way to consolidate the voice of the digital forensics profession, the CDFS asked the HTCIA to become a collective nonprofit member of this complementary (not competing) organization. Board members voted to join – we’ll be sure to update you on future developments as we support this newest organization!

Officers also took care of organization business, including votes on bylaw changes and on International Executive Committee members for the coming year. Joining incoming International President Ron Wilczynski (Northern California) will be: 1st Vice President Tom Quilty (Silicon Valley), 2nd Vice President Jimmy Garcia (Southern California), Secretary Peter Morin (Atlantic Canada), and Treasurer Jose Soltero (Southern California).

Finally, we wish to remember all our members who were affected ten years ago by the 9/11 terrorist attacks. From our New York City members who lost friends and family members – or responded – at the World Trade Center, to other members who committed quantities of time and energy to investigating terrorism, we keep you in our thoughts and our hearts. Your spirit is reflected in the words of our Northeast member Cynthia Hetherington, who was supposed to be aboard United 93:

View more of our photos from pre-conference events and setup at our Facebook page. Be sure to “like” our page while you’re there, so you can see the latest updates over the next few days!

Partnerships with students, other associations make SoCal Chapter of the Year

August 30, 2011

After an extremely intense Chapter of the Year competition, we’re proud to announce that we’ve awarded our annual honor to our Southern California chapter! The variety of activities and events they put together, plus their innovative outreach efforts, have raised the bar for all our chapters and their members. Some highlights:

Student chapter promotion

While the California State Polytechnic University (Cal Poly) Pomona’s student Forensic and Security Technology (FAST) group had been in existence since 2008, it formalized its HTCIA charter in 2010. SoCal chapter president Chris Curran says, however, that it’s not just about having the charter – it’s also about supporting the students in their career paths.

“We invite our students to attend our regular chapter meetings, which several of them have done,” says Curran. “It’s a great opportunity for them to get a feel for what the field is all about, and also to make contacts with potential employers as well as future colleagues.”

The SoCal chapter also gives students access to its job board, which Curran says has a twofold purpose: 1) graduating seniors can apply if they want, but 2) all the students can see the qualifications they’ll need to apply.

And students are encouraged to help represent HTCIA at conferences. A number of Pomona students volunteered at our conference in Atlanta last year, and will be in Indian Wells again this year. In addition, students helped association members staff a booth at both the ISACA Spring Conference and the AccessData User Conference.

This year, the Cal Poly Pomona students showed their appreciation and spirit by designing custom graduation sashes that they wore with their caps and gowns. These sashes are available to any other student charter with graduating members.

Joint training sessions with other associations

The SoCal chapter has taken steps over the past year to build and strengthen relationships with members in other organizations, including the local chapters for the Information Systems Security Association (ISSA) and Information Systems Audit and Control Association (ISACA). Those relationships led to joint training sessions and networking opportunities.

“It’s important for our members to share information, get new contacts and even encourage cross-pollination between the associations,” says Curran. “High tech crime involves so many aspects of technology that you may encounter some uncommon issue where a contact with background in information security or auditing becomes useful.”

Training and education for children and parents

“We gave three presentations on Internet safety – two at elementary schools and one at a middle school,” says Curran. “The schools made sure to invite the parents along with children at all grade levels. The idea was for them to increase their understanding of the good and bad on the Internet, and increase their communication as a result.”

In addition, longtime HTCIA members Donn Hoffman and David Nardoni presented at the Cyber Challenge Camp, as part of a panel on ethics.

Congratulations to our Southern California chapter, and many thanks to our members there for the hours of hard work put into these efforts. We’re looking forward to presenting the 2011 Chapter of the Year plaques in just two weeks. We hope you’ll join us!

A call for papers… from students

July 21, 2011

Following on its success with the Western Regional Collegiate Cyber Defense Competition, Cal Poly Pomona will be sponsoring something that’s normal for academic conferences, but new to trade shows: a student poster presentation, a way for students to connect with the professionals they’ll be working with following graduation.

What it is

Anna Carlin, a Cal Poly Pomona professor and 2nd Vice President of our SoCal chapter, is looking for 10 full-time students to present their work in our exhibit hall on Tuesday, September 13. We’ll provide a poster board for hanging the presentation, which can be as simple as PowerPoint slides. Posters will be displayed in the Emerald 4 Room, allowing all attendees to see the students’ work.

Not restricted to either Cal Poly students or HTCIA members, the presentation will allow students to connect with cyber security and computer forensics professionals from around the world. The work being presented must be new and current research and development in the field of cyber security and computer forensics. Work being done in conjunction with a professor is permitted.

HTCIA student charters may present the activities performed by their charter. Student Charter posters may describe charter activities, events, and/or other involvement with cyber security and computer forensics professions.  A single representative should coordinate the submission of each Student Charter proposal.

The Academic Program Committee will be reviewing submissions based on the following criteria:

  • Relevance to the field of cyber security and computer forensics
  • Potential for practical impact
  • Degree of originality
  • Technical depth
  • The overall quality of the submission

Who can participate

We invite full-time undergraduate and graduate students to submit poster presentations on research and work in the field of cyber security and computer forensics. Work being done in conjunction with a professor is permitted. The poster session can also showcase the activities of HTCIA Student Charters.

Why students should submit

The first 10 students whose poster presentation is accepted will receive FREE conference registration for all 3 days (a $395 value) and a one-year student membership to HTCIA (a $25 value)! Accepted abstracts will be printed in the program and posted on the HTCIA International Conference website.

In addition, five benefits to participating:

5. Obtain a critical review of your work by submitting a poster presentation, and meet potential sponsors of your work.

4. Expand your network of other students interested in cyber security and computer forensics.

3. Listen in on hot-topic panels and presentations and take home the most current research and solutions from industry leading experts.

2. Receive recognition and a Certificate of Participation.

1. Meet potential employers!

When and how to submit

The deadline for submission is July 29, 2011. Send a short 50 to 75 word abstract with three learner outcomes (not part of the word limit) that attendees are expected to gain from the poster presentation. You will be asked to indicate the target audience level (getting started, intermediate, or advanced).

Please email your abstract to the following e-mail address: A student may submit only one abstract. Students will be notified about acceptance by Friday, August 5, 2011.

For more information, including specific submission guidelines, poster session guidelines and other prep work, see

Want to see what students are up to in the community? Register for the conference now:

Image: carmichaellibrary via Flickr

A Midwestern training conference based on community

March 9, 2011

March 29-April 1 this year will see our Minnesota chapter hosting its 9th annual spring training conference. Its competitive lineup of sessions centers on computer investigation issues, tools and techniques, including:

  • computer crime investigation
  • cellular/smart phone analysis
  • live forensics
  • Windows 7 tips and tricks
  • legal updates
  • security issues
  • internet evidence

Keynote speakers include Andy Crocker, COO of CyByL Technologies and subject of the book “Fatal System Error” by Joseph Menn, Marc Goodman from the Cybercrime Research Institute and Micheal Kobett from the Defense Cyber Investigations Training Academy.

“We took a page from the international conference’s playbook by focusing on topics this year, rather than on speakers we were already familiar with,” says Jason Bergum, Minnesota chapter president. “As a result, we have a much more diverse lineup. Jim Moeller will be speaking on xBox and Windows forensics, while a speaker from Purdue will talk about social networking. We’ll have case studies on phone cloning fraud, and a local case centered on threats made to the Vice President.”

Breakout, bring-your-own-laptop sessions will also be included to get hands-on experience with some of the newest digital forensic tools. Vendors like Intella, Red Wolf Systems (makers of Drive Prophet), Guidance, Susteen and Technology Pathways (makers of ProDiscover) will be on site demonstrating hardware and software products. Some vendors will additionally provide classes: AccessData on triage, Guidance on RAM analysis, and others.

Affordability in the spirit of community

Held at the Bureau of Criminal Apprehension in Saint Paul, MN, the conference costs $300 for non-members, $260 for members and $100 for students (proof of enrollment required). This inexpensive event is in direct response to the current state of the economy.

“Many departments and corporations, especially in these economic times, frown on expensive training and we have been able to provide an event that is not only affordable, but high quality,” Bergum explains. “Our chapter membership spans 3 states and this conference provides great training that people don’t have to travel long distances to obtain.”

Conference organizers hold costs down by appealing to the sense of community learning on which HTCIA was founded. “We all know we can’t do this work alone,” says Bergum. “We are fortunate to have volunteers who give their time, as well as speakers who contribute their knowledge and experience just because they know it is needed.”

No investigative conference would be complete without the opportunity for investigative professionals to gather together and discuss current trends, the latest tools, and to build camaraderie. Bergum says this is consistently the aspect which participants like best about the conference, as well as quality of speakers.

In addition, a change of venue — from the 90-seat limit at Target Corp. to the 150-seat maximum at BCA — will allow for many more participants to attend and network.

A co-sponsorship with higher education

For the first time in its history, the Minnesota chapter will be co-sponsoring its conference with Century College, an arrangement made possible by the Investigative Sciences and Law Enforcement Technology (ISLET) program.

“The ISLET grant is specifically for forensics training,” says Bergum, adding that he anticipates nearly two dozen students at the conference this year — a significantly greater number than last year. The chapter is working on creating student charters with both Century College and Metro State.

We wanted to know one final thing: how does the chapter attract people to Minnesota at a time of year that isn’t yet as warm as in other areas of the country? Bergum says that’s easy — the state holds many different types of attractions. “The Land of 10,000 Lakes” attracts outdoorsy adventurers, while others come to see (and shop at) the Mall of America.

“Many people are also intrigued by our Skyway system,” says Bergum, “which makes it easy to get around each of the Twin Cities.” Additionally, a train goes directly from the airport into downtown Minneapolis.

In the Midwest, or planning to travel there at the end of March? Join our Minnesota chapter members while you’re there!

Next-Gen Networking: Our Student Member-Volunteers

October 7, 2010
Josh Chin, Michael Chau & Edmund Cheung, HTCIA student volunteers

Josh Chin, Michael Chau & Edmund Cheung, HTCIA student volunteers

If you attended our conference in Atlanta, you encountered our student volunteers at some point: at the registration desks for the event and the labs, in the corridors to assist with wayfinding, and (in one case) taking pictures for our Facebook page. If you were a speaker, you worked with at least one student volunteer long before arriving in Atlanta.

Our students weren’t just there to help us out. They were there to learn and to network, too: they’re the next generation of cybercrime investigators, and their work helped them as well as us. And they did such a great job with it all that we wanted to take the time to introduce them by name.

Edmund Cheung assisted with registration and helped get our speakers situated in their rooms. “I was also appointed to the position of conference photographer,” he says. “I basically ran around taking picture from the exhibit hall, to the lab sessions, and Tuesday night’s dinner.”

Having been involved with conference planning from the beginning of the year, Edmund found it rewarding to see how his and fellow volunteers’ hard work came together. But that wasn’t the only benefit. “I had a great time networking with a lot of great people, getting to know each other better, and hearing their stories about why they enjoy doing what they’re doing or just the importance of combating high tech crimes.”

A full-time fourth-year student at California State Polytechnic University (Cal Poly) Pomona, Edmund is studying Business Administration with a focus in Computer Information Systems, and a minor in General Management. Upon graduating, he plans to pursue a career in computer forensics, possibly as part of an electronic crimes task force, and to obtain a graduate degree along with certifications.

Like many professionals in the industry, Edmund says he’s captivated by the way the technology is ever growing and changing – one of the main reasons he attended the conference. He plans to join HTCIA “to be part of an association that wants to promote awareness and educate those who want to battle against electronic crimes. [Also], I get to interact with and learn from the men and women in this community who enjoy their work in investigations that deal with sophisticated technologies.”

Michael Chau, like Edmund, volunteered with registration and speakers. “By helping out in this year’s conference, I was able to meet new people that share the same interest as I do,” he says. “I would say the best thing about being there was the fact that everyone is associated or wanting to be associated with [investigating] the high-tech crime that is going on in today’s reality. I love the atmosphere this association brings to the community – that of people who enjoy learning and being associated with the prevention of high-tech crimes.”

Also a a full-time student attending Cal Poly Pomona, Michael is pursuing his bachelor’s degree in computer information systems. He plans to work as a network analyst or in a network security position. “Being part of the first group to graduate from my high school’s technology program allowed me to realize that this particular field is what I want to do as my career,” he says. “Technology is always growing and that fascinates me.”

Josh Chin‘s volunteer role was similar: to work with guest speakers on coordinating logistics as well as ensuring their needs were met. Pre-conference, he was part of the team that collaborated with potential speakers on compiling their proposals and requests. During the conference, Josh worked with Edmund and Michael to assisted both speakers and attendees.

“For our attendees, we guided them to different workshops and lectures as well as addressed any concerns they may have regarding the conference,” says Josh. “For our speakers, we made sure they were settled in well, answered any questions and addressed any concerns they may have had. We also looked in from time to time on our speakers or made necessary adjustments to the conference schedule to balance speakers’ flight delays or cancellations”

Josh appreciated the opportunities his volunteer work gave him “to work with each of the speakers as well as network with different attendees. It was wonderful meeting everyone. Joining HTCIA is a brilliant opportunity to make friends in law enforcement, as well as gain an infinite amount of wealth and knowledge on computer forensics, and a glimpse at the challenges we’re facing on fighting cyber crime.”

Josh, likewise a Cal Poly Pomona student earning a degree in Business Administration with a concentration in Computer Information Systems and an emphasis on Information Assurance, plans “to make a positive difference and impact on cyber space, and to take a bite out of cyber crime. This field is an opportunity to make a difference in the world, ensuring that our next generation will be prepared to face the next set of cyber challenges.”

Ryan Jafarkhani did not attend the conference, but volunteered alongside Josh and Edmund as the point of contact between speakers and HTCIA. “I ensured that the speaker’ needs and questions were answered, [and I] helped solve any issues that arose. I also coordinated with the speakers to retrieve information and documentation required by the HTCIA,” he says.

Already a graduate of Cal Poly Pomona with a Bachelor of Science degree in Business Administration (emphasis on Computer Information Systems), Ryan is an IT/Finance Auditor Associate with Beckman Coulter Inc., a manufacturer of medical lab instruments.

“I do plan on going into the computer forensics and security field in the near future,” he says. “Ever since I was young, I’ve always wanted to be a detective of sorts. Computer forensics provides me the opportunity to solve complex problems, work in a dynamic industry and provides the challenging career I am looking for.

“Joining the HTCIA gives me the opportunity to network with very bright and talented individuals who provide information and insight in areas of computer forensics that I may have never been exposed to before. Joining the HTCIA also exposes me to talent in both private and public (government) industries.”

Are you a student interested in joining HTCIA?

The GPA requirement we used to have has been waived completely, and school charters are active in Washington state, New England and Ohio. Those who are studying computer science, forensics, criminal justice, law enforcement, corrections, accounting, auditing, or similar program of study are eligible; 10 or more Student Members from one college or university may form an HTCIA School Charter.

Training/networking events, college outreach earn Chapter of the Year for New England HTCIA

August 25, 2010

2010 HTCIA Chapter of the Year New EnglandThe International Executive Committee has a host of criteria for winning Chapter of the Year, including recordkeeping, outreach efforts to the broader community, and of course the training for which HTCIA is known. What all that takes, though, is the kind of people and relationship-building for which HTCIA is also known.

Dave McSweeney, New England chapter president and a member of the Massachusetts State Police High Tech Unit, has been an HTCIA member since 1997 – so he’s well familiar with the networking and learning opportunities that are possible through the organization.

Making them attractive to people outside the HTCIA is the trick, and in recent years, McSweeney and other chapter officers have been working not just to bring new members in, but to keep them once they’re here. A revamped website, seeking out member input, and promoting member projects are just a few ways they’re doing that. But what really got the IEC’s attention:

College and university outreach

“One of our major goals is to get universities and colleges more involved,” says McSweeney, “especially in the Boston area, where we have MIT, Northeastern, and BU resources to tap.” Indeed, more students have been coming to quarterly meetings, whether they are tracking towards law enforcement or corporate security; faculty present training topics as well.

In recent years, the chapter has helped two institutions obtain student charters: Champlain College in Vermont, and the University of New Hampshire. Currently, the chapter is working on helping regional community colleges develop a third charter. “They have collectively received a federal grant to develop computer forensic courses,” says McSweeney, “so they would all fall under one charter.”

Quarterly training conferences

Chapters of the Year should ideally hold at least one all-day training conference per year. The New England chapter holds four. “At our last meeting, our speakers gave us a cyber threat update and spoke about evidence spoliation,” says McSweeney. “We even had Digital Mountain in from California to talk about e-discovery.”

He adds that again, relationships are invaluable when it comes to finding hosts for the meetings. “We had the chief security officer for State Street Corp. open one meeting, and they hosted us as well,” he says. “Sometimes the hosts also pay for lunch, which can be a big help to a small nonprofit organization.”

Vendors present too, but they are asked to stick to topics as subject matter experts. “We let them have a table in the back of the room where they can talk about their product, which is a good compromise,” says McSweeney. “We know they have a certain expertise because of what their product does, so all we ask is that they focus on that.” Previous vendors have included BitSec and AccessData.

A crucial element to the quarterly meetings is the networking dinner the chapter holds following each meeting. “We make it social, at local restaurants,” says McSweeney, “to give everyone a chance to talk, which they don’t otherwise have time to do during a full day of training.”

These events are invaluable, he notes, because quite often investigators working cases will come up against a challenge related to something they’ve heard during a meeting. “They can then call the speaker to get help,” he notes.

The meetings are designed to balance technical, legal, and investigative information so that everyone walks away with something relevant to their jobs. “No one knows everything in this job,” says McSweeney, “so we all come together so that they can learn from one another.”

Are you a member of the New England chapter, or know someone who is? Share your experiences in comments below!