February for HTCIA: Chapter meetings and other notable events

February 3, 2012

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got four upcoming special events as well as regular chapter meetings this month:

HTCIA Chapter Meetings

February 7

HTCIA Ottawa will present “Inclusion of Forensic Video Analysis Within an Agency’s Digital Forensic Program” in Russell’s Lounge at the Ottawa Police Association from 5:30-8 p.m. Jeff Spivack, an IAI Board Certified Forensic Video Examiner, will demonstrate how forensic multimedia analysts obtain investigative leads and actionable intelligence from files that might otherwise be discarded.

Spivack has worked as a Forensic Multimedia Analyst with the Las Vegas Metropolitan Police Department, and has been accepted as an expert witness in courts throughout the U.S. In addition to conducting case work, Jeff is also Cognitech, Inc.’s Forensic Video Software Certification Instructor, and Senior Instructor of Video Forensics for Forensic Data Recovery, Inc., Cognitech’s Canadian affiliate.

For more information and to register, see the Ottawa HTCIA website. Non-HTCIA members are welcome for a guest fee of $15.00.

Also on February 7, our Southern California chapter will be holding a joint meeting with ISACA Los Angeles. A dinner meeting at Monterey Hill Restaurant (3700 W Ramona Blvd., Monterey Park, CA), the presentation, a computer forensics case study, will run from 5:30-8:30 p.m.

Guidance Software’s head of Risk Management, Andy Spruill, will provide his first-hand account of the landmark Victor Stanley, Inc. v. Creative Pipe, Inc. the intellectual property theft case that spawned not one, but two, landmark legal decisions in the world of digital forensics and eDiscovery. To register, please visit ISACA LA’s website.

February 9

Atlanta HTCIA will present “Forensics in your PJs” from 7:30-9:30 a.m. A breakfast meeting at American InterContinental University in Dunwoody, Georgia, the meeting will show you how to use various resources and tools on the internet to gather data. From Facebook to blogs what you can learn while sitting in your PJs!

Speaker Buffy Christie is Senior Director of Equifax Global Security.  Buffy has a BS in Criminal Justice, Forensic Science.  She is a CFE (Certified Fraud Examiner)  and is President of the Southeastern IAFCI (International Association of Financial Crimes Investigators).

To register for this event, visit Atlanta HTCIA’s EventBrite page.

February 10

Texas Gulf Coast HTCIA will meet from 1:00-3:00 p.m. at the FBI Greater Houston Regional Computer Forensics Laboratory. Those planning to attend will need to be vetted by the FBI prior to the meeting. In order to attend, contact Ms. Julie Campbell, Receptionist, Pathway Forensics (713.301.3380) and provide her with your name, DOB and DL#. Chapter members should also RSVP to the Evite invitation that was sent to the e-mail account on file with HTCIA International.

February 14

Midwest HTCIA is offering an Android forensics and software demo by Christopher Triplett, Sr. Forensic Engineer of viaForensics. From 8:30-11:30 a.m., Mr. Triplett will cover Android File Systems, Android Forensic Analysis Techniques, and a demonstration of viaForensics’ viaExtract product.

Midwest HTCIA’s chapter meetings are located in Oakbrook Terrace, IL at the ICE office (16th floor, Oakbrook Terrace Tower).

February 15

Minnesota HTCIA will meet in the Ridgedale Library, RHR West Room in Minnetonka.

February 16

Member Mike Wilkinson’s monthly DFIR Online Meetup will feature Peter Coons and John Clingerman providing e-discovery case studies , along with Jonathan Rajewski speaking on “N unaqf ba (cra/cncre) rkrepvfr va onfvp pelcgbybtl/pelcgnanylfvf”… or, “A hands on (pen/paper) exercise in basic cryptology/cryptanalysis.” Join in at 8:00 p.m.!

February 17

Washington state HTCIA will be meeting between 10am-12pm. Topic and speaker both TBD.

February 21

Central Valley HTCIA will be meeting at 12:00 noon at the Stanislaus County Sheriff’s Office, 250 East Hackett Road in Modesto, CA. Tentative topics are a presentation on TOR by Cullen Byrne, and an update on the group Anonymous by an FBI representative. Lunch to be provided.

Austin HTCIA, meanwhile, will meet from 1:30 to 3pm at the REJ Building. Rick Andrews will be going over navigation in EnCase v7. Come with questions!

February 22

Atlantic Canada HTCIA will meet from 5:30-7:30 p.m. with Jan Cox from Oracle presenting on the topic of SQL injection, among other things. An update on the chapter’s conference planning efforts will also take place.

February 24

From 11:00 A.M. – 3:00 P.M. at University Hall, Room 465 (51 Goodman Dr. in Cincinnati), Ohio HTCIA will be offering a presentation on Incident Response: Live Memory Capture and Analysis. Presenter Justin Hall has 15 years of experience in the information technology field and has spent the last seven focused on information security.

Mr. Hall is currently a security architect for CBTS, a technology services provider in the Cincinnati area – consulting with the firm’s enterprise customers in developing vulnerability management, incident response, and endpoint & network defense programs. He is a frequent speaker at information security community events, a SANS mentor, and holds a GCIH, GCFA and GPEN.

Following Mr. Hall’s presentation, lunch will be provided and the chapter’s business meeting conducted.

Also on Friday, our Kentucky chapter will meet at 1:oopm at Boone County Sheriff’s Office. Tom Webster will present about Internet Evidence Finder.

February 29

San Diego HTCIA will meet at the Admiral Baker Clubhouse in San Diego. Lunch will be served at 11:30, with the presentation (yet to be determined) running from 12:00-1:00 p.m. HTCIA members are also welcome to attend the 10 a.m. board meeting that day.

Lunch is free for all current members, $20 for guests, and $35 for new members with completed  HTCIA membership forms. RSVP is required, so please RSVP ASAP to treasurer@htcia-sd.org! This will assist in planning for seating and food requirements.

Northern California HTCIA will also be meeting on February 29. Topic and location to be determined.

Special Training Events

February 6-11: SANS COINS event coming to Los Angeles!

Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10”! Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs/

February 15

ISSA Ottawa and Women in Defence & Security will be co hosting a National Capital Security Partners’ Forum Event featuring Marene Allison, VP & CISO of Johnson and Johnson. The opening speaker will be Rennie Marcoux, Assistant Secretary to the Cabinet (PCO); the closing speaker will be Carol Osler, VP Physical Security TD Bank. For more information and to register, see http://www1.carleton.ca/npsia/upcoming-events/4409-2

February 20-24

Free law enforcement training! Minnesota HTCIA is advertising “Fighting Cyber Crime”, 40 POST credits’ worth of courses at the St Cloud State Campus. The training is a response to the increased ease with which people can access the Internet to commit crimes, as well as the increased emphasis on issues of homeland security. Participants will learn ways to uncover, protect, and exploit digital evidence to respond to crimes. Register via the course flyer at http://www.mn-htcia.org/documents/Cybercrimecourseflyer.pdf.

February 27-March 1

The New York District Attorney’s Office has partnered with the National White Collar Crime Center to offer Cybercop 101 – Basic Data Recovery & Acquisition (BDRA) to qualified members. This 4 day course teaches the fundamentals of computer operations and hardware function, and how to protect, preserve and image digital evidence.

This class introduces participants to the unique skills, best practices and methodologies necessary to assist in the investigation and prosecution of computer crime. It includes presentations and hands-on instruction on such topics as Partitioning, Formatting, Data Storage, Hardware and Software write blockers, the Boot Up process, and Duplicate Imaging. Register here for this and future courses!

REMEMBER: To get discounts or free training (where applicable), you must be a member.  Please join or renew your 2012 membership today!

Advertisements

Upcoming for HTCIA in 2012: Strategic initiatives, community involvement

December 28, 2011

One of our most recent posts, a retrospective by our longtime member Fred Cotton, covered how HTCIA got its start and how we got to where we are today. This post is about where we’re headed in the coming year, and beyond.

Our strategic plan

In July, a small group of HTCIA leaders gathered to map out a strategic plan, a vision and a road map for where HTCIA would need to go in order to continue to serve its membership. Following a careful assessment of our strengths, weaknesses, opportunities and threats, we devised a new, clearer and more succinct mission statement:

Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

In addition, we developed goals for education and professional development, membership services, communications, organizational governance, and financial resources. Some of the initiatives we are taking include:

  • a newly redesigned website and logo
  • a High Tech Crime Investigator Certification
  • improvements in the way we help form and support international chapters
  • development of member benefit programs
  • many other actions

Community involvement

Another strategic initiative is to partner with other groups. This has already been happening to some extent at the chapter level, as a few of our chapters band together with those of other associations to hold joint training events. (This is, in fact, one of the reasons SoCal won Chapter of the Year.) However, we want to make it something we do more consistently across all our locations.

At our conference in Indian Wells we unveiled our nascent partnership with the SANS Community of Interest for Network Security (COINS) program, which allows us to help even more chapters offer local events jointly with a great educational resource. Already we’ve seen the debut of SANS360 offered jointly in DC with our Mid-Atlantic chapter, and in February, Mark Gonyea will be teaching Computer Forensic Investigations-Windows In-Depth in Los Angeles. We also hope to work with SANS on virtual events, like our free webcast in October.

In addition, we announced that our International Board of Directors voted to join the Consortium of Digital Forensics Specialists (CDFS) as an Organizational Member. We believe that in this way we’ll be able to help shape the education and training of this particular facet of high tech crime investigation, which is just one of the many our membership serves.

Finally, we’re looking to get more involved with our communities on Facebook and Twitter (and we’d love it if you left more comments here on the blog, too!). Polls, Twitter chats and continued conversation with our members and supporters will be part of what we’re doing.

Get involved! Become a member (guidelines at http://www.htcia.org/membership.shtml) and subscribe to this blog, our Facebook and Twitter pages to find out the latest.


HTCIA joins the CDFS to help set digital forensics standards

December 22, 2011

Consortium of Digital Forensics SpecialistsWe are very pleased to announce that we’ve joined the Consortium of Digital Forensics Specialists (CDFS) as an Organizational Member! Established in 2008 to provide leadership and advocacy as the global representative of the digital forensics profession, CDFS offers the chance for HTCIA members, through their board representatives, to collectively help determine standards for digital forensics ethics, practice and professional licensing and certification, among other areas.

Our International President, Duncan Monkhouse, has this to say: “For 25 years, our members have contributed to the development of digital investigation as a science and a profession. Supporting the CDFS is a natural outgrowth of their contributions. We look forward to helping shape the education and training of this particular facet of high tech crime investigation, which is just one of the many our membership serves.”

Chris Kelly, CDFS’ president and a New England HTCIA chapter member, is likewise excited. “HTCIA’s membership is a welcome addition because of its members’ breadth of experience not just in digital forensics, but also in private investigation, prosecution, and other professions that affect the way digital forensics is perceived within the investigative community,” he says. “We look forward to their input and assistance in driving not just our association, but the entire profession forward.”

HTCIA joins two other nonprofit professional organizations, the International Association of Computer Investigative Specialists (IACIS) and the Association of Digital Forensics, Security and Law (ADFSL) as members of CDFS. We couldn’t be in better company, and we’re so grateful to CDFS for making our membership possible!


New 2011 conference venue!

December 16, 2010

Renaissance Esmeralda Resort & Spa Indian Wells HTCIA Conference venueWe are pleased to announce that the Renaissance Esmeralda Resort has been selected to host the 2011 HTCIA International Training Conference and Expo.

Nestled at the base of the majestic Santa Rosa Mountains in the exclusive community of Indian Wells, the luxurious Renaissance Esmeralda Resort & Spa is the desert’s finest oasis. Offering unparalleled service and all the amenities of a world-class resort, Esmeralda invites you to indulge your every whim. Featured in Condé Nast Traveler’s 2004 Gold List of “World’s Best Places to Stay” and Travel + Leisure’s “500 Greatest Hotels in the World,” The Renaissance Esmeralda is an oasis of modern luxury featuring a sophisticated blend of classic and contemporary style.

We are expecting a stellar cast of speakers and presenters in the field of High Tech Crime Investigation, Data Security, Computer Host Forensics, Network Forensics, and many other subjects. The complete list will be posted as it becomes available, and prices are yet to be determined.

Please join us for this outstanding High Tech Crime Investigation conference!


Survey Says: More training, better support for cyber crimes investigations

June 11, 2010

HTCIA members will likely remember the survey we sent out last month, in which we asked their feedback on a variety of subjects ranging from their experience level to their training and equipment quality. We got a decent response for such a short period of time (we promise it will be open longer next year!) — 14% — and while the executive summary was one of our handouts at Techno Security, you can find the full report downloadable at http://www.htcia.org.

Survey key findings

Presently, those who investigate cyber crimes do a little of everything: traditional investigation, digital forensics, public education, etc. Instead, investigators would like to see people dedicated to each task, to ensure more effective evidence handling.

It’s not more investigators who are needed – it’s more trained personnel across an entire organization. Training employees on how to recognize and properly handle digital evidence means that investigators will be able to focus on their specialized tasks.

The bulk of cyber crime investigation training comes from organizations’ budgets, not from government grants.
While some agencies and companies have policies, strategy and reporting in place, many do not; furthermore, those that exist are not uniform.

Collaboration happens to a great extent among federal, state and local law enforcement agencies, but much less frequently between law enforcement and corporate investigators.

Other major findings in the report include marked increases in criminal use of digital technology; the fact that all types of fraud was most likely to be investigated across law enforcement and corporate domains; and that, while a greater quantity of affordable training is needed, the quality of both investigative equipment and training were rated adequate by respondents.

Conclusions

We actually timed the report’s release not just for Techno, but also for the President’s National Security Strategy. That report calls for cyber security literacy, better mechanisms for data preservation, protection and privacy; and improved network defense and incident response, but it doesn’t focus on any particular area(s) for those improvements.

Our hope is that this report provides that focus. Cyber crimes are difficult for many people to understand, but as investigators, the HTCIA membership is in the best position to know what is needed and why. The next step is to help laypeople understand, whether through the White House’s own “disaster mitigation” analogy or through other descriptions. This report is intended to start that process.

Questions or ideas? Please leave a comment below!