A Midwestern training conference based on community

March 29-April 1 this year will see our Minnesota chapter hosting its 9th annual spring training conference. Its competitive lineup of sessions centers on computer investigation issues, tools and techniques, including:

• computer crime investigation
• cellular/smart phone analysis
• live forensics
• Windows 7 tips and tricks
• legal updates
• security issues
• internet evidence

Keynote speakers include Andy Crocker, COO of CyByL Technologies and subject of the book “Fatal System Error” by Joseph Menn, Marc Goodman from the Cybercrime Research Institute and Micheal Kobett from the Defense Cyber Investigations Training Academy.

“We took a page from the international conference’s playbook by focusing on topics this year, rather than on speakers we were already familiar with,” says Jason Bergum, Minnesota chapter president. “As a result, we have a much more diverse lineup. Jim Moeller will be speaking on xBox and Windows forensics, while a speaker from Purdue will talk about social networking. We’ll have case studies on phone cloning fraud, and a local case centered on threats made to the Vice President.”

Breakout, bring-your-own-laptop sessions will also be included to get hands-on experience with some of the newest digital forensic tools. Vendors like Intella, Red Wolf Systems (makers of Drive Prophet), Guidance, Susteen and Technology Pathways (makers of ProDiscover) will be on site demonstrating hardware and software products. Some vendors will additionally provide classes: AccessData on triage, Guidance on RAM analysis, and others.

Affordability in the spirit of community

Held at the Bureau of Criminal Apprehension in Saint Paul, MN, the conference costs $300 for non-members, $260 for members and $100 for students (proof of enrollment required). This inexpensive event is in direct response to the current state of the economy.

“Many departments and corporations, especially in these economic times, frown on expensive training and we have been able to provide an event that is not only affordable, but high quality,” Bergum explains. “Our chapter membership spans 3 states and this conference provides great training that people don’t have to travel long distances to obtain.”

Conference organizers hold costs down by appealing to the sense of community learning on which HTCIA was founded. “We all know we can’t do this work alone,” says Bergum. “We are fortunate to have volunteers who give their time, as well as speakers who contribute their knowledge and experience just because they know it is needed.”

No investigative conference would be complete without the opportunity for investigative professionals to gather together and discuss current trends, the latest tools, and to build camaraderie. Bergum says this is consistently the aspect which participants like best about the conference, as well as quality of speakers.

In addition, a change of venue — from the 90-seat limit at Target Corp. to the 150-seat maximum at BCA — will allow for many more participants to attend and network.

A co-sponsorship with higher education

For the first time in its history, the Minnesota chapter will be co-sponsoring its conference with Century College, an arrangement made possible by the Investigative Sciences and Law Enforcement Technology (ISLET) program.

“The ISLET grant is specifically for forensics training,” says Bergum, adding that he anticipates nearly two dozen students at the conference this year — a significantly greater number than last year. The chapter is working on creating student charters with both Century College and Metro State.

We wanted to know one final thing: how does the chapter attract people to Minnesota at a time of year that isn’t yet as warm as in other areas of the country? Bergum says that’s easy — the state holds many different types of attractions. “The Land of 10,000 Lakes” attracts outdoorsy adventurers, while others come to see (and shop at) the Mall of America.

“Many people are also intrigued by our Skyway system,” says Bergum, “which makes it easy to get around each of the Twin Cities.” Additionally, a train goes directly from the airport into downtown Minneapolis.

In the Midwest, or planning to travel there at the end of March? Join our Minnesota chapter members while you’re there!

Thank you conference attendees, volunteers & sponsors for a wonderful 2010 conference!

Our 2010 International Training Conference & Expo has come and gone, and feedback we’re getting is that it was among our better events. The three full days of training, lectures and hands-on labs brought together old friends, new contacts, and the vendors who support them in their investigative work. Spouses got to tour beautiful historical sites, and everyone got the chance to celebrate members’ achievements at our annual banquet.

Finding tools that fit their budget, learning about tools and techniques from other investigators, and bolstering their own expertise are among the reasons why investigators from law enforcement, corporate security, information technology, private consultancies, and academia come to our conference every year. Last week, the six lecture tracks (networking, the cloud, digital forensics, legal topics, social networking, and cell phones) running concurrently with six vendor lab tracks over three full days offered a balanced conference, which at least one first-time attendee perceived as more vendor-neutral than others.

Others appreciated the range of topics. Chris Curran, a civilian computer forensic examiner with a California police department, attended lectures and labs that supported both the operational and legal aspects of his job. “Donn Hoffman’s class, ‘The Forensic Examiner’s Self-Defense: Managing Difficult Prosecutors & Conquering Cross Examination,’ laid out some great strategies for communicating with the prosecutor handling a case,” Curran explains. “He also took time to explain key issues that are not under the prosecutor’s control and how they make for last minute requests to forensic examiners.”

Curran also attended “SHIFT: A Workshop for Professionals Exposed to Child Sex Abuse Images at Work.” “The workshop provided great insight into identifying causes of stress both at home and on the job, finding ways to deal with the stress, and learning to build a team to support those in this line of work,” he says. “The tag team approach of Lt. Kris Carlson and Kathy Majerus was well organized and very smooth. I thought it to be one of the best sessions I have attended at any conference.”

Other highlights included our keynote speakers — Steve Cooley, Patrick Gray, Shawn Baker and Marc Goodman — Tuesday’s Computer Forensics Jeopardy, a forensic tower giveaway from the nonprofit Innocent Justice Foundation and our sponsor Forensic Computers Inc., and some after-hours beer-and-food vendor labs.

Todd Shipley, 2010 international president, says that among the lectures, labs and four keynote speakers, “Our annual conference this year in Atlanta was a great training experience for our members and non-member attendees. The level of training our conference has provided is unequaled. We brought in trainers from all over the country and had attendees from all over the world – Taiwan, Norway, the Netherlands, even Pakistan.

“What is exciting for us as an organization is that next year is our 25th anniversary as an organization. In addition to this milestone we will also have our first truly International President, Duncan Monkhouse from Ottawa, Ontario, Canada.”

The social side

The HTCIA conference isn’t all work and no play. Many attendees’ spouses joined them in Atlanta, and after hours – following tours of nearby plantations, or local museums – joined the attendees for social events, including the Northeast Chapter‘s traditional afterparty on Monday night and the annual awards banquet. Following the ceremonies and dinner, engineer-turned-comedian Don McMillan of TechnicallyFunny.com took the stage for the evening’s entertainment.

“From my perspective the conference was a real success,” says Duncan Monkhouse, the conference chair. Although attendance was lower due to the economy, he notes, “I believe that nearly everyone left with a feeling that they had had a wonderful time and learned a thing or two. The conference met most of my goals, easy registration, great program, mostly great food, great hotel, great exhibit hall, wonderful volunteers and great networking opportunities.”

We’re looking forward to providing the same high-quality training and networking in San Antonio, Texas this coming year. Located along the city’s Riverwalk, and running from Sept. 19-21, the 2011 HTCIA International Conference & Expo promises something for everyone. Stay up to date on conference developments via this blog, Twitter, Facebook and LinkedIn. We look forward to seeing you next year!

Get to know some of our expert speakers!

Our speakers are a diverse lot comprising both HTCIA members and non-members, people from North America as well as overseas, public and private sector, and from various walks therein. Many of them have blogs and podcasts, and we invite you to get to know them before you attend their presentations!

Davi Ottenheimer, a security and PCI expert, blogs at http://www.flyingpenguin.com/ – not just about infosec, but also on a wide variety of topics including energy, food, and sailing. He’ll be presenting “Anatomy of a Breach” on Wednesday, along with “No Patch for Social Engineering” and “Cloud Investigations and Forensics,” both on Monday.

Ondrej Krehel, Identity Theft 911’s information security officer, has a brand-new infosec blog at Credit.com. At the conference, Ondrej will be lecturing on Tuesday about forensic investigations of hacking incidents, which are more complex than often given credit for.

Jeff Carrell, a network systems and security instructor for HP Networking, has designed thousands of systems that are in use all over the world; learn more at http://www.networkconversions.com/. On Monday, Jeff will be teaching Networking 101, a look at network components and how they fit in an overall systems.

Dave Hull, a community instructor with the SANS Institute, editor of the SANS Forensics Blog, and a member of a Fortune 500 Computer Incident Response Team, is well known in the industry. His blog has some interesting discussions about infosec issues and SANS, and you can find him on Twitter too. Hull will be teaching the hands-on Super Timeline Analysis over two sessions on Monday.

Gary Kessler isn’t just a networking and digital forensics genius – he’s also a SCUBA divemaster and critical incident stress debriefing (CISD) team member, among other facets. Find out more at www.garykessler.net. Gary is teaching about TCP/IP protocol analysis as well as cryptography on Tuesday.

Don Jackson, Secure Works’ Counter Threat Unit director, has blogged extensively about malware, cyber attacks, and their impact on global finance. He’ll be lecturing on malware profitability on Wednesday.

Dean Gonsowski, vice president of e-discovery services at Clearwell Systems and a licensed attorney in the states of California and Colorado, contributes to a group blog about e-discovery. He’ll be presenting on Monday about the implications of compliance on e-discovery in the cloud.

Renato Opice Blum will be co-presenting with Cedric Laurant on legal developments and court decisions in Latin America. Cedric blogs about security, privacy, and the law at http://blog.security-breaches.com/ and http://blog.cedriclaurant.org/. Meanwhile, follow Renato on Twitter for related news at twitter.com/opiceblum.

Robert Shullich, who will be presenting Monday on demystifying the Microsoft Extended File System, blogs his research at http://rshullic.wordpress.com/.

Craig Ball, an Austin attorney who is presenting a game show-style “Computer Forensics Jeopardy” (with prizes!) contributes to a group blog on e-discovery, as well as providing many of his writings on his website www.craigball.com.

Marc Goodman of the Cybercrime Research Institute will talk virtual world crimes on Monday, discussing both virtual worlds and multimedia roleplaying games. In addition to his website futurecrimes.com and tweeting at twitter.com/futurecrimes, Marc graciously provided more details about his lecture and his keynote in an interview on our blog – read it here!

If you’re interested in aviation, you might enjoy James Wiebe’s blog. As we noted a little while ago, James will be giving three presentations on encryption, BitLocker, and a history of the use of ciphers for crime fighting.

Also don’t forget our interview with private investigator Cynthia Navarro, who is presenting on social networking and where it fits in an investigation on Wednesday, and with Heather Steele of the Innocent Justice Foundation, whose trainers are presenting several classes on mental health for investigators of child pornography.

Plan to connect with them in Atlanta this month — conference registration closes at midnight on Monday, Sept. 13!

Keynote on Future Crimes: INTERPOL’s Marc Goodman

When it comes to future crimes, it may be tempting to dismiss concepts like robotic crime, artificial intelligence crime, and others. After all, we’ve got enough problems in the present, and no one can predict the future.

Or can they? Marc Goodman, Senior Advisor at Interpol Steering Committee on Information Technology Crime, argues that these are hardly concepts — they are already reality. We talked more with him about his keynote presentation, which describes why and how:

HTCIA: You’re speaking about highly technical subjects. How far in the future are they — closer than we think, or far enough to have time to think?

Most cybercrime investigators already have enough work to do and none of us is hurting for more cases. That said, I think it is important to look at what”s coming next in cybercrime. Though some of the issues I will be discussing sound far off (Robotic Crime, Artificial Intelligence Crime, Satellite Crime), in fact, these issues are already here.

There are real-world case examples of all the new forms of crime to be discussed. That said, most are not very common…just yet anyway. I think one of my favorite quotes will answer your question perfectly: “The future is already here, it is just not very widely distributed yet.” (William Gibson, Neuromancer).

In other words, these things are occurring everyday, though most are not aware of it. My goal is to help raise awareness of these issues and plot a public response to them.

HTCIA: Some examples are here and now (terrorists recruiting on MMPORPGs), Hollywood (robotics in law enforcement), or apparently superfluous (virtual goods theft, rape). Why and how are they relevant?

Law enforcement has always played catch-up. Throughout history bad guys have always had access to technology long before police officers. Whether discussing cars, automatic weapons, pagers, mobile phones or the Internet–police have always tried to retrospectively figure out what criminals were doing and then had to beg for funding to respond.

Cops see the trends early on, but it takes a long-time to ramp-up and get adequate resources to respond. Given the rapid pace at which technology is moving forward, playing catch-up all the time may put society and our future at significant risk. Therefore, I think it is critically important to study and respond to future forms of criminality now–before it is too late.

HTCIA: Most agencies nowadays are struggling with lack of resources to police the real world. How could they balance the two?

This is a really tough question, particularly given the state of our economy and the number of agencies actually laying off police personnel. As a former street-cop, I clearly understand that drive-by shootings and child abductions will always outrank more esoteric forms of criminality.

That said, much could be accomplished via effective partnerships with the private and educational sectors. It doesn’t cost anything for an investigator to visit a professor of robotics or AI at the local college or university. I think in particular there is a large role to be played by the federal government and its various law enforcement research arms such as NIJ and NCJRS.

Also, many of these emerging technologies have already been exploited by the military and defense communities, each of which offer technology-transfer programs for police agencies.

In summary, I am not suggesting every cop needs training in robotic operating system forensics, but I am suggesting that, particularly in large departments, it might not be a bad idea to have at least one person think about these issues occasionally.

HTCIA: How did you become interested in these areas — what made you move from more conventional cybercrime topics to the future?

I’ve been working in the high-tech crime field for almost 20 years. To be honest, I had become a bit bored with the standard questions we were hashing-out and re-hashing all the time. “Cybercrime is bad; we need greater international cooperation; public-private partnerships are important.”

I had heard the same themes repeated over and over again at dozens of conferences over the years. With absolutely no disrespect to any of my colleagues, I just felt we needed to move the conversation forward and become more proactive.

Cybercrime of 1990 or 2005 will have little in common with the technical threats we are facing in 2010 and beyond. The absolute game changer is the ubiquity of technology. Previously computers were big white boxes with television-sized monitors on our desks. As anybody today knows, thanks to Moore’s Law, the iPhone can do all the same things.

What people perhaps haven’t yet realized is that their refrigerators, cars and photocopiers all have hard drives in them. GPS forensics and location-based forensics will explode in the near future. We are producing more data than ever and it will be an increasing struggle to analyze it all. Today the Roomba robot vacuums the floor; tomorrow it may protect your home and actually fight off intruders.

Though it sounds like science fiction to some, I absolutely believe that we are on the verge of a new type of cybercrime revolution. I’d like to help move the conversation forward and develop a plan of response for the good-guys now, before it is too late.

HTCIA: Anything else you’d like attendees to know before they hear you talk?

Come in with an open mind and be prepared to have your assumptions challenged. 😉

Questions for Marc? Leave a comment and let us know!

Image: kevindooley via Flickr