March for HTCIA: Chapter meetings and other notable events

February 29, 2012

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. Our meetings and events this month:

March 1

Ontario HTCIA will be featuring a March Madness Double Bill Event! The first meeting on March 1 will feature two sets of speakers. First, Guidance Software, where Robert Ulke and Joseph Pizzo, Account Executives from Guidance Software, will review EnCase 7.0 features and give participants a sneak peek at the upcoming edition of EnCase Enterprise.

Next, chapter officers Eugene Silva and Ben Whittaker will offer their thoughts on the proposed Bill C-30 Investigating and Preventing Criminal Electronic Communications Act  (also known as the ‘lawful access’ legislation) or the Online Surveillance Bill (forcing Internet service providers to collect customer information) from their own perspectives — law enforcement and ISP.

Perhaps a real-life debate will break out, along the lines of the 1970s Point – Counterpoint (as seen on 60 Minutes or as parodied on Saturday Night Live). Audience participation is encouraged! Bring your ideas to Peel Regional Police, 180 Derry Road, Mississauga, Ontario from 7-9pm.

A full day of training will be available from Texas Gulf Coast HTCIA, presenting the US Secret Service Electronic Crimes Task Force (ECTF) Quarterly Meeting from 8:30 AM – 3:00 PM. A special invitation has been extended to members of the HTCIA Texas Gulf Coast Chapter.

Hosted by the Fort Bend County Sheriff Office and taking place at the Gus George Academy, 1410 Williams Way, Richmond, TX, this special meeting will introduce the task force members to Fort Bend County, get information on service needs, initiate mutual contacts between departments and corporate citizens, and to provide a unique educational opportunity.

Topics to be presented include cell phone forensics, real world hack attack case studies, and the ECTF fraud and cybercrime prevention programs. Most important this will provide an introduction to personnel who can assist in asset forfeiture, cybercrime forensics, and investigations and foster stronger ties with the Fort County Sheriff, as well as others in the local area.

For more information and to learn how to RSVP, click here.

March 8

From 11:30 AM to 1 PM at American InterContinental University, Atlanta HTCIA presents “Before You Touch that Cell Phone.” Crime scene processing may be second nature to law enforcement, but how do those of us in the private sector respond to and handle an incident that might later result in criminal charges? Are we using the proper standard of care during incident reponse involving electronic devices that could later stand up in court? The purpose of this presentation will be the proper processing of electronic devices including DNA and latent fingerprints.

Speaker Michael Barker, president of C4 Group, Inc. and Atlanta chapter president, is licensed by the State of Georgia as a Private Investigator and PI Classroom and Firearm Instructor. He holds a number of computer certifcations including the CISSP, CISA and A+. He is currently completing a Masters in Information Security through the Univesity of Fairfax.

March 9

The following week, the Texas Gulf Coast chapter will also host its regular meeting at the United Way Community Resource Center, 50 Waugh at Feagan (near Waugh and Memorial). Speaker and topic TBA; the meeting will run from 1:00 – 3:00 PM, with a networking lunch at JAX Grill starting at 11:30 AM.

March 13

Ottawa HTCIA will present “The Wonderful World of Microsoft Computer Registry Analysis”,  at Russell’s Lounge at the Ottawa Police Association. Greg Bembridge, a Senior Computer Forensic Instructor with the Technological Crime Learning Institute (Canadian Police College, Ottawa) will be speaking on the “gold mine” of forensic information found within registry files: software programs which have since been deleted, externally connected devices, wireless networks that were used, firewall exception rules in place, and much much more.

The meeting, which runs from 5:30 – 7:30 PM at 141 Catherine St. in Ottawa, will include a cash bar and grill. Members come free (cost is included in your annual dues); non-members may register for $15.00. To register, visit the event on the web site.

Southern California HTCIA will offer David Nardoni speaking about memory forensics. In this hands-on lab, we will cover the basics of live memory collection and its importance during an investigation, especially involving malware. Attendees will explore the differences between memory collection and analysis tools. In addition, this lab will cover basic malware triage, tips and tricks, and pitfalls. The meeting will take place from 8:30 – 11:00 AM at the USSS Los Angeles Electronic Crimes Task Force, 725 South Figueroa Street – Suite 1300 (Ernst & Young Building, 13th Floor). Please RSVP to socalhtcia@gmail.com.

March 14

HTCIA Asia-Pacific is hosting a special evening event in Singapore! As a part of our ongoing collaboration with SANS, HTCIA members are welcome to join the following interesting and informative presentation: SANS-HTCIA Community Night Presentation: Introduction to Windows Memory Analysis by Chad Tilbury, SANS Certified Instructor. From 6:30 – 7:30 PM at the Grand Copthorne Waterfront Hotel.

Mid-Atlantic HTCIA‘s meeting will see two speakers. Mark Morgan from Guidance Software will discuss the EnCase Enterprise Cyber Security Module & EnCase Command Center, including hardware requirements, webserver API function, and integration with ArcSight and other IDS tools.

Following his talk, Amanda Thompson, a GWU graduate student employed at the Department of Homeland Security, will present her analysis of how the Microsoft Windows 8 operating system, which is set to be released later this calendar year, will differ from previous versions of Windows. Based on research using the Windows 8 Developers Preview Edition, Thompson will talk about the noticeable differences within the file system (NTFS), where user data resides (such as My Documents, etc.), and the Windows Registry (Microsoft, 2012).

The meeting will run from 9:00 AM to 12 noon at the Department of Education, 550 12th Street S.W. in Washington DC.

March 15

Member Mike Wilkinson’s #DFIROnline virtual meetup will feature Hal Pomeranz speaking on Linux forensics for non-Linux users, and Corey Harrell on ripping volume shadow copies — tracking user activity. Access the meetings via WriteBlocked.org, and follow along on Twitter if you have an account!

March 16

Northeast HTCIA will hold an all-day meeting from 9:00AM-3:00PM at Pace University’s Butcher Suite, 861 Bedford Road, Pleasantville, NY. Speaker and topic TBA.

Washington HTCIA‘s monthly meeting, also with speaker and topic TBA, will take place from 10 AM to noon at the Edmonds Community College main campusSnohomish Hall room 123.

March 20

San Diego HTCIA presents a LIVE WiFi hacking demonstration setup, with data gathering; WiFi forensics presentation; and WiFi Q&A, complete with luncheon. Starting at 11:00 AM, Gerry Brown, CISSP and the chapter treasurer, will begin with a live WiFi hacking demo. Lunch (free for all current members, $20 for guests, and $45 for new members with completed  HTCIA membership forms) will be served from 11:30 to 12:00 PM; then, Glenn Jacobs, a Senior Information Assurance Engineer at JTT and chapter president,  will give a presentation on WiFi forensics. The afternoon’s activities will end with a Q&A.

The meeting is located at the Admiral Baker Clubhouse, 2400 Admiral Baker Drive in San Diego. HTCIA members are welcome to attend the chapter board meeting beginning at 10:00 AM. If you’ll be joining the meeting, please RSVP ASAP to treasurer@htcia-sd.org!

March 21

Michigan HTCIA presents Mobile Device Forensics: A Case Study of Cell Phone Evidence Recovered in a Homicide Investigation, presented by Detective Wade Higgason of the Livonia Police Department. Det. Higgason has examined more than 700 cellular telephones and more than 170 computers since 2005, when he was assigned to the Michigan ICAC Task Force for foreign, federal, state and local police agencies. The meeting will take place at at 10:00 AM at University of Detroit Mercy – McNichols Campus. Click here to RSVP and register for the event.

March 29

Ontario HTCIA’s March Madness continues with BlueBear and their flagship product called LACE (“Law Enforcement Against Child Exploitation”) and Mr Robert Beggs of Digital Defence, who will update our membership on the latest trends on how criminals are making money on the Internet.

Advertisements

February for HTCIA: Chapter meetings and other notable events

February 3, 2012

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got four upcoming special events as well as regular chapter meetings this month:

HTCIA Chapter Meetings

February 7

HTCIA Ottawa will present “Inclusion of Forensic Video Analysis Within an Agency’s Digital Forensic Program” in Russell’s Lounge at the Ottawa Police Association from 5:30-8 p.m. Jeff Spivack, an IAI Board Certified Forensic Video Examiner, will demonstrate how forensic multimedia analysts obtain investigative leads and actionable intelligence from files that might otherwise be discarded.

Spivack has worked as a Forensic Multimedia Analyst with the Las Vegas Metropolitan Police Department, and has been accepted as an expert witness in courts throughout the U.S. In addition to conducting case work, Jeff is also Cognitech, Inc.’s Forensic Video Software Certification Instructor, and Senior Instructor of Video Forensics for Forensic Data Recovery, Inc., Cognitech’s Canadian affiliate.

For more information and to register, see the Ottawa HTCIA website. Non-HTCIA members are welcome for a guest fee of $15.00.

Also on February 7, our Southern California chapter will be holding a joint meeting with ISACA Los Angeles. A dinner meeting at Monterey Hill Restaurant (3700 W Ramona Blvd., Monterey Park, CA), the presentation, a computer forensics case study, will run from 5:30-8:30 p.m.

Guidance Software’s head of Risk Management, Andy Spruill, will provide his first-hand account of the landmark Victor Stanley, Inc. v. Creative Pipe, Inc. the intellectual property theft case that spawned not one, but two, landmark legal decisions in the world of digital forensics and eDiscovery. To register, please visit ISACA LA’s website.

February 9

Atlanta HTCIA will present “Forensics in your PJs” from 7:30-9:30 a.m. A breakfast meeting at American InterContinental University in Dunwoody, Georgia, the meeting will show you how to use various resources and tools on the internet to gather data. From Facebook to blogs what you can learn while sitting in your PJs!

Speaker Buffy Christie is Senior Director of Equifax Global Security.  Buffy has a BS in Criminal Justice, Forensic Science.  She is a CFE (Certified Fraud Examiner)  and is President of the Southeastern IAFCI (International Association of Financial Crimes Investigators).

To register for this event, visit Atlanta HTCIA’s EventBrite page.

February 10

Texas Gulf Coast HTCIA will meet from 1:00-3:00 p.m. at the FBI Greater Houston Regional Computer Forensics Laboratory. Those planning to attend will need to be vetted by the FBI prior to the meeting. In order to attend, contact Ms. Julie Campbell, Receptionist, Pathway Forensics (713.301.3380) and provide her with your name, DOB and DL#. Chapter members should also RSVP to the Evite invitation that was sent to the e-mail account on file with HTCIA International.

February 14

Midwest HTCIA is offering an Android forensics and software demo by Christopher Triplett, Sr. Forensic Engineer of viaForensics. From 8:30-11:30 a.m., Mr. Triplett will cover Android File Systems, Android Forensic Analysis Techniques, and a demonstration of viaForensics’ viaExtract product.

Midwest HTCIA’s chapter meetings are located in Oakbrook Terrace, IL at the ICE office (16th floor, Oakbrook Terrace Tower).

February 15

Minnesota HTCIA will meet in the Ridgedale Library, RHR West Room in Minnetonka.

February 16

Member Mike Wilkinson’s monthly DFIR Online Meetup will feature Peter Coons and John Clingerman providing e-discovery case studies , along with Jonathan Rajewski speaking on “N unaqf ba (cra/cncre) rkrepvfr va onfvp pelcgbybtl/pelcgnanylfvf”… or, “A hands on (pen/paper) exercise in basic cryptology/cryptanalysis.” Join in at 8:00 p.m.!

February 17

Washington state HTCIA will be meeting between 10am-12pm. Topic and speaker both TBD.

February 21

Central Valley HTCIA will be meeting at 12:00 noon at the Stanislaus County Sheriff’s Office, 250 East Hackett Road in Modesto, CA. Tentative topics are a presentation on TOR by Cullen Byrne, and an update on the group Anonymous by an FBI representative. Lunch to be provided.

Austin HTCIA, meanwhile, will meet from 1:30 to 3pm at the REJ Building. Rick Andrews will be going over navigation in EnCase v7. Come with questions!

February 22

Atlantic Canada HTCIA will meet from 5:30-7:30 p.m. with Jan Cox from Oracle presenting on the topic of SQL injection, among other things. An update on the chapter’s conference planning efforts will also take place.

February 24

From 11:00 A.M. – 3:00 P.M. at University Hall, Room 465 (51 Goodman Dr. in Cincinnati), Ohio HTCIA will be offering a presentation on Incident Response: Live Memory Capture and Analysis. Presenter Justin Hall has 15 years of experience in the information technology field and has spent the last seven focused on information security.

Mr. Hall is currently a security architect for CBTS, a technology services provider in the Cincinnati area – consulting with the firm’s enterprise customers in developing vulnerability management, incident response, and endpoint & network defense programs. He is a frequent speaker at information security community events, a SANS mentor, and holds a GCIH, GCFA and GPEN.

Following Mr. Hall’s presentation, lunch will be provided and the chapter’s business meeting conducted.

Also on Friday, our Kentucky chapter will meet at 1:oopm at Boone County Sheriff’s Office. Tom Webster will present about Internet Evidence Finder.

February 29

San Diego HTCIA will meet at the Admiral Baker Clubhouse in San Diego. Lunch will be served at 11:30, with the presentation (yet to be determined) running from 12:00-1:00 p.m. HTCIA members are also welcome to attend the 10 a.m. board meeting that day.

Lunch is free for all current members, $20 for guests, and $35 for new members with completed  HTCIA membership forms. RSVP is required, so please RSVP ASAP to treasurer@htcia-sd.org! This will assist in planning for seating and food requirements.

Northern California HTCIA will also be meeting on February 29. Topic and location to be determined.

Special Training Events

February 6-11: SANS COINS event coming to Los Angeles!

Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10”! Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs/

February 15

ISSA Ottawa and Women in Defence & Security will be co hosting a National Capital Security Partners’ Forum Event featuring Marene Allison, VP & CISO of Johnson and Johnson. The opening speaker will be Rennie Marcoux, Assistant Secretary to the Cabinet (PCO); the closing speaker will be Carol Osler, VP Physical Security TD Bank. For more information and to register, see http://www1.carleton.ca/npsia/upcoming-events/4409-2

February 20-24

Free law enforcement training! Minnesota HTCIA is advertising “Fighting Cyber Crime”, 40 POST credits’ worth of courses at the St Cloud State Campus. The training is a response to the increased ease with which people can access the Internet to commit crimes, as well as the increased emphasis on issues of homeland security. Participants will learn ways to uncover, protect, and exploit digital evidence to respond to crimes. Register via the course flyer at http://www.mn-htcia.org/documents/Cybercrimecourseflyer.pdf.

February 27-March 1

The New York District Attorney’s Office has partnered with the National White Collar Crime Center to offer Cybercop 101 – Basic Data Recovery & Acquisition (BDRA) to qualified members. This 4 day course teaches the fundamentals of computer operations and hardware function, and how to protect, preserve and image digital evidence.

This class introduces participants to the unique skills, best practices and methodologies necessary to assist in the investigation and prosecution of computer crime. It includes presentations and hands-on instruction on such topics as Partitioning, Formatting, Data Storage, Hardware and Software write blockers, the Boot Up process, and Duplicate Imaging. Register here for this and future courses!

REMEMBER: To get discounts or free training (where applicable), you must be a member.  Please join or renew your 2012 membership today!


January HTCIA news and events

January 9, 2012

Before we run down the list of January chapter events, we’d like to draw your attention to two new chapter website redesigns. HTCIA Asia-Pacific will contain all-new and updated content, having migrated from the old htcia.org.hk. Visit President Frank Law’s blog post to read more details, and be sure to follow HTCIA-APAC in its various social site locations!

Meanwhile, our Midwest chapter is building out its site with new content weekly, including Tips of the Week, listings of forensic tools, and of course updates on chapter meetings and events.

Visit the new sites, subscribe to their RSS feeds and learn from what they offer!

Upcoming January HTCIA meetings

Whether you’re local to our chapters or traveling to their cities, we welcome your participation in our training and education. We’ve got two upcoming special events as well as regular chapter meetings this month. Where available, we’ve posted meeting details; if none are available, we encourage you to visit the chapter website (linked below) and get in touch with the officers to learn more.

January 11

HTCIA Atlantic Canada Chapter Meeting, 5:30pm – 7:30pm. Eric Jones of Absolute Software (maker of LoJack and Computrace computer tracking software) will be focusing on the use of these tools for geolocation, forensics, and law enforcement.

The Atlantic Canada chapter meets in two physical locations:

  • Fredericton New Brunswick at 64 Allison Blvd.
  • Dartmouth Nova Scotia, 45 Alderney Dr.

There’s also a telephone conference line and a WebEx conference for those who can’t make it to the physical locations. Contact the chapter for more information!

January 12

Atlanta HTCIA will be holding Log2Timeline open source tool training from 11:30AM – 1:00PM at American InterContinental University’s Dunwoody, GA campus. Log2Timeline is used to create a “SuperTimeline” to help determine the sequence of events based on logs and artifacts found in a forensic image of a Windows based system.

Speaker Rodger Wille has been working incident response and forensics within the Federal Government for over 10 years.  Rodger is currently the Digital Forensic Services Team lead for a Federal Agency based in Atlanta, where he is responsible for conducting digital forensic and malware analysis in response to computer intrusions and malware incidents.

January 13

Texas Gulf Coast HTCIA will be holding an “overview” type meeting from 1:00 PM – 3:00 PM (following an 11:30 a.m. social networking lunch at JAX Grill) at the United Way Community Resource Center. This meeting will focus on the meetings for 2012 and will include possible topics, speakers and training session(s). Please come with lots of ideas!

January 17

San Diego HTCIA is teaming with the city’s Information Systems Security Association (ISSA) chapter this month! Between 11:30 – 1:00 PM PST at the Admiral Baker Clubhouse, Mr. Robert Capp II, Senior Manager of Trust and Safety at StubHub, will be presenting on the results of an online fraud investigation against StubHub. Learn the limitations of traditional investigative methods for international crimes and how StubHub overcame these limitation to work effectively with various international law enforcement to arrest the criminals and seriously reduce company fraud.

Ottawa HTCIA will be meeting from 5:30-7:30 p.m. Their meetings are held in Russell’s Lounge at the Ottawa Police Association, 141 Catherine Street, Ottawa, Ontario.

Central Valley (CA) HTCIA will be meeting at 11:30 a.m. at 250 E Hackett Road, Room 152 in Modesto. Lunch will be provided, and the topics for the day include chapter goals for 2012, and interpreting hex code.

January 18

Florida HTCIA welcomes speaker Randall Huff, Security Director of TLO.com, from 9:00-11:00 a.m. at the IRS-Criminal Investigation 7850 SW 6th Court, Plantation, FL. Mr. Huff will be speaking on TLO as an organization, TLOxp used by and available to law enforcement as well as other tools developed by the the inventor of Autotrack and ACCURINT.

Michigan HTCIA will be meeting the same day at 10:00 AM at the Walsh College Novi Campus room #511. The presentation will be an overview of using social networks as an investigative tool. HTCIA members Mr. Steffan Gaydos and Wayne County Sheriff Deputy Erin Diamond will present issues affecting law enforcement, as well as private sector investigations. The presentation will conclude with a discussion on tools and methodologies for collecting online evidence.

January 19

DFIROnline, run by HTCIA member Mike Wilkinson of our New England chapter (though separately from chapter meetings), is a virtual meeting that brings together digital forensics and incident response professionals from all locations and all disciplines. Beginning at 2000 and running for about an hour, this month’s meeting will feature Harlan Carvey looking at malware detection on an acquired image and Eric Huber covering APTs.

January 20

Washington state HTCIA will offer a presentation on managing incident response investigations, given by Michael Panico of Stroz Friedberg, from 10:00 AM-12:00 PM.

January 26

Ontario HTCIA will be at the Toronto Police College 7 – 9 p.m.

Special Training Events: Atlanta, GA & Los Angeles, CA

On January 27, 2011, Atlanta HTCIA will be offering a special presentation on Understanding and Investigating Microsoft Volume Shadow Copy. This event will run from 10:00AM – 2:00PM; Christopher L. T. Brown, CISSP and the founder and CTO of Technology Pathways, will be presenting.

Field investigators often need to find information fast in the field.  Recovering deleted files and performing advanced searches are often time consuming and thus prohibitive for field investigators.  Both live system triage and analysis of off line images containing Microsoft VSC “Volume Shadow Copy” snapshots can often net a wealth of information to investigators who know how to process it.

Learn more and register at the Atlanta HTCIA chapter website!

February 6-11: SANS COINS is coming to Los Angeles! Rob Lee’s newest SANS course, FOR408 Computer Forensic Investigations-Windows In-Depth will be in sunny Los Angeles, CA February 6-11. Taught by Mark Gonyea, FOR408 focuses on the critical knowledge of the Windows OS that every digital forensic analyst must know to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil/criminal litigation.

FOR408 will include a SANS Investigative Forensic Toolkit (SIFT) Essentials with a Tableau Write Block Acquisition Kit and a course DVD loaded with case examples, tools, and documentation. Full course information and registration info is available at http://www.sans.org/los-angeles-2012-cs.

HTCIA members can save an additional 10% off tuition when you enter Discount Code “COINS10” Register now!


Upcoming for HTCIA in 2012: Strategic initiatives, community involvement

December 28, 2011

One of our most recent posts, a retrospective by our longtime member Fred Cotton, covered how HTCIA got its start and how we got to where we are today. This post is about where we’re headed in the coming year, and beyond.

Our strategic plan

In July, a small group of HTCIA leaders gathered to map out a strategic plan, a vision and a road map for where HTCIA would need to go in order to continue to serve its membership. Following a careful assessment of our strengths, weaknesses, opportunities and threats, we devised a new, clearer and more succinct mission statement:

Provide education and collaboration to our global members for the prevention and investigation of high tech crimes.

In addition, we developed goals for education and professional development, membership services, communications, organizational governance, and financial resources. Some of the initiatives we are taking include:

  • a newly redesigned website and logo
  • a High Tech Crime Investigator Certification
  • improvements in the way we help form and support international chapters
  • development of member benefit programs
  • many other actions

Community involvement

Another strategic initiative is to partner with other groups. This has already been happening to some extent at the chapter level, as a few of our chapters band together with those of other associations to hold joint training events. (This is, in fact, one of the reasons SoCal won Chapter of the Year.) However, we want to make it something we do more consistently across all our locations.

At our conference in Indian Wells we unveiled our nascent partnership with the SANS Community of Interest for Network Security (COINS) program, which allows us to help even more chapters offer local events jointly with a great educational resource. Already we’ve seen the debut of SANS360 offered jointly in DC with our Mid-Atlantic chapter, and in February, Mark Gonyea will be teaching Computer Forensic Investigations-Windows In-Depth in Los Angeles. We also hope to work with SANS on virtual events, like our free webcast in October.

In addition, we announced that our International Board of Directors voted to join the Consortium of Digital Forensics Specialists (CDFS) as an Organizational Member. We believe that in this way we’ll be able to help shape the education and training of this particular facet of high tech crime investigation, which is just one of the many our membership serves.

Finally, we’re looking to get more involved with our communities on Facebook and Twitter (and we’d love it if you left more comments here on the blog, too!). Polls, Twitter chats and continued conversation with our members and supporters will be part of what we’re doing.

Get involved! Become a member (guidelines at http://www.htcia.org/membership.shtml) and subscribe to this blog, our Facebook and Twitter pages to find out the latest.


Rob Lee’s Super Timeline Analysis: A joint HTCIA/SANS COINS webcast

October 12, 2011

We are very pleased to announce a new joint event between us and and SANS’ Community of Interest for Network Security (COINS): a one-hour webcast on Super Timeline Analysis featuring Rob Lee! The webcast, part of SANS’ complimentary series, will expand on the lab material Rob presented in Indian Wells, delivering an exciting and valuable webcast both for those who attended the labs as well as those who were unable to attend.

Over the past year investigators have started to use timeline analysis to help solve challenging cases.  Learn how to create and analyze automatic file system and artifact timelines during incident response and criminal investigations.

There is no cost to attend this event, but you do need to register at: https://www.sans.org/webcasts/htcia-coins-pleased-present-super-timeline-analysis-94739

Webcast Details

Date:           Wednesday, October 26, 2011

Time:           8:00pm – 10:00pm (EDT)

Title:            Super Timeline Analysis

Featuring:  Rob Lee, SANS Faculty Fellow

For more information on the webcast contact Andrea Hogan: ahogan@sans.org.