Opening Session Virtual

9/27/2022 8:00 AM

Location
Virtual
Summary
Mobile Forensics Panel Alexis Brignoni, Geraldine Blay, Josh Hickman, Kevin Pagano

Cyacomb Forensics

9/27/2022 10:00 AM

Location
Virtual
Summary
TBD

Video Evidence: Why there is more to it than “just pressing play.”

9/27/2022 11:00 AM

Location
Virtual
Speakers
  • Blaine Davison - Technical Sales & Support
    Blaine is a retired Forensic Video Analyst and Digital Evidence Administrator from the Norman, Oklahoma Police Department. He joined the team at Amped Software in March, 2021 after over 23 years of commissioned service. He is also a LEVA certified Forensic Video Technician and served on the LEVA board of directors as President, Corporate Vice President and Webmaster. He also served for several years as a member of the video subcommittee of the Scientific Working Group for Digital Evidence (SWGDE).
Summary
While CCTV video and images are the most common and sought after forms of evidence in investigations, their reliability is often called into question. The conversion, interpretation, restoration, enhancement, analysis, and presentation of video must follow a forensic workflow to ensure not only reliability, but admissibility in court. This session will examine how Amped Software Solutions address these reliability and admissibility challenges by utilizing a ‘Camera to Court’ science-based workflow.

MSAB

9/27/2022 12:00 PM

Location
Virtual
Summary
Virtual Session

Digital Evidence from Social Networking Sites & Smartphone Apps

9/27/2022 1:00 PM

Location
Virtual
Speakers
  • Julie Lewis
    Julie Lewis, President, CEO and Founder of Digital Mountain, has over 30 years of experience working in the high technology industry and has been a long-time user of social media. One of the key focus areas of her company is on social media investigations, preservations and monitoring. Prior to founding Digital Mountain, Julie worked at VERITAS Software with next-generation storage, security and search companies. At VERITAS, she managed operations for new product releases across sales, marketing, product management, legal, engineering and customer support. Before joining VERITAS, Julie worked in the venture capital and investment banking industries in both the Silicon Valley and Boston areas focusing on the Internet Infrastructure, security and software sectors. In addition, Julie worked for two of the Big 4 accounting firms doing financial and IT auditing, as well as M&A due diligence as a CPA. She also worked for Applied Magnetics, a publicly traded provider of disk and tape drive components. Julie earned an MBA under fellowship from the F.W. Olin Graduate School of Business at Babson College and a BA in both Business Economics and Sociology from the University of California at Santa Barbara. She is a member of the High Tech Crime Investigation Association (HTCIA), American Bar Association, Sedona Conference's Working Groups on E-mail Management and Archiving (WG1) and Data Security and Privacy Liability (WG11), Cloud Security Alliance and has received her EnCE (Encase Certification in Computer Forensics). Julie is founding Director of the Silicon Valley Chapter of Women in eDiscovery and co-author of “The Sedona Conference Primer on Social Media”.
Summary
According to Statista.com in 2020, the global social penetration rate reached 49 percent, with East Asia and North America having the highest penetration rate at 71 percent and 69 percent, respectively. Mobile device usage for social media has increased to 91% of social channel accesses in 2018 according to Marketing Profs. Many technology thought leaders believe social networking will displace traditional email as the leading communication medium. This presentation will provide a practical walkthrough of preservation of top social media sites and how to effectively utilize tools for evidentiary collection across the Web, PCs/desktops and smart devices. We will look at social media apps on smartphones and what digital evidence exists compared to what can be found on the cloud. We will also explore innovations in emoji/avatar Apps such as Bitmoji.

Digital Investigations with OSForensics

9/27/2022 2:00 PM

Location
Virtual
Speakers
  • Charles Giglia
    Charles M. Giglia has been in the field of computer forensics since 2000 concentrating primarily on the research and development of computer forensic investigative techniques and training curriculum. Charles has an undergraduate degree in mathematics from Canisius College and a graduate degree in forensic science from the University of New Haven. He currently serves as Vice President of Training for Digital Intelligence, Inc.

Plex Trac

9/27/2022 3:00 PM

Location
Virtual
Summary
Virtual Session

OSINT Investigations: Managing Threats from Digital Marketplaces

9/27/2022 4:00 PM

Location
Virtual
Speakers
  • Brandon Wilkins - Customer Success Manager

Registration

9/28/2022 7:00 AM

Location
Seminole

Opening Remarks

9/28/2022 8:30 AM

Location
Seminole Ballroom I
Speakers
  • Warren Kruse - President
Summary
Honor Guard, Police Chief

Keynote Speaker - Sword and Shield: A Cyber Warrior's Perspective from the Trenches of Government and the Private Sector

9/28/2022 9:30 AM

Location
Seminole Ballroom I
Speakers
  • David Lacquement - General
    MG (Ret) David Lacquement is Arete’s Senior Vice President for Government Relations and Operational Intelligence Sharing. Prior to this he served as the Deputy Assistant Secretary of the Treasury for Cybersecurity and Critical Infrastructure Protection, where he led a team focused on safeguarding the private financial services sector from cyber threats that could impact U.S. national and economic security. He has also led a team at Booz Allen Hamilton, that supported U.S. Cyber Command with technical and operational planning cyber support. MG (Ret) served in the U.S Army for over three decades as an intelligence officer retiring as the Director of Operations, J-3, USCYBERCOM. As the first Director of Operations, he played a lead role in the framing and establishment of the Command and was responsible for directing the operations and defense of all Department of Defense’s networks, and for the planning and executing of offensive cyber operations for the Department of Defense. His military assignments included tours as Commanding General of the U.S. Army Intelligence and Security Command at Fort Belvoir, Virginia; Chief of Staff for Intelligence, C-2, Multi-National Force-Iraq supporting OPERATION IRAQI FREEDOM during the surge, Assistant Chief of Staff for Intelligence, J-2, United States Southern Command, Miami, Florida, and Assistant Chief of Staff for Operations, G-3, U.S. Army Intelligence and Security Command, Fort Belvoir, MG (Ret) Lacquement holds Masters Degrees from National Intelligence University, U.S. Army Command & General Staff College, School of Advanced Military Studies, and the National Defense University. He completed his undergraduate studies and graduated from Western Maryland College (now, McDaniel College).

Chalk Talk

9/28/2022 10:30 AM

Location
Seminole Ballroom I
Summary
Chalk Talk Winner

FAKE News: Don't believe what you see until you validate it

9/28/2022 11:00 AM

Location
Seminole Ballroom I
Speakers
  • Heather Mahalik - Author, Cellebrite, SANS
    https://www.linkedin.com/in/heather-mahalik-3615535/
Summary
Forensic artifacts can be misleading if they are not properly understood by the examiner. Trusting the data requires more than what is presented by a tool. When the case stands on the validity of an artifact, validation is a must. This talk will cover different case scenarios where the artifacts can be misleading and how the truth can be uncovered. Tips for successful validation will be provided to ensure you are not simply going with a theory and assuming the data supports it, but letting the data speak the truth on what happened, where it happened and how it happened.

Anatomy of a Business Email Compromise Investigation

9/28/2022 11:00 AM

Location
Studio 2B
Speakers
  • Steve Gemperle - Forensic Consultant
    Forensic Consultant with Magnet Forensics. Retired United States Secret Service Senior Special Agent with a demonstrated history of working in the law enforcement industry. Skilled in Computer Forensics, Incident Response, Homeland Security, Firearms Instruction, and Physical Security. Strong computer forensic and protective services professional with a Master of Business Administration - MBA focused in Finance/Marketing from Texas State University and a Bachelor's degree in Marketing from TCU.
Summary
A walk-through of how to conduct a Business Email Compromise (BEC) investigation. We will discuss how to investigate a Business Email Compromise, from how and what logs to pull (or ask to be pulled), timely steps to take to stop money transfers, different techniques to attempt to recover money sent and finally recommendations for securing systems and implementing policies to prevent BEC events.

Blockchain Basics: Understanding Cryptocurrency Fundamentals

9/28/2022 11:00 AM

Location
Studio 2C
Speakers
  • Teagan Kavanagh - Digital Forensic Examiner
    Teagan brings seven years of former law enforcement experience to Ace Computers and Defense Forensic, where he now works as a digital forensic examiner. The majority of his time in law enforcement was spent as a detective investigating financial crime, identity theft, and internet crimes. Over the last five years, Teagan has become a subject matter expert in cryptocurrency and digital forensic investigations.
Summary
During this introductory presentation we will explore basic blockchain concepts such as consensus mechanisms, block creation, and what terms like 'nonce' and 'RBF' mean. Knowledge of these underlying fundamentals will help investigators to better understand how a blockchain works and the data that is recorded with each transaction.

Social Engineering & Tor "How people truly manipulate through neuroscience & how to use it in your investigations"

9/28/2022 11:00 AM

Location
Hollywood East
Speakers
  • John Pizzuro - President JP Consulting & Speaking
    Before creating his own consulting & speaking business John spent 22 out of his 25 years investigating, managing, and leading complex investigations such as Terrorism, Cartels, Organized Crime, Corruption, Fraud, Cyber, Child Exploitation & Child Trafficking. John's approach always has been on making the impossible, possible. John has a penchant for vision and strategy and finding solutions.
Summary
Technology is a given and a constant. Sometimes we lack the ability to apply a technological solution. Anonymizing Apps, VPN’s, Tor and End to End encryption are challenges we all face. What if I told you there is a non-technical way to identify, engage and lure criminals out of the shadows? Sophisticated criminals and others have used social engineering to victimize their prey for decades. Today social engineering has been more constant and creative as we try to prevent intrusions. This presentation will explain the why and how. We will delve into the neuroscience and the impact of technology and how it makes even the most cautious susceptible. This presentation will also give investigators the ability to utilize these techniques to catch.

Lunch & Exhibit Hall

9/28/202212:00 PM

Location
Seminole
Summary
Awards Lunch

Human Security Engineering: Mitigating the Insider Threat

9/28/2022 1:30 PM

Location
Seminole Ballroom I
Speakers
  • Ira Winkler
    Award winning CISO, top-rated keynote speaker, bestselling author, but really just trying to leave the world more secure than how I found it. Security professional who's been around way too long. If you like my opinions, you'll love my latest book.
Summary
While the main perception is that the insider threat is due to a malicious party trying to harm an organization, well intentioned insiders, who are unaware, apathetic, careless, etc, are more likely to be the cause of loss. Either way, the cybersecurity industry realizes this and develops tactics such as awareness, MFA, DLP, etc. to mitigate the problem. Despite all of these tactics, 90%+ of all losses result from attacks targeting users. What this talk proposes is a comprehensive strategy to address the insider threat, whether it results from malicious or well meaning insiders. I refer to the comprehensive strategy as Human Security Engineering (HSE) and it involves creating a model that looks similar to the MITRE ATT&CK framework. The strategy involves identifying how a user loss is enabled, how it is initiated, and how loss is ideally mitigated before it can be realized. Applying HSE, security professionals can look at the entire sequence of a potential loss and determine what and where are the most cost effective countermeasures to implement. Applying individual tactics has proved to be ineffective in stopping the problem in large scale. At least one company has begun to implement HSE and has drastically cut phishing losses. This presentation will detail HSE and provide the resources required for attendees to follow up and consider how they can implement HSE to better mitigate their own insider threats.

Introduction to IDOL

9/28/2022 1:30 PM

Location
Studio 2B
Summary
- Introduction to IDOL o AI / ML - Scene Analysis o Video / Audio / Surveillance Analytics o Real Time Crime Center / Fusion Centers o Detects People, faces, demographics, clothing, vehicles o Object Recognition o Evidential Integrity o Speech-to-text o BWC / ICV Video Analysis o Redaction of video/pictures for FOIA requests

Uncovering the Artifact - Where it came from and why it's useful.

9/28/2022 1:30 PM

Location
Studio 2C
Speakers
  • Richard Frawley
    Richard Frawley is the Director of Training with ADF Solutions and is responsible for all training content globally. Richard started with ADF in 2016 as a Digital Forensic Specialist and quickly took charge of creating the content to build confidence in the use of the ADF suite of tools. Richard has successfully transformed the in-person classes of old to a dynamic online and virtual experience. Richard spent 22 years in Law Enforcement as a a Certified Forensic Computer Examiner and Cybercrime investigator before retiring and joining ADF Solutions
Summary
'When conducting a triage on scene or an early case assessment on a digital device there are plenty of artifacts that can help you put together enough Probable Cause to make a decision. What is an artifact, where do they come from, and why are they important? We will dig deeper into triage and explain artifacts such as user accounts, USB history, user logins, recent files, web history and downloads, where they came from, and how you can employ the results in your investigation. As an ICAC investigator on scene you will learn to understand specific artifacts, explain where they came from, and use the information to come to solid decisions when interpreting data from a digital device.'

Understanding Authentication of Physical and Digital Items Redefined with Immutable Blockchain Technology

9/28/2022 1:30 PM

Location
Hollywood East
Speakers
  • Daniel Garrie
    Founder of Law and Forensics; Neutral with JAMS; CISO at ZEK; Adjunct Faculty at Harvard an internationally recognized cybersecurity, cyber-warfare, electronic discovery, privacy, and forensic expert leading Law and Forensics, the fourth company he co-founded. He is also a Neutral with JAMS where he serves as an arbitrator, mediator, forensic neutral, discovery referee, Special Master, and technical special master all over the globe.

Break and Exhibit Hall

9/28/2022 2:30 PM

Location
Seminole Ballroom

Hansken: how to handle big data in Digital Forensic investigations

9/28/2022 3:00 PM

Location
Seminole Ballroom I
Speakers
  • Kristien Siemons - Community Manager
    Kristien Siemons is part of the Netherlands Forensic Institute and concerned with the development of the Hansken Platform. As Community Manager, she is involved in all-round processes, like the necessary software development, the connection with users and important stakeholders, and identifying new needs and future developments, so that the platform remains innovative and able to fight crime.
Summary
Do you work cases containing large volumes of data? And do you want to benefit from good software and international knowledge how to handle this data? Learn more about Hansken: a platform that is specifically developed for digital forensic investigations that contain of hundreds of Terabytes of data. Investigations conducted by law enforcement and intelligence agencies, concerning e.g., drugs, child abuse, domestic violence, murder, theft, fraud and more. Hansken is also used by courts of law as an e-disclosure application, enabling legal defense counsel to review digital evidence. But Hansken is more than just a tool: Hansken members share forensic knowledge and collaborate on UI development, backend development and plug-ins, which are made available in a shared Hansken app store and can be used directly in ongoing cases by all members. The international Hansken Community is for and by law enforcement and intelligence agencies, and is therefore a nonprofit collaboration, organized by the Netherlands Forensic Institute (NFI) in The Hague. Join this presentation to learn more about the how and what of Hansken. How do you use it? What are the benefits? What makes the platform a solution to what challenges? And above all: grab the opportunity to experience the way Hansken works yourself.

Crime Scenes to Courtroom – Processing, Investigating and Presenting Digital Evidence From All Sources To Show The Big Picture In A Holistic View

9/28/2022 3:00 PM

Location
Studio 2B
Speakers
  • Robert O'Leary
    Robert J. O’Leary is the Head of Investigations at Nuix USG and Corporate specializing in digital forensics and investigations and is based in Florida. Mr. O’Leary has more than 25-years of experience in digital evidence examination, electronic crime investigation, incident response and cyber security assessments. Prior to joining Nuix, Mr. O’Leary was a 20-year veteran of the New Jersey State Police where he established the High Technology Crimes Unit and supervised the first New Jersey statewide computer crimes task force. He also served as the Director of the NIJ Electronic Crime Technology Center of Excellence - a project established to build the capacity of state and local law enforcement to prevent, investigate and prosecute electron
Summary
Investigators face increasing pressure from the challenges the diverse range of digital devices presents. In addition to laptops, computers and mobile devices, today’s sources of digital evidence include network shares, Cloud Storage, IoT and more. Traditional digital forensic workflows prevent investigators from efficiently dealing with Big Data challenges. Critical evidence is often spread across multiple evidence sources and investigation must be multi-dimensional, encompassing multiple people, objects, locations and events. Join us to learn more efficient workflows that harness the value of big data, rather than becoming swamped by it.

Application of Machine Learning and Artificial Intelligence in Digital Forenscis

9/28/2022 3:00 PM

Location
Studio 2C
Speakers
  • Krešimir Hausknecht
    Krešimir is the head of Digital Forensics Department in INsig2, privately held company from Croatia. He has extensive experience in both public and private sector where he has contributed to various programmes and clients. Main tasks involve team and project management, working on cases and being a professional trainer in the field of digital forensics. He is an expert in live data forensics, malware and mobile forensics, open source intelligence and cryptocurrency investigations and has held over 1000 hours of trainings all over the globe on these subjects. In addition, he also teaches digital forensics classes on Zagreb university of applied science in Croatia.
Summary
o AI and ML are expressions that can be found on most of new software that is coming out but most of the people don’t really know what is it? In reality, companies will widely use these expressions as soon as they have a for or if loop in their software while in reality there will be no benefits for the user. Some of the companies and the community are actually doing a lot of progress in this area and digital forensic software is being “upgraded” too. This lecture will cover some of the new options and possibilities that forensic software has gained through the usage of this technologies.

Where did this come from???? Revealing the sending phone number of an unidentified AirDrop file.

9/28/2022 3:00 PM

Location
Hollywood East
Summary
Presenters: Brandon Epstein and Detective Benjamin Klein While a convenient and efficient method of transferring files, Apple's AirDrop feature has recently been used to share unwelcomed images of nudity aka 'cyber flashing' as well as generalized threats to the public. Since AirDrop does not rely on a network provider, phone number, or email address for transmission to nearby devices, the identification of an unknown sender is problematic. The receiving device may only see the user defined friendly name of the transmitter and there is no record of the transmission by any provider. This presentation will discuss a novel method to identify the phone number of an AirDrop sending device using logs found on the receiving device.

Break and Exhibit Hall

9/28/2022 4:00 PM

Location
Seminole Ballroom

Adventures in Memory Forensics

9/28/2022 4:15 PM

Location
Seminole Ballroom I
Speakers
  • Jamie Levy
    Developing cool stuff and working on the open source Volatility project (RAM forensics). Computer Forensics, Memory Forensics, Malware Analysis, Network Security, Artificial Intelligence, Linguistics, Language Technology, Object Oriented Programming, Systems Programming (Unix/Linux), Unix/Linux System Administration

When the Phone is All You Have

9/28/2022 4:15 PM

Location
Studio 2C
Speakers
  • Keith Lockhart - VP of Training
    Keith serves as the Director of Training for Oxygen Forensics, Inc. in Alexandria, VA (U.S.A). In that capacity, he provides training vision and curriculum continuity to the Oxygen Forensics user base while generating courses with customer success as their main focus. After 20 years in the DFIR education industry, Keith is globally recognized as an instructor, SME and peer who might not know the answer but will certainly help you find it!

Examining the Link Between Corruption and Cybercrime

9/28/2022 4:15 PM

Location
Hollywood East
Speakers
  • Jason Jordaan
    South Africa, Digital Forensics, Incident Response, and Cyber Crime Investigation Specialist I am a passionate Digital Forensics, Incident Response, eDiscovery, and Cyber Crime Investigation professional that strongly believes in finding the facts and solving problems, that often have a very real human cost. I served for 18 years in law enforcement as a detective and digital forensics examiner, before moving into the private sector, which has allowed me to continue making a difference in a bigger operational area.
Summary
May cybercrime are made possible through the use of social engineering techniques focused on deception and abuse of trust, and provide a foothold for most cybercriminals to gain access. But there are cases where organized cybercrime groups need more than a trusting employee that they can deceive. Sometimes they need an insider to help facilitate their crimes from within an organization. The presentation will examine the role that corruption plays in cybercrime, where external organized crime groups identify and target insiders within a target organization, and through acts of corruption, turn them against their own. This will be explored through a case study involving a large hack targeting government institutions.

The New Face of Fraud - The Challenges of Pandemic Fraud Investigations

9/28/2022 4:15 PM

Location
Studio 2B
Speakers
  • Robert O'Leary
    Robert J. O’Leary is the Head of Investigations at Nuix USG and Corporate specializing in digital forensics and investigations and is based in Florida. Mr. O’Leary has more than 25-years of experience in digital evidence examination, electronic crime investigation, incident response and cyber security assessments. Prior to joining Nuix, Mr. O’Leary was a 20-year veteran of the New Jersey State Police where he established the High Technology Crimes Unit and supervised the first New Jersey statewide computer crimes task force. He also served as the Director of the NIJ Electronic Crime Technology Center of Excellence - a project established to build the capacity of state and local law enforcement to prevent, investigate and prosecute electron

Exhibitor Reception - The Nerds

9/28/2022 5:30 PM

Location
Seminole Ballroom
Summary
Featuring The Nerds

Registration

9/29/2022 7:00 AM

Location
Seminole

Breakfast & Exhibit Hall

9/29/2022 8:00 PM

Location
Seminole Ballroom

The Unexplored Continent of Industrial Forensics

9/29/2022 9:00 AM

Location
Seminole Ballroom I
Speakers
  • Lesley Carhart - Director of Incident Response
    Lesley Carhart is the Director of Incident Response for North America at the industrial cybersecurity company Dragos, Inc., leading response to and proactively hunting for threats in customers’ ICS environments. Prior to joining Dragos, Lesley was the incident response team lead at Motorola Solutions. Following four years as a Principal Incident Responder for Dragos, Lesley now manages a team of incident response and digital forensics professionals across North America who perform investigations of commodity, targeted, and insider threat cases in industrial networks. Lesley is also a certified instructor and curriculum developer for Dragos’ incident response and threat hunting courses. Lesley is honored to be retired from the United States Air Force Reserves, and to have received recognition such as “DEF CON Hacker of the Year”, “SANS Difference Maker”, and “Power Player” from SC Magazine.

Chalk Talk

9/29/2022 10:00 AM

Location
Seminole Ballroom I
Summary
2nd Place Winner

How Many Android Phones Does it Take to Fly a Drone?

9/29/2022 10:30 AM

Location
Seminole Ballroom I
Speakers
  • Rober Schmicker - Co-Found and CSO
    Robert Schmicker is Co-Founder and CSO of Raven Works LLC, specializing in reverse engineering, forensic examination, and exploit development/modification of mobile and embedded systems. Robert applies his expertise to develop boutique embedded system and UAS solutions for various national defense customers. Prior to Raven Works, Robert was a senior cybersecurity engineer at The MITRE Corporation reverse engineering and decrypting mobile chat application data, providing cyber operation support, aiding law enforcement and seizure of cryptocurrency. Roberts holds a Masters degree from Johns Hopkins in Cybersecurity and a Bachelors in Computer Science from the University of New Haven. Robert has presented at DFRWS and AAFS.
Summary
DJI continues to dominate the drone market by producing drones accessible worldwide and easy to fly. Their prevalence and flight characteristics have allowed users to become creative with their use cases, creating a treasure trove of forensic data. However, DJI prefers to keep their drone ecosystem closely held by employing proprietary file formats, software/user data encryption, and withholding tooling capable of data analysis. This has driven the need for researchers and forensic examiners to create their own tooling capable of demystifying DJI’s data. This presentation covers topics related to accessing, parsing, and examining modern DJI drone data, evaluating the forensic investigation outcomes using both open source and advanced tooling.

Law Enforcement Media Analysis (LEMA)

9/29/2022 10:30 AM

Location
Studio 2B
Summary
- Introduction to LEMA o Based on IDOL o Successfully being used in England, Israel, Dubai o Productized version for North America - Extract Faces, People, Clothing, Make/Model/Color of Vehicles - License Plate Extraction - Facial Recognition - ALPR - Any size, file, format video / picture can be uploaded - Automated Workflow - Speed up investigations with less resources

The Power of EnCase

9/29/2022 10:30 AM

Location
Studio 2C
Speakers
  • Victor De La Pena
Summary
The increasing diversity, size and sophistication of digital media complicates evidence collection. Investigators need to be able to quickly image suspect devices, improve their efficiency and ensure forensic integrity. Learn about the new capabilities Tableau Forensic delivers in providing cost-effective, reliable, portable standalone forensic imaging of physical media for digital forensic investigations.

International Computer Tech Support Fraud Investigation

9/29/2022 10:30 AM

Location
Seminole Ballroom I
Speakers
  • Russel Chubon
    Task Force Agent Russell Chubon has more than 25 years of experience as police officer and detective and joined the Santa Clara County District Attorney’s Office as a senior detective. He is assigned to the REACT Task Force located in the San Francisco Bay Area which specializes in investigating complex technology and internet-based crimes. Detective Chubon holds a master’s degree in criminal justice from San Jose State University and is a United States Air Force veteran as an aircrew member on C141 Starlifter and KC10 Extender aircraft.

Lunch Buffet

9/29/2022 11:15 AM

Location
Seminole
Summary
Whose Slide is it Anyway?

APFS in depth. Everything you should know about APFS and did not want to ask.

9/29/2022 1:00 PM

Location
Seminole Ballroom I
Speakers
  • Derrick Donnelly - Principal Scientist

Exterro

9/29/2022 1:00 PM

Location
Studio 2B

ACE Computers

9/29/2022 1:00 PM

Location
Studio 2C

Coming Soon

9/29/2022 1:00 PM

Location
Hollywood East
Speakers
  • Kimo Hildreth - Manager, Digital Forensics
    Kimo is the Manager of Digital Forensics at Digital Mountain spearheading global digital forensics cases. He has over 30 years of experience in law enforcement, with the last 21 years working in high tech. Prior to joining Digital Mountain, Kimo was an investigator with the Ventura County District Attorney’s Office where he functioned as a digital forensic analyst and a Task Force Officer (TFO) on an FBI Cybercrimes Task Force in Los Angeles. Before joining the Ventura County District Attorney’s Office, Kimo worked for the Los Angeles County District Attorney’s Office (LADA) where he was first assigned, then managed, the Cyber Crimes Investigation and Computer Forensic Units. He also worked at BlackBag Technologies as a computer forensic analyst. At the LADA, Kimo was proud to have been, not just a founding member, but also one of the longest serving members, of the United States Secret Service Electronic Crimes Task Force. During his career in law enforcement, Kimo was responsible for supervising a cybercrimes investigative team, a digital forensic team, managing a digital forensic lab, managing an evidence room, recruiting and training personnel, conducting hundreds of digital forensic examinations, writing and reviewing hundreds of search warrants and providing testimony in state and federal courts. He holds a Bachelor’s Degree in Business Administration and a number of industry recognized certifications including an ACE, CFCE, CISSP, EnCE, GASF, GCFA, GCFE, GCTI, and GSEC. Additionally, Kimo obtained both federal and state governmental certificates from the U.S. Department of Defense, the U.S. Secret Service, the Federal Bureau of Investigation and the California State Department of Justice.

Break and Exhibit Hall

9/29/2022 1:00 PM

Location
Seminole

Presenter Heather Smith

9/29/2022 2:30 PM

Location
Seminole Ballroom I

The Signal: Investigations into Metadata to Catch Villains

9/29/2022 2:30 PM

Location
Studio 2B
Speakers
  • Jesse Spangenberger - Senior Security Developer
    Jesse Spangenberger has 20 years of information technology experience expanding government, military and civilian work; 20 years of military experience; and Iraq and Afgan war veteran. Currently, he works for Arctic Wolf Labs developing and implementing network detections across a wide range of complex environments. Jesse holds degrees in Cyber Security, Electronic Repair, and a Master's in Digital Forensics Science from Champlain College.
Summary
Metadata the sidekick of any investigation. It is hidden data surrounding any file within any electronics system. Every file people engage with today contains metadata that can be used to enhance investigation. The BTK Killer is probably the most famous case today involving metadata but also cases dealing with contracts and police warrantless searches involve the usage of the data. A dive into Duke Thomas, a.k.a The Signal–a fictional character in the DC Universe trained by Batman and an interest in investigations–will lead down a winding road of understanding an unknown hero and unsung power of metadata. Thomas joined the Batman family during DC Rebirth and remains Gotham’s daylight protector mirroring Batman’s as the Gotham’s nighttime protector. Thomas’ powers of will describe metadata, changing of the data, and following the data. The Signal is the embodiment of metadata and learning how to use this sidekick can greatly help solve the mystery we face in our investigations.

Digital forensics for video files: Identifying the source of unknown video files and new approaches to authentication

9/29/2022 2:30 PM

Location
Studio 2C

Performing Digital Investigations in the Cloud

9/29/2022 2:30 PM

Location
Seminole Ballroom I
Speakers
  • Thomas Yohannan - VP, Enterprise Client Relations
    Risk [Cyberinsurance | Security | Forensics | Law] I live where technology meets business and law. As an attorney with sales & technical partnerships skills, I focus on security, forensics and law (with a pinch of cyberinsurance). My passion for bringing products & services to market through a mix of strategy, research analysis and an understanding of risk and regulatory frameworks for high touch verticals helps enterprises companies succeed. From early stage tech firms (Cvent), to international leaders (UBS & Goldman Sachs) and industry giants (Cisco & Aon), I have been fortunate to spend my career crafting messages and growing bottom lines for some of the world's best IT solutions corporations. Education: USC J.D. | NYU M.B.A | Binghamton Univ. B.A.
Summary
'The workshop will encompass how to perform remote forensic collections from an on-premise device to a cloud platform. 1. How cloud platforms like Azure and AWS offer examiners new platforms and tools to leverage in their investigations 2. What forensic tasks are well-suited performing in the cloud, and which ones are still best performed on-premise 3. What legal or security challenges you should be aware of when performing investigations that involve data residing on-premise and the cloud.'

Break and Exhibit Hall

9/29/2022 3:30 PM

Trickle Down Effect

9/29/2022 4:00 PM

Location
Seminole Ballroom I
Speakers
  • Devon Ackerman - Regional Managing Director
    Devon Ackerman is Kroll Cyber's North America Practice Lead and Head of Incident Response services. His background is as a hands-on digital forensic and incident response investigator engaged by Clients and Law Firms globally to consult on matters ranging from corporate espionage to network intrusions to ransomware to data breaches. He draws extensive experience in the investigation and remediation of cyber-related threats, trends and tactics from his prior career with the FBI, but also from involvement in Kroll's nearly 3,000 annual investigations. Devon founded and manages AboutDFIR.com, one of the internet's leading Digital Forensic and Incident Response repositories of related knowledge and information sharing.
Summary
Walks an audience through threat actor tactics and the trickle down effect of APT and skilled groups down to the Organized Crime groups and the mass scale executions.

When the Phone Just Isn't Cutting It

9/29/2022 4:00 PM

Location
Studio 2B
Speakers
  • Dan Dollarhide - Sales Engineer
    Dan is the North American Sales Engineer at Oxygen Forensics, Inc. in Alexandria, VA. Dan spent 20 years in law enforcement with over 15 years in digital forensics. Adding to that crime fighting experience, Dan spent 5 years providing private forensic services and performing in-person digital forensics training all over the world.
Summary
'Pick the scenario. You have to prove or disprove something and your proof is locked away in a phone. The phone is encrypted and locked when you power it on. What to do? Try an exploit? Brute force the lock? Gather good intel about the owner. Maybe create a custom dictionary attack profile with which to attack that lock? This module demonstrates leveraging multiple technologies and attack vectors against locked devices. Just because the sign says go away doesn’t mean we give up.'

Collection and Analysis of Network Traffic from Mobile Apps and Websites

9/29/2022 4:00 PM

Location
Studio 2C
Speakers
  • Matt Danner - Founder
    Matt Danner is the Founder of Monolith Forensics and the creator/developer of Monolith, a case and evidence management platform for digital forensics teams. Prior to Monolith, Matt spent 10 years as a digital forensics professional and has worked for various public and private organizations.
Summary
Ever wondered what data is being sent and received by the mobile and website applications you use? We are going to cover the tools and techniques to employ when capturing and reviewing HTTP traffic sent and received by mobile applications (iOS & Android) and web applications. Topics will include HTTP and HTTPS basics, a review of API frameworks such as GraphQL and REST, an explanation of SSL and TLS proxy bypass, and little reverse engineering of mobile applications.

Cryptocurrency and OSINT

9/29/2022 4:00 PM

Location
Hollywood East
Speakers
  • Anthony Reyes - Managing Director
    Anthony is a former Detective of the New York City Police Department (NYPD) Computer Crimes Unit. He responded to and led investigations on numerous complex cases on behalf of the NYPD. Anthony's specific areas of focus include Cybersecurity risk management assessments and audits, incident response, digital forensics, cyber terrorism, data encryption, malware detection, cybersecurity, intellectual property theft, and financial crimes. He assisted in one of the largest intellectual property theft cases committed by foreign nationals in U.S. history.
Summary
Cryptocurrency and OSINT How to enhance your cryptocurrency and other investigations with OSINT.

Jam Session

9/29/2022 6:00 PM

Location
Backstage Cafe

Registration

9/30/2022 7:00 AM

Location
Seminole

Breakfast & Exhibit Hall

9/30/2022 8:00 AM

Location
Seminole Ballroom

What Google knows about you

9/30/2022 9:00 AM

Location
Seminole Ballroom I
Speakers
  • Danielle Ponce de Leon
  • Jessica Hyde - Founder
    Jessica is the founder of Hexordia and Adjunct Professor at GMU. She’s involved in community efforts including HTCIA, Marine Corps Cyber Auxiliary, DFIR Review, Cyber Sleuths Lab, SWGDE, OSAC, & FSI: Digital Investigations. Previous employment includes Magnet Forensics, Basis Technology, EY, American Systems, and proud veteran of the Marine Corps.
  • Romy Haas - Crime Analysts
    Romy Haas and Danielle Ponce de Leon are crime analysts at the Homicide Bureau on a large Southern California based law enforcement agency, and have over 30 years of service combined. For over ten years each, Romy and Danielle have provided investigative support in hundreds of homicide, missing person, and fugitive apprehension cases. Their work for Homicide Bureau allowed them to develop an expertise in the areas cell phone activity analysis and mapping, social media, and Google data analysis. They have testified as expert witnesses in over 60 murder trials and preliminary hearings. They introduced the Google reverse location search warrant their Homicide Bureau, and work tirelessly to keep the bureau up-to-date on ever changing digital evidence technology. Romy and Danielle have taught classes on digital evidence for detectives, and have presented at trainings and international conferences for crime analysts and homicide detectives on cell phone analysis, Google data analysis, and courtroom testimony. They have each received several awards and commendations for their hard work and dedication. Recently, Romy and Danielle have started their own law enforcement training company, R & D Investigative Support. At this time, they offer an 8-hour Google for Law Enforcement class. They will be offering a Cell Phone Investigations training in the near future.

Law Enforcement Investigations Analysis

9/30/2022 9:00 AM

Location
Studio 2B
Summary
- Introduction to LEIA o Based on IDOL - Link Investigations through all forms of Media o Pictures o Videos o Text - I2 Chart linking - For Investigators and Analysists

Investigation of Cyber Attacks Leveraging “False Flags”

9/30/2022 9:00 AM

Location
Studio 2C
Speakers
  • Christian Lees - Chief Technology Officer
    Chief Technology Officer (CTO) of Resecurity, Inc. Lees brings over 35 years of experience in the cybersecurity and information technology (IT) industry, with a proven track record of building technology for vulnerability assessment, intrusion detection, network security and DDoS mitigation at Trustwave, Level 3, MCI and IBM. Before joining Resecurity, Lees served as the CTO for InfoArmor, Inc. (acquired by AllState) for 12 years and most recently served as the CTO for Vigilante ATI (acquired by ZeroFox).
  • Selene Giupponi - Managing Director
    Selene holds a University Degree in Computer Engineering (University of Rome "La Sapienza", 2008), then she post-graduated in Computer Forensics & Digital Investigations (University of Camerino, 2009) along with the Ministry of Interiors (Italian Postal and Communications Police). Since 2008 she is a member of the Engineers Association in the Latina Province, and in 2009 she became member of its ICT Board of Directors. In 2012 she was among the core founders the Security Brokers. She operates as Witness Expert for the Digital & Mobile Forensics subject since 2008 (Technical Assessor at Civil Court and Criminal Court), working on domestic and international cases, and investigations.
Summary
'APT groups and advanced cybercriminals are widely leveraging “false flags” to complicate further attribution research and DFIR analysis by information security specialists. Investigation of such incidents require specific attention to aspects which may affect the collection of digital evidences and further conclusions in the result of their analysis. The presentation will cover past incidents involving such tactics, and experience of successful investigation shared with law enforcement organizations. Agenda: Introduction into “False Flags” (Why, How, For What) Examples of APT Campaigns leveraging “False Flags” Aspects to consider – TTPs, Origin of Attacks, “Legend”, Artifacts Geopolitical Elements (which may drive “False Flags”)'

Surviving a Ransomware Attack

9/30/2022 9:00 AM

Location
Hollywood East
Speakers
  • Ilia Lvovski - Senior Computer Forensics Investigator
    Data Recovery and Digital Forensics specialist with over 15 years of experience in private and federal sectors. Sr. Specialist, Digital Forensics at Bell Canada, full-time digital forensics Instructor with BCIT – Digital Forensics and Cyber Security program and President of HTCIA West Canada chapter. Ilia took part in large-scale investigations and joint operations on the federal level as part of the Canada Revenue criminal investigations division and worked with private clients from around the globe. Specializes in civil and criminal digital forensics investigations, data recovery and extraction from severely failed digital devices.

Break and Exhibit Hall

9/30/2022 10:00 AM

Location
Seminole Ballroom

Brian Carrier

9/30/2022 10:30 AM

Location
Seminole Ballroom I
Speakers
  • Brian Carrier
    Brian leads the cyber forensics team at Basis Technology, which builds incident response and digital forensics software. His responsibilities span product management, marketing, and sales. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team.

Merging into the Fast Lane with Vehicle and Mobile Data

9/30/2022 10:30 AM

Location
Studio 2B
Speakers
  • Kim Bradley - Forensic Consultant
    Kim Bradley retired from the Commonwealth of Kentucky where she worked the last nine years of her career as a Forensic Computer Examiner with the Kentucky State Police (KSP). Her state service before moving into digital forensics included positions in software development and database management. In addition to holding several certifications, Kim has degrees in Early Childhood Education, Computer Science and a Master of Science degree in Digital Forensic Science from Champlain College.
Summary
Analyzing similar artifacts from multiple evidence sources can be daunting and overwhelming. Mobile devices and vehicle extractions from the same case can be perplexing, often due to analogous data located (or not located) on both devices. Examiners are left with the arduous task of combing through this information to find artifacts of evidentiary value. In this session, we will navigate through the mobile and vehicle data to correlate contacts, look at event and geolocation data to determine timelines, level of involvement and locations of interest. Join me to learn how to shift your vehicle and mobile device examinations into the next gear!

The Key to Collecting Forensic Images

9/30/2022 10:30 AM

Location
Studio 2C
Speakers
  • Victor De La Pena
Summary
The increasing diversity, size and sophistication of digital media complicates evidence collection. Investigators need to be able to quickly image suspect devices, improve their efficiency and ensure forensic integrity. Learn about the new capabilities Tableau Forensic delivers in providing cost-effective, reliable, portable standalone forensic imaging of physical media for digital forensic investigations.

Forensic Analyses of Audio and Video Evidence

9/30/2022 10:30 AM

Location
Hollywood East
Speakers
  • Herbert Joe
    Managing Partner Herbert Joe, M.A., J.D., LL.M., B.C.F.E., C.F.C., D.A.B.F.E., D.A.B.L.E.E., F.A.C.F.E. Attorney Joe has 5 degrees, including 3 science degrees (B.S., M.A., M.S.) and 2 law degrees (J.D., LL.M.). His 34-year involvement in the area of forensic audio/video includes expert testimony in state and Federal courts in civil and criminal cases throughout the U.S., as well as overseas, giving regional, national and international (many CLE-approved) presentations, conducting research and authoring peer-reviewed publications and being interviewed or consulted with by various news and entertainment entities domestically and overseas.

Lunch & Exhibit Hall

9/30/2022 11:15 AM

Location
Seminole Ballroom
Summary
DFIR Rock Trivia

IBD

9/27/2022 8:00 AM - 9/30/2022 8:00 PM

Location
Immokalee Studio A

Applying Machine Learning to Challenging Digital Forensics Problems

9/30/2022 1:00 PM

Location
Seminole Ballroom I
Speakers
  • Chester Hosmer - Assistant Professor of Practice
    Chet serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching the application of Python and Machine Learning to advanced digital investigation challenges. Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine. He has 7 published books with Elsevier and Apress.
Summary
Machine Learning offers great promise when applied to digital forensics. The question is how can we apply Machine Learning to digital forensics to: identify key evidence, uncover correlations, expose behaviors, categorize when/where/how, pinpoint aberrant activities, and even recognize anti-forensics techniques. This is not a theoretical lecture, rather real examples of the application of Machine Learning applied to digital forensics challenges will be discussed and demonstrated. The demonstrations are based on the application of Python and key Python ML libraries. All examples will be provided to the attendees of the presentation.

Exterro

9/30/2022 1:00 PM

Location
Studio 2B

What are the modern methods of attack and how to fight against them using the role based approach in digital forensic education

9/30/2022 1:00 PM

Location
Studio 2C
Speakers
  • Savina Gruičić
    Savina graduated from the Faculty of Electrical Engineering and Computing, University of Zagreb, where she obtained a bachelor's and master's degree in Information and Communication Technology, Information Processing profile. Savina works in INsig2 as a senior consultant in the digital forensics department and is a certified EnCase, Oxygen, MCFE, CHFI, and CCME examiner, where she is primarily responsible for forensic training and client education and also for support during demanding and complicated investigations. Savina was involved in equipping and setting up several digital forensics laboratories. She has excellent knowledge of forensic tools and great experience with consulting in digital forensics investigations.
Summary
The lecture will cover some of the modern attack methods and case examples. The brief introduction into the wide area of digital forensics investigations will give an overview of how many specialized fields and aspects within digital forensics exist and highlight the importance of expert knowledge in each. The key factor in being up to date and keeping up with the technology advancements is continuous education. During the presentation, the participants will be given an overview of the existing and recommended specialized training courses for each job role involved in digital forensics investigations.

Shine a Light on the Dark Web

9/30/2022 1:00 PM

Location
Hollywood East
Speakers
  • Keven Hendricks - Detective
    Keven Hendricks is the founder of the Ubivis Project (UbivisProject.org / StopDarkwebDrugs.com). Serving in law enforcement since 2007, Keven has been on the front line of combating cybercrime since 2014, being a member of an Internet Crimes Against Children FBI Task Force from 2014 to 2018, and a member of a DEA cybercrimes Task Force from 2018 to 2021. He is a published author with the FBI Law Enforcement Bulletin on VoIP investigations as well as an instructor on dark web and cyber crimes for Street Cop Training and Federal Resources. He is an 3CE and 3CI by the NW3C, CCI by the Blockchain Intelligence Group, and is recognized as a Subject Matter Expert in the field through the CSIAC and previously presented at OSMOSISCon 2021
Summary
This presentation will deal with the ever changing landscape of the dark web: from terrorism, to fraud, to narcotics. It will show attendees how cases can properly be investigated on the dark web, dealing with the established dark nets like TOR and I2P, as well as the up and coming ZeroNet. Attendees will learn best practices for preserving evidence, as well as techniques to help bring the suspect out from behind the veil of the dark web and correlate a real world user. From cryptocurrency transactions, to end-to-end encryption messaging apps, everything will be covered in this presentation.

Break and Exhibit Hall

9/30/2022 2:00 PM

Location
Seminole Ballroom

ASOS Meeting

9/30/2022 2:30 PM

Location
Studio 2C
Summary
Academic Student Outreach Subcommittee

FinOSINT - Financial Open Source Intelligence

9/30/2022 2:30 PM

Location
Seminole Ballroom I
Speakers
  • Cynthia Hetherington - Founder and President
    Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a cyber investigations consulting, publishing, and training firm. With over two decades of expertise, Ms. Hetherington is a leader in due diligence, corporate intelligence, and cyber investigations. She is the author of three books on conducting cyber investigations and annually trains over 7,200 investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices. She shares her expertise in this increasingly data-intensive, cyber focused-world through the publication of an industry newsletter, an online blog, and by hosting the annual OSMOSIS Conference. Ms. Hetherington leads national and international investigations in corporate due diligence and fraud, personal asset recovery, and background checks. With a specialization in the financial, pharmaceutical, and telecommunications industries, her cyber investigations have recovered millions of dollars in high profile corruption cases—assisting on the investigations of the top two Ponzi cases in United States history. Ms. Hetherington shares her experiences and expertise as a keynote speaker and contributor at women-focused technology events and conferences across the U.S. She is an active member in the Women in Security Forum, the Women’s President Organization, and collaborates with The National Center for Women and Information Technology on drawing young girls into the field. Ms. Hetherington serves as a lecturer and mentor to CybHER.org and RocketGirls at CyberSpace Camps held at the Kennedy Space Center. In 2021, Ontic Center for Protective Intelligence honored Ms. Hetherington with the Protective Intelligence Pioneer Award. In 2019, she was honored with the Enterprising Woman of the Year Award by Enterprising Women Magazine and the CybHER Warrior Award by Dakota State University Madison Cyber Labs. Also in 2019, she was shortlisted for the coveted Women in IT New York’s Entrepreneur of the Year Award and named a finalist in the esteemed Ernst & Young LLP New Jersey Entrepreneur of the Year Awards. Ms. Hetherington is a recipient of the Association of Certified Fraud Examiners’ James Baker Speaker of the Year Award.
Summary
Open source intelligence is a well-covered area of expertise that covers any and many areas of content. Building on these skills, the instructor will focus on financial intelligence research practices. Finding data related to transactional information, crypto currency markets, and any opportunity to track down fraudulent operations through the surface to dark web. Learning objectives: (1) Define FinOSINT, (2) Identify marketplaces online that financial information may be located in open sources, (3) Identify resources used specific to online asset investigations.

Documenting Digital Evidence with Screenshots

9/30/2022 2:30 PM

Location
Studio 2B
Speakers
  • Richard Frawley
Summary
Join Rich Frawley, Director of Digital Forensics Training at ADF Solutions, as he discusses the current state of acquiring data from mobile devices and how to properly document screenshots when acquiring application or device-specific data. Investigators and examiners will walk away knowing screenshot basics, when screenshots should be employed, best practices, chain of custody, and how to make sure your evidence is reliable. This is a beginner-level session good for front-line investigators, examiners, prosecutors, and anyone involved in the processing and reporting of mobile evidence.

Coming Soon

9/30/2022 2:30 PM

Location
Hollywood East
Speakers
  • Bob Gaines - Director
    Bob Gaines brings over 24 years of experience working in the IT field, and has deep understanding of how cybersecurity can protect the confidentiality, integrity and availability of information systems in a regulated environment. He has an extensive background in security, supporting clients in fields such as Construction, Financial Services, Legal, Chemical Manufacturing, and Government. In addition to security and regulatory needs, Bob has also served as a first responder for incident response for clients with a cyber-attack or data breach. Bob has performed numerous incident response investigations and has extensive experience with digital and cryptocurrency forensics and eDiscovery.
Powered By GrowthZone