Techno Forensics 2009 Agenda: Tuesday October 27, 2009
|
|
|
|
|
Panel 4: Looming On The Horizon - Moderator: Susan Ballou Program Manager Forensic Science NIST Panel Members: Sam Brothers, Howard Schmidt, and Eric Thompson 10:00 - 11:00 AM
Panel IV: Looming On The Horizon Building from the past, new technologies are within our reach but gaps and concerns still exist. The select experts will cover a broad range of topics that will intrigue and instill discussion. Moderator: Susan Ballou. B.S., M.A. Program Manager for Forensic Science in the Office of Law Enforcement Standards National Institute of Standards and Technology (NIST) Panel Members: Sam Brothers:US Customs and Border Patrol Howard Schmidt: retired(Chief Security for eBay & Microsoft; Chief Secuirty Strategist for DHS Eric Thompson: AccessData
Panel 5: Legal Weapons of the Future - Moderator: Jody Westby - CEO Global Cyber Risk, LLC - Panel Members: Anthony Reyes, Chet Hosmer, Joe Schwerha, Art Ehuan 11:00 AM - 12:00 PM
Panel V: Legal Weapons of the Future "Legal Challenges & Potential Solutions for the Future of Digital Investigation" This panel will explore the numerous legal challenges that increasingly arise in digital investigations, including privacy and cross-border data issues, chain of custody, admissibility of evidence, integrity of data, expert testimony, and special issues associated with data on minors and child pornography. The international aspects of digital forensic investigations and considerations with respect to varying legal frameworks will be woven throughout the discussion. The panel will discuss the substantive issues as well as potential technical solutions, while highlighting future trends and problems in digital investigations. Moderator: Jody Westby, B.A. CEO Global Cyber Risk, LLC Panel Members: Art Ehuan: Director, Forward Discovery Anthony Reyes: CEO, The ARC Group NYC Joseph Schwerha IV: CEO, Trace Evidence LLC Chester Hosmer: Senior Vice President and Chief Scientist, Wetstone Technologies A Division of Allen Corporation of America
|
Virtual Worlds - Real Dangers - Joseph Rampolla, Parkridge Police 10:00 AM - 12:00 PM
|
Hidden Areas On Hard Drives - James Wiebe, Consultant - WiebeTech, a brand of CRU-DataPort 10:00 - 11:00 AM
Encryption -- session 1, essentials for the investigator - James Wiebe, Consultant - WiebeTech, a brand of CRU-DataPort 11:00 AM - 12:00 PM
|
Cyber Warfare Awareness by CWFI (The Cyber Warfare Forum Initiative) - Paul V de Souza, CWFI Owner/Founder 10:00 - 11:00 AM
Our mission is to promote Cyber Warfare awareness within the U.S Military, U.S Government, U.S private companies and U.S Citizens. Such mission is to be extended to all U.S allies all over the world with the intent of guarding our cyber freedoms and protecting our way of life. The Cyber Warfare Forum Initiative (CWFI) promotes innovation, unity and collaboration of various cyber security communities of interest all over the world. Our mission will be accomplished by active engagement of our team members in the fields of education (conferences and training), information sharing (forums, reports and news) and partnerships with the military, government and private sector. We invite all to join us in the fight for a safer cyberspace where confidentiality, integrity and availability rest assured. Under one umbrella of collaboration and knowledge, we can make a difference. We have a very unique group of professionals. All suggestions, feedback, comments, and ideas are more than welcome! We ask that you please keep your posts relevant, diplomatic and civil. Please feel free to contribute with your knowledge to our endeavor to help IT professionals and Cyber Warriors understand and secure Cyberspace.
FTK 3.0 Demonstration - Eric Thompson - AccessData 11:00 AM - 12:00 PM
Eric Thompson will be demonstrating several new 3.0 capabilities and discussing how they have re engineered the product to perform up to 10 times faster on a variety of hardware systems, including that legacy 32x dual core hardware so common in underfunded forensics shops everywhere.
|
Investigations involving WiFi networks - Steven Branigan - CEO - CyanLine 10:00 - 11:00 AM
WiFi networks are all around us, and are presenting unprecedented challenges for law enforcement. For example, open WiFi networks can easily allow: “piggy backing” where users jump on networks that are not their to access illicit content or make anonymous threats. Further, open wifi networks allow suspects to claim that “some other computer” used their bandwidth to commit the crime. Learn some key characteristics to identify individuals that are using or have used open wi-fi networks. People can also deploy wireless disk drives and wireless cameras which can contain valuable data to support investigations. Learn how to identify if these devices are in use — and how to physically locate them. Objective: In this session, Steven will cover some tools for use in a WiFi based investigation, including; AP-Finder Kismet Wireshark. Steven will also cover some techniques for WiFi investigations to consider, and relate his experiences with WiFi and the courts.
Technology: The Ultimate Digital Acquisition Tool to Aid in the Fight Against Computer Crime - Neil Broom - Director Forensic Marketing - Intelligent Computer Solutions, Inc 11:00 AM - 12:00 PM
Abstract: Today Digital Evidence Labs and Computer Investigators in the field face new challenges and have a very strong need to keep up with the overwhelming amount of computer crime. The requirements are broad and can range from quickly and securely previewing or acquiring digital evidence to the proper preservation, storage, and transportation of this digital evidence. More than ever, Law Enforcement and Government Agencies are turning to technology to solve these problems and are recognizing the crucial key it plays in overcoming the challenges they face everyday. However, in times that require getting the most “bang for the buck” from shrinking budgets, how can Digital Labs and Computer Crime Investigators be assured that they are choosing the tools that can provide the best functionality as well as those which will help them maximize time and resources? Objective: In this session, you will learn the latest technologies in Forensic Imaging available today. Learn the easiest ways to store and manage your digital evidence images, and how to effectively protect your sensitive data during handling or transportation. Additionally, you will learn how to overcome the day to day in-house and in-the-field challenges of the data acquisition process and how to automate and facilitate your forensic imaging projects.
|
Digital Investigation the Road Ahead Technology Demonstrations 10:00 - 11:00 AM
Each hour throughout the conference the lab room will be host to a variety of technologies and their associated demonstrations. These demonstrations will consist of existing technologies from Allen Corporation, WetStone Technologies, and Cyber Security Technologies, as well as future investigative technologies. Topics of interest include, digital time stamping, host monitoring, volatile data acquisitions, static and polymorphic malware analysis, and future threats. Some concepts within the room are developments under contract with the National Institute of Justice. Note: This session is open to everyone and will have the same content throughout each day so that everyone will have an opportunity during the conference to attend the session that fits into their conference schedule.
Digital Investigation the Road Ahead Technology Demonstrations 11:00 AM - 12:00 PM
Each hour throughout the conference the lab room will be host to a variety of technologies and their associated demonstrations. These demonstrations will consist of existing technologies from Allen Corporation, WetStone Technologies, and Cyber Security Technologies, as well as future investigative technologies. Topics of interest include, digital time stamping, host monitoring, volatile data acquisitions, static and polymorphic malware analysis, and future threats. Some concepts within the room are developments under contract with the National Institute of Justice. Note: This session is open to everyone and will have the same content throughout each day so that everyone will have an opportunity during the conference to attend the session that fits into their conference schedule.
|
|
Panel 6: The Future of Mobile Device Forensics - Moderator: James Darnell, USSS Panel Members: Bill Jeitner, Rick Mislan, Amber Schroader, Dr. Sujeet Shenoi, Michael Harrington 1:00 - 2:00 PM
Panel VI: The Future of Mobile Device Forensics Today’s high tech environment presents new challenges to law enforcement as criminals exploit technology to threaten our banking, financial and critical infrastructures. As a result, law enforcement has been propelled into technologically unfamiliar terrain requiring highly specialized skills and innovative applications of traditional investigative strategies. It is imperative that agents and officers who focus on combating cyber crime receive equipment, tools, and training that allow them to keep pace with advancements in technology. Panelists include several cell phone forensic hardware/software vendors. The panel will focus on what new avenues the vendors are exploring to keep pace with cell phone manufacturers and new mobile device privacy technology. Moderator: Special Agent James Darnell, U.S. Secret Service, Administrator U.S. Secret Service Cell Phone Forensic Facility Panel Members: Bill Jeitner: CEO, BKForensics Rick Mislan: Purdue/Fast Forensics Dr. Sujeet Shenoi: University of Tulsa Amber Schroader: Paraben Corporation Michael Harrington: Micro Systemation
|
Psychodynamics of the Virutal World: The Allure of the Darkside - Andrew Yeager - School Psychologist , Park Ridge High School, Park Ridge, New Jersey 1:00 - 2:00 PM
Architecture of Botnets - Andre DiMino - ShadowServer 2:00 - 2:30 PM
|
Encryption -- session 2, how to properly plan for an encrypted - James Wiebe, Consultant - WiebeTech, a brand of CRU-DataPort 1:00 - 1:45 PM
WiebeTech Tools Overview - James Wiebe, Consultant - WiebeTech, a brand of CRU-DataPort 1:45 - 2:30 PM
|
CASUAL CYBER CRIME: The Fine Line Between Social and Criminal Use - Brian Baskin 1:00 - 1:45 PM
We're living in an age of devices and applications that push the boundaries of dreams, an age of instant gratification, but also the age of Digital Rights Management and Copyright laws. With questionably illegal modifications becoming simple enough for children to use, where does the line get drawn between squeezing more functionality out of your digital devices and software and breaking felony laws? In this talk attendees will explore the justifications and rationales behind the use of questionable hardware and software modifications and understand the mentality behind why their use is rapidly catching on in the general population.
THE MYTHS OF COMPUTER FORENSICS, INCIDENT RESPONSE, AND NETWORK SECURITY - Walter Barr - CSC 1:45 - 2:30 PM
The myths of Computer Forensics/Network Security and Incident Response by Walter ‘Wally’ Barr Computer Forensic Professional/Network Security Engineer for Computer Sciences Corporation (CSC). Walter will draw from his over 12 years in the computer industry and his 30 years of business and military experience to present this topic. This talk will focus on the myths and realities of real world of computer forensics , network security and incident response. It will expose the marketing mumbo jumbo and smoke blown by so called industry subject matter experts and get to the facts that will help you in Computer Forensics/ Network Security and Incident response to give you the facts to set your career in positive direction.
|
Cyberwarfare Begins with Passion: Did Someone Awaken a Sleeping Cyber Giant? - Dustin L Fritz - CEO -The Computer Network Defense Group 1:00 - 1:45 PM
Do we have a Cybersecurity Czar yet? Hmm…this presentation will discuss and recap Cyberwarfare events in the last 5 months and present some interesting findings. “After sea, land and air warfare, traditional arch rivals India and Pakistan are now facing each other in another arena. With evolution of technology over the period another kind of war has been started by Indians with Israeli help against Pakistan since last few years and that is Cyber warfare. Cyber warfare is complex, more penetrating and detrimental than conventional warfare, fought on cyberspace using different tactics like Cyber espionage, Web vandalism, Gathering data, Distributed Denial-of-Service Attacks, Equipment disruption, attacking critical infrastructure, Compromised Counterfeit Hardware etc. The Internet security company McAfee stated in their 2007 annual report that approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities.” -Farzana Shah
The Line Between Divinity and Deception: A Cybersecurity Mentorship Program - Dustin L Fritz - CEO -The Computer Network Defense Group 1:45 - 2:30 PM
Abstract: How do you comprehensively and accurate mentor and tutor a person while providing actionable recommendations for advancing their career and expertise in cybersecurity? A Cybersecurity Mentorship Program follows people not technology. A personalized plan outlines each individual not certifications. In this presentation you will learn the good, bad and the ugly of Cybersecurity Mentorship and how you can begin and/or excel in your Cybersecurity career interests. Objective: Our objective is to encourage your skills as a leader, analyst and security professional to think outside the box and give you that strategic passionate edge. By sharing our own experiences and talk with you to create your own unique learning experience, we aim to create a fun, exciting, and fulfilling learning opportunity for you that will last forever. As the Internet grows and technology advances we have seen firsthand what most organizations do when it comes to network security…talk about it then do nothing, or worse put someone in charge that has little to no passion or experience in the position of protecting computer networks! We see the obvious need for a new strategy… a fundamental change by way of revolutionary defenses - igniting the fire in the people who conduct cybersecurity! How can people be motivated to defend their computer networks? To continually strategize and execute security measures? The objective of this presentation is to present evidence of what cybersecurity mentorship is, how it works, the pit falls, and the success. Promoting a newfound inspiration in your organization, and more significantly to ingrain the importance of keeping pace with security needs which will have a positive impact on your business’ bottom-line.
|
Digital Investigation the Road Ahead Technology Demonstrations 1:00 - 1:45 PM
Each hour throughout the conference the lab room will be host to a variety of technologies and their associated demonstrations. These demonstrations will consist of existing technologies from Allen Corporation, WetStone Technologies, and Cyber Security Technologies, as well as future investigative technologies. Topics of interest include, digital time stamping, host monitoring, volatile data acquisitions, static and polymorphic malware analysis, and future threats. Some concepts within the room are developments under contract with the National Institute of Justice. Note: This session is open to everyone and will have the same content throughout each day so that everyone will have an opportunity during the conference to attend the session that fits into their conference schedule.
Digital Investigation the Road Ahead Technology Demonstrations 1:45 - 2:30 PM
Each hour throughout the conference the lab room will be host to a variety of technologies and their associated demonstrations. These demonstrations will consist of existing technologies from Allen Corporation, WetStone Technologies, and Cyber Security Technologies, as well as future investigative technologies. Topics of interest include, digital time stamping, host monitoring, volatile data acquisitions, static and polymorphic malware analysis, and future threats. Some concepts within the room are developments under contract with the National Institute of Justice. Note: This session is open to everyone and will have the same content throughout each day so that everyone will have an opportunity during the conference to attend the session that fits into their conference schedule.
|
|
Panel 7: Training the 21st Century Investigator - Moderator: Lili Johnson - Dean of Central Piedmont Community College - Panel: Steven Hickey, Leighton Johnson, John Metil 3:00 - 4:00 PM
Panel VII: Training the 21st Century Investigator The unfortunate truth is that those who purpose to use computers and cyber technologies to commit criminal activity have too often left investigators behind, struggling to discover how to track, apprehend, and ultimately convict them. A large part of the answer to this issue lies in effective training. Panel members will discuss theory, strategies and methods for conducting relevant and meaningful training for investigators who must strengthen their skills in order to be successful. Moderator: Lili Johnson> Associate Dean Central Piedmont Community College Panel Members: Steven Hickey Leighton Johnson John Metil
|
Virtual Worlds - Increasing the Surface Area of Malware Distribution - Andre DiMino – ShadowServer 3:00 - 4:00 PM
2nd Life/Next Generation - Andre' M. DiMino, Joseph Rampolla, Andrew Yeager 4:00 - 5:00 PM
Andre' M. DiMino is the Co-founder & Director of the Shadowserver Foundation, a non-profit organization that gathers, tracks, and reports on malware, botnet activity, and electronic fraud. He has over 20 years experience in IT operations and computer system management, with his primary focus being on network and data security. His role within Shadowserver involves him in the direct research and analysis of malware and network traffic analysis, botnet research. attacker methods and techniques, and honeypot technology, Andre' also leads and provides overall direction to each segment of the Shadowserver operation. Before his Shadowserver days, Andre' worked as application engineer, system & network designer/administrator, and corporate consultant. His consulting work focused primarily on penetration testing, detection and defense strategies, network security monitoring, risk assessment, and digital forensics. Andre' holds a BSEE from Fairleigh Dickinson University and the CISSP, GCIH, GREM, and GSEC certifications. He is a member of ISSA and the SANS Advisory board, as well as HTCIA, and FBI Infragard. He has been a speaker and moderator at various security conferences and roundtables. Joseph Rampolla has been a law enforcement officer for fourteen years. In 1994 he received a Masters of Arts degree in Criminal Justice from John Jay College in New York City. Joseph holds a Bachelor of Arts degree in Law & Society from Ramapo College of New Jersey. He became a police officer in 1995 and currently holds the rank of Lieutenant for the Park Ridge Police Department. He has supervised numerous criminal investigations within the department and oversees the Detective Bureau. In 2003 he was assigned to the Bergen County Prosecutor's Office Computer Crimes Task Force. He has successfully completed training offered by county, state and federal agencies as well as leading technology companies with a focus in the areas of computer forensics, Internet child exploitation, human trafficking, sex related crimes and Peer-to-Peer file sharing investigations. He is a member of the HTCIA, HTCC, and IACIS where he has earned the classification of Certified Forensic Computer Examiner (CFCE). Joseph enjoys teaching advanced undercover IRC investigations in a lab environment. He is a national speaker on the topic of cyber crimes, virtual worlds, and cyber bullying. Joseph is affiliated with the Shadowserver Foundation, a non-profit organization that gather, track, and report on malware, botnet activity, and electronic fraud. Andrew Yeager is a New Jersey state certified School Psychologist and Student Assistance Coordinator, presently working in the Park Ridge School District in Park Ridge, New Jersey. He is also a consultant for the Center for Alcohol and Drug Resources; a state representative to the New Jersey Association of Student Assistance Professionals and the founding member and coordinator of the Bergen County Association of Student Assistance Professionals. Andrew is a member of the Park Ridge Municipal/D.A.R.E. Alliance; and a lead responder for the Bergen County Traumatic Loss Coalition. Andrew has worked as a therapist specializing in addictions for the past 30 years. Prior to working in the public school setting, he spent 15 years working in residential treatment programs for adolescent and adult substance abusers. Andrew lectures extensively and conducts trainings on issues related to addiction, virtual worlds, bullying, Internet safety, risk perception, and suicide prevention for school faculties, counselors, law enforcement agencies, students, parent groups, and other organizations. He has written several educational programs and instructional manuals for DWI prevention and Internet safety programs.
|
Digital Forensics -- Tools To Make Your Job More Efficient - Randy Barber (CEO), & James Wiebe, Consultant - WiebeTech, a brand of CRU-DataPort 3:00 - 5:00 PM
|
THE FIRST 120 - Mr. Dale Beauchamp, Branch Chief Digital Forensics - Transportation security Administration (TSA) 3:00 - 4:00 PM
“The First 120” This topic references the use of live forensics during an incident response to investigate any given incident from report to containment in 2 hours or less. Similar to solving murder cases in the first 48 hours it is crucial to investigate incidents to closure quickly and completely. This technique answers both the pressure from management and the need to accurately eject attackers from the enterprise. Use of this rapid response technique has been a proven effective method in limiting the time attackers have to dig in and change their tactics to avoid detection. The tools and processes to meet this task will be discussed in detail to include a real world case example.
METASPONSE: Incident Response with Metasploit - Marcus J. Carey - Director of Innovation, Saecur 4:00 - 5:00 PM
The Metasploit Project has drawn the ire of many security professionals. The project maintains that it exists to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. While many may argue the merits of Metasploit, the fact remains it is one of the best free and open source security related projects on the planet. Instead of fighting these type of projects we can embrace what works for security professionals. In this talk I will show security professionals how to harness to power of Metasploit for incident response.
|
iPhone Forensics, The Good, Bad and The Ugly. - Sean Morrissey -Computer Forensics Anaylst 3:00 - 4:00 PM
Since 2007 and the release of the Apple iPhone. Cell Phone forensics was given a new challenge. The iPhone is for all intensive purposes, a mobile computer. Gathering information from the phone has sparked serious debate. Two camps have evolved, those that support Jailbreaking, and those that see it as an illegal and often destructive act. This discussion will cover non destructive means of recovery and analysis.
Mobile Device (Cell Phone/PDA/GPS) Data Extraction Tool Classification System - Sam Brothers - CBP - Director of Digital Forensics 4:00 - 5:00 PM
Abstract: This presentation will impact the field of digital/multimedia forensics by providing a common framework for digital device data extraction tool classification system for the entire digital forensics community. Our world has been saturated with inexpensive digital devices today. We use these digital devices to stay in contact with friends, (e.g., phone calls and text messages) and help us find our way (e.g., GPS devices). These digital devices have become ubiquitous in our society. Criminals use these devices to aid them in committing crimes. From using GPS devices for human and narcotics smuggling to using cell phone text messaging to coordinate attacks and communicate orders in organized crime. These devices contain a wealth of information and intelligence for investigators of crimes. The field of digital device forensics is in it\'s infancy at this time. The digital forensics community needs a framework (common baseline of understanding) for the classification and understanding of the plethora of tools released into the commercial marketplace in the last 5 years. A lot of false advertising has occurred, and many practitioners in this field are yearning for an understanding of how these tools work. It is also critical that the practitioners in this field understand how these tools will impact their evidence collection process. I will \"peel back the curtain\" allowing you to see what is going on \"behind the scenes\" of these tools. I will present a framework and classification system for these tools to provide a better understanding for digital forensics practitioners. Objective: After attending this workshop, fellow digital forensic practitioners will be able to categorize any mobile device acquisition tool in a systematic classification system. In addition, an overview of all commercial tools for Cell Phone data extraction currently available will be discussed.
|
Digital Investigation the Road Ahead Technology Demonstrations 3:00 - 4:00 PM
Each hour throughout the conference the lab room will be host to a variety of technologies and their associated demonstrations. These demonstrations will consist of existing technologies from Allen Corporation, WetStone Technologies, and Cyber Security Technologies, as well as future investigative technologies. Topics of interest include, digital time stamping, host monitoring, volatile data acquisitions, static and polymorphic malware analysis, and future threats. Some concepts within the room are developments under contract with the National Institute of Justice. Note: This session is open to everyone and will have the same content throughout each day so that everyone will have an opportunity during the conference to attend the session that fits into their conference schedule.
Digital Investigation the Road Ahead Technology Demonstrations 4:00 - 5:00 PM
Each hour throughout the conference the lab room will be host to a variety of technologies and their associated demonstrations. These demonstrations will consist of existing technologies from Allen Corporation, WetStone Technologies, and Cyber Security Technologies, as well as future investigative technologies. Topics of interest include, digital time stamping, host monitoring, volatile data acquisitions, static and polymorphic malware analysis, and future threats. Some concepts within the room are developments under contract with the National Institute of Justice. Note: This session is open to everyone and will have the same content throughout each day so that everyone will have an opportunity during the conference to attend the session that fits into their conference schedule.