Where G33ks Gather

Abstracts & Bios

Virtual PFIC Portal
w
Network Virtually
Recordings Available

Until Dec 31st

PFIC 2023 Abstracts

Abstracts are listed in the order they show in the main agenda.

OSINT, not OSINFO  

Organizations seek rapid intelligence for critical situations. Yet when it comes to OSINT we find organizations spend hours, if not days, sifting through their data collections to get to the actionable intelligence. In this presentation we demonstrate how to collect curated data that can be immediately turned into situational intelligence, and eliminate 99% of the time spent on preliminary data analysis. The resulting posts, images, video, and even emojis can then be used to understand sentiment, activity hotspots, and ground truth surrounding the situation. Furthermore, all of this data can be combined to perform trending and predictive analysis in popular tools such as Power BI. Throughout the talk we’ll provide real-world examples and demonstrations. The goal is to provide attendees with “outside the box” ideas for formulating new approaches to performing situational OSINT for natural disasters, riots, geo-political situations, and business operations domestically and internationally.

Mike Raggo, CEO & Co-Founder, SilentSignals, Inc. 

Michael T. Raggo has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books co-authored with Chet Hosmer, and is a contributing author to Information Security the Complete Reference 2nd Edition. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; is a former participating member of FSISAC/BITS and PCI Council, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

Chet Hosmer, Co-Founder, SilentSignals, Inc. 

Chet serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges.  Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages.

Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, forensics, PowerShell, and IoT.

Windows 10 & 11 Artifacts 

Windows 10 & 11 are the most used operating systems in the world. Understanding the unique artifacts that can be found in their operating systems will help you find the smoking gun in your investigation. This session will focus on valuable artifacts, where to find them, and how you can automate the process through the use of different tools.

Dave Shaver, DFIR Professional

Dave Shaver has been a digital forensic examiner since 1999. He currently is working for the U.S. Government. He is short and sweet in bio, but full of artifacts in presentation.

ChatGPT and Other AI for Investigations

There are over 13 million individual active users visited ChatGPT per day as of  January 2023. This number will continue to grow. The work of ChatGPT has made a significant breakthrough in artificial intelligence and it is pushing other AI programs to emerge that can change the way we work and investigate information. So, what is this new AI, and how does it work? Are there certain risks and benefits that have to be weighed out prior to using and what are the implications for investigators, corporations, and the world as a whole?

Greg Kipper, Paraben Corporation

Greg is accomplished in the many areas that make up the world of cyber. From being an experienced solutions architect, emerging technology strategist, certified security professional, and five-time published author with strong practical experience in all aspects of information technology, cybersecurity, and proactive cyber threat response. As head of the Paraben consulting services, he maintains a wide range of knowledge. He is also a recognized cyber forensics expert and investigator who has worked on several high-profile cases including the Bernie Madoff scandal. Greg has also established himself as a creative and strategic thought leader in emerging information technologies gaining the attention and trusted advisor status with the CTO offices of the U.S. Army, Air Force, and Coast Guard as well as major financial institutions, Elsevier Publishing, and other Fortune 500 companies.  As part of the Paraben leadership core, Greg pushes to make sure we stay on the edge of trends and technology changes.

Starting a digital investigations practice

This seminar presents the author’s view and experiences that building and growing a digital forensic services practice requires that digital examiners integrate business best practices, forensic tools, and client needs to offer forensic services and deliverables to a significantly disparate group of clients.  Based upon this paradigm, the author presents a process/workflow aligned with specific forensic tools to drive an investigation to a forensic service-deliverable that increases profit, reduces or eliminates hourly billing, and enhances productivity by processing a case to produce the proper forensic analysis even when an attorney-client may not be aware of the possible deliverables or services.

Disparate Client Groups:  One of the unique challenges to a digital forensic business is the different products or service that must be aligned with different environments and stakeholders in each case. For example, the investigative scope of a forensic analysis of a company computer to produce an expert report as part of in-house investigation of theft of intellectual property is not aligned with—and may be an anathema to– a forensic analysis of a suspect’s personal home computer not yet subject to criminal indictment or search warrant.  The forensic deliverable in the in-house investigation would be aligned with anticipatory civil litigation, rules related to litigation, work product, attorney-client privilege, and with the political needs of various stakeholders, including IT Departments, data security officers, HR professionals, and members of a board of directors.  In the criminal investigation, however, a forensic examination – if any – would be aligned with rules of discovery and burdens of prosecutors versus defendants as well as limitations on interference/obstruction of justice or investigation. 

Investigative Model.  Digital Investigative Techniques are the subject of a recent Report IR 8354, NIST: “Digital Investigative Techniques:  A NIST Scientific Foundation Review” published November 2022.  The Report provides an example of digital forensic examination that seems to suggest that the “the techniques applied to a specific case depend on the type of information likely to be useful for understanding what happened.”  This appears to summarize a traditional, experience-driven investigative model.  This seminar will review data-centric models that identify anomalous behaviour that may easily escape detection in a traditional approach.  The author suggests that data-centric models, combined with Artificial Intelligence fine tuned over specific case data and forensic tool research may provide more accurate and quicker analysis of electronic data resident upon relevant electronic devices.

Forensic Tool Analysis:  Based upon the business environment characteristics discussed above, this seminar classifies forensic tools according to their functionality and their ability to align with a product or service deliverable.   While some tools enhance functionality (accessing a data source), other tools may create deliverables.   By successfully aligning a forensic deliverable with the correct tool, a forensic professional can increase profit

Automated Processing and embedded CRM:  In order to deliver forensic services/deliverables aligned with the environmental realities of the case, this author suggests acquiring forensic tooling and configuring same for each case.  In order to know the proper configuration, this author suggests a robust case intake process and supporting CRM in order to progress and monitor the case.  In order to maximize the profitability of each case, this author suggests the intake, monitoring, and processing be automated as much as possible, including the integration of forensic tooling and AI.

Don Wochna, Wochna Law Group

Mr. Wochna has written hundreds of articles related to ediscovery, Big Data, analytics, privacy, compliance, and the challenges to the legal profession raised by electronic information systems.   His books include “E-discovery:  Making the Computer Your Best Witness” published by Ohio Bar Association; and he is a frequent and lively speaker regarding electronic data issues.  He has testified before the Advisory Committee on Amendments to the Rules of Civil Procedure, and has been influential in shaping the process by which large sparse datasets are defensibly searched to produce relevant information without reliance upon agreed-upon search terms.  His writings regarding the expert nature of searching unstructured data such as email have been cited in text books related to e-discovery; and his advocacy of advanced data analytics is regarded as defining the cutting edge of the integration of law and technology.

Cybersecurity Caveats

How to build your own high-performance on-Prem cloud environment, using type-1 hypervisor technology with applied security! The following topics will be covered during this training discussion.

  • Hardware Speciation
    •  Server
    • Switching
  • Harden Host Server
  • Secure ecosystems (Guest OS)
    • SnapShot
    • Restore
  • Segmenting (Guests, Networks, and resources)
    • Firewall rules with IPTABLES
    • vLAN
    • Private vLAN
  • Deploy easy secure MFA
    • Remote Connection Broker

How a cloud environment can be used for anti-forensics by cybercriminals!

The majority of the principles applied here will work with the following type-1 hypervisors.

  • XenServer
  • ESXi
  • Oracle
  • KVM / Qemu

Sean Hulbert, Security Centric

CEO of Security Centric Inc.

Experience:

  • 35 Computer hacking
  • 30 years in Cybersecurity and Virtualization
  • 20 years in e-learning course development
  • Education: autodidact

Achievements:

  • Master designer in ISSA training from Jones and Bartlet ver. 1.0-3.0 Cybersecurity labs.
  • Built industries first Wireless (WiFi) hacking labs for remote learners
  • Designer and software Architect behind A.L.I.C.E. (Artificial Learning Intelligence Cyber Engagement), weaponized Ai with an attitude.

From the Digital Firehose, a Cyber Incident Responders Perspective

The primary point of contact for a computer security incident response team (CSIRT) has morphed over the last couple of years. The team lead has to be knowledgeable about a wide range of legal topics, technologies, threat intelligence, and business requirements. CSIRT Leads are viewed as a trusted advisor, a crisis manager, a risk manager and even a counselor during a computer security event. Attending this program will provide you a firsthand view on how a CSIRT leader handles negotiations with a threat actor, contains and eradicates threat actor persistence, leads a digital forensics investigation, and advises the senior leadership and  legal teams on findings from the investigation.

Stephen Ramey, GISP, Cyber Risk Engineer, Vice President, Sompo Pro

Stephen is the Cyber Risk Engineer for Sompo Pro. He joined Sompo Pro in October 2022 and brings over 15 years of cybersecurity consulting experience. In his role, Stephen is responsible for setting the technical guidelines for assessing cybersecurity controls from applicants, assisting in the development of cyber product offerings, and the research of cybersecurity controls for emerging technologies.

Prior to joining Sompo, Stephen was a Director of Advisory Services at Arete Advisors and helped companies secure their perimeter, test their operational procedures, and investigate unauthorized access. He has advised clients through ransom negotiations to recover decryption keys and investigate ransomware infections, unauthorized access to and data theft from AWS cloud accounts, and assessed organizations cyber security programs.

Stephen also serves as an advisory board member for the Ithaca College Cyber Security Certificate program. His previous employment includes startups specializing in cyber security and artificial intelligence, Deloitte, PwC, and EY. He holds a Masters of Business Administration from Fordham University and a Bachelor of Science in Computer Information Systems from Bentley University.

Social Media and Online Investigations: Identifying Unknown Individuals

Your team, your tools, or your client may need to locate a social media user of interest or concern. Your analysis of the profile may become challenging if the user does not reveal their real identify. The presenter will discuss how to harness the internet to identify the person or group behind an unknown username or alias. The presentation will include real case examples to demonstrate successful workflows.

Learning Objectives

  • Outline useful steps for identifying who is behind an alias or username
  • Explore case examples to retain those steps
  • Introduce future challenges

Matthew Golabek, Hetherington Group

online risk assessments, cutting through volumes of online data to deliver what the client wants, when the client needs it. As a senior investigative analyst, Mr. Golabek has a keen eye for extracting content from social media accounts, tracking activities, and monitoring subjects for clients from a wide range of industries, including pharmaceutical, technological, retail, and entertainment.

Mr. Golabek is a contributor to Hg’s newsletter, Data2Know, and has years of experience in the design, development, and delivery of specialized training to various organizations such as the Department of Defense, the FBI, ATF, DEA, and other state, local, or federal law enforcement groups. A key highlight of Mr. Golabek’s career was assisting in the world-class Operation Vax (OPVAX). OPVAX evolved into a collaboration of 75+ industry leaders and public agencies that collaborated at the height of the COVID-19 pandemic. Comprised of C-Suite healthcare, pharmaceutical, transportation, cybersecurity, and high-ranking Department of Defense personnel, they convened remotely over the course of 11 months, and their services led to the successful rollout of the vaccine home and abroad.

IoT Investigations the Return of the Data

IoT (Internet of Things) is growing faster than any other digital device for the last 5 years. These devices are returning to the forefront of our investigations with more and more of our lives connecting. Take a look at the process, data, and expectations of the data from their device. Enjoy the value of the chaos that exists from these devices and where they put you in both a forensic footprint and cybersecurity risk.

Learning Objectives

  • Handling of IoT data
  • IoT data risks to information
  • Available forensic data from IoT devices

Amber Schroader, Paraben

Over the past three decades, Ms. Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed numerous software programs, courses, and guides in the areas of recovering data from smartphones, computer hard drives, cloud, email, and gaming systems. Ms. Schroader established protocols for the seizure and processing of digital evidence that have been used by numerous organizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to digital forensics” and “Forensics of Everything-FoE” with her focus on unique problems in digital evidence and solutions. Ms. Schroader has been a huge industry influence in pushing for a big-picture consideration of digital evidence. An accomplished design architect, curriculum developer, and instructor; Ms. Schroader has written and taught numerous classes for this specialized field as well as founded multiple certifications. Ms. Schroader continues to support her through book contributions and other industry speaking engagements.

Case Study: Innocent After Proven Guilty: My Work With The Innocence Project

This talk will present a brief history of the Innocence Project and their work in freeing the wrongly convicted.  Two actual cases will be presented along with a discussion of the digital forensics evidence and techniques involved in each.  The current status of each case will also be shared.  The speaker will reflect on a career involving both prosecution and defense work.

Scott Inch, KASE Forensics

Scott Inch, Ph.D., CCE, is a lifelong educator and professor of both mathematics and digital forensics and cybersecurity at Bloomsburg University of Pennsylvania.  He is also a practicing digital forensics analyst and subject matter expert, who actively does both civil and criminal case work.  His research interests are file systems, mobile device forensics, and open-source intelligence (OSINT).

TRAINING DAY

End to End Digital Investigations: Computers, Smartphones, OSINT

Are you lost in what you should be looking for? Where the next step is and know how to get there? After the growth of more and more data into the realm of the digital it is time to take the data by the binary and figure out what you need. In this training, we will go through the processes used to move through the digital investigation process from the perspective of DFIR professionals, Cyber professionals, and OSINT professionals. Learn how to make that data your bow down the power you hold with knowledge and tool know-how.

Amber Schroader, Paraben

Over the past three decades, Ms. Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed numerous software programs, courses, and guides in the areas of recovering data from smartphones, computer hard drives, cloud, email, and gaming systems. Ms. Schroader established protocols for the seizure and processing of digital evidence that have been used by numerous organizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to digital forensics” and “Forensics of Everything-FoE” with her focus on unique problems in digital evidence and solutions. Ms. Schroader has been a huge industry influence in pushing for a big-picture consideration of digital evidence. An accomplished design architect, curriculum developer, and instructor; Ms. Schroader has written and taught numerous classes for this specialized field as well as founded multiple certifications. Ms. Schroader continues to support her through book contributions and other industry speaking engagements.

Kevin Fisher, Paraben

Kevin Fisher has been a driving force behind the heart of technology at Paraben. Serving as the senior support engineer for over a decade. He had a long history of understanding of all the processes and issues that happen in the world of digital investigations. While at Paraben he has lead the team that provides top notch support and testing of day-to-day issues that are faced by professionals in the digital investigations field.