Wednesday September 15

8:00 AM to 9:00 AM

Session Title

New Digital Evidence in Review Computers, Smartphones, IoT

Data has been in an evolutionary cycle with our digital fingerprints getting larger and larger. Each year marks a new level that our digital investigations must strive to for the capture of the elusive information. Take a moment to review some of the new data sources that can impact your investigation and potentially make or break your case. 

Speaker Bio

Amber Schroader, CEO & Founder, Paraben Corporation
Throughout the past two decades, Ms Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed over two-dozen software programs designed for the purposes of recovering digital data from mobile phones, computer hard drives, email, and live monitoring services. Ms. Schroader has taught and designed the established protocols for the seizure and processing of digital evidence that has been used by numerous organizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to digital forensics” as well as started the momentum and push to the “Forensics of Everything-FoE” with her focus to unique problems in digital evidence and solutions. Ms. Schroader has been a huge industry influence in pushing for a big-picture consideration of the digital evidence and the acquisition process and analysis techniques used. An accomplished curriculum developer and instructor; Ms. Schroader has written and taught numerous classes for this specialized field as well as founded multiple certifications. Ms. Schroader continues to support through book contributions and other industry speaking engagements.

9:00 AM to 10:00 AM

Session Title

Introduction to Hacking Web Applications & Pen Testing

Unless you’ve worked as a professional penetration tester, the actual process of testing an application and generating and delivering a
report is probably a mystery to you. Some web applications are quite big – where do you even start?

As a Security Consultant, I test new applications every week or every other week while maintaining a high level of consistency and quality. This is not something I was able to do when I started, and it was developed through effective training and experience.

In this talk, I’ll describe how to approach a professional web application penetration test, including where in the application to start, what kinds of tests to do, and how to know when to stop. I’ll talk through several tools and processes that help me to focus my efforts on certain parts of the application without losing significant coverage on the rest of it.

By the end of this talk, you should have a good foundation for becoming a penetration tester and understanding why applications fail and how to find the issues about which your clients care most.

Speaker Bio

Scott Miller, Accenture
Scott Miller is a Security Consultant at Accenture and performs vulnerability assessments and penetration tests for Accenture’s clients, with his favorite domains being network and web. He enjoys traveling and attending conferences and recruiting events related to security and/or diversity and inclusion.  Scott also enjoys fitness and doing activities like kayaking, hiking, and boxing.

10:30 AM to 11:30 AM

Session Title

The Role of Digital Forensics in Spectrum Warfare

Rapid developments in information and communications technology have resulted in increased innovations in terms of warfare. From World War II signal technology like jamming became a mainstay in warfare; electronic warfare became virtually an integral part of the war. By the 2000s there was an increasing use of cyberspace in warfare (i.e. cyber warfare) and the emergence of attacks like Stuxnet which did not target information systems, but physical infrastructure; and tensions between Russia and its neighbors resulting in Ukraine’s power grid being brought down by Russian cyber attacks. As of 2019, the US Army merged its electronic warfare and cyber warfare operations as a result of developments in the battle spectra.

Digital forensics has a key role to play in modern-day warfare. Digital forensics tools can be used for monitoring and intelligence, as well as investigating how an attack was carried out. Digital forensics can greatly improve a nation’s dominance of the electromagnetic spectrum giving it the upper hand whether in terms of defense or offense.

Speaker Bio

Dauda Sule

Dauda Sule is a Certified Information Systems Auditor (CISA) with an M.Sc. in Computer Security and currently lectures in the Cyber Security Department of Air Force Institute of Technology, Kaduna. He has over five years of experience in the Nigerian banking industry and has been involved in training and consulting pertaining to information management, security, assurance and control; finance; fraud prevention and detection; and anti-money laundering/combating terrorist financing.
He is a continuous learner with a passion for Information Security, Assurance, and Control. He has authored and written articles for eForensics Magazine as well as ISACA Journal and has also delivered workshops related to Digital Forensics and eDiscovery for eForensics Magazine among others.

11:30 AM to 12:30 PM

Session Title

Social Engineering in 2021

• Introduction
• Case Studies
• Potential Victims of Social Engineering
• The Dangers of Successful Social Engineering Campaigns
• Types of Social Engineering Attacks
• Preventive Measures Against Social Engineering
• Reactionary Steps for Victims of Social Engineering
• Prognosis of Social Engineering in 2021

Speaker Bio

Christopher Salgado

Christopher Salgado is a highly accomplished and trusted security and investigations leader with more than 19 years in cyber and physical investigations as well as security. Throughout his career, he has effectively assisted several companies, including Fortune 50 companies, in various capacities, including via the installation of numerous innovative and efficient processes in the topics of investigations, security, brand protection, threat management, business continuity, intelligence, operations, recruiting, customer service, employee morale, and leadership. The companies that have benefitted from his services span across the spectrum of industries, including social media, pharmaceutical, luxury brands (clothing, jewelry, etc.), consumables, automotive, electronics, film production, streaming services, entertainment, and insurance. He has also assisted investigations firms and law firms across the globe. Christopher Salgado is a contributing author to PI Magazine on cyber and social media investigations and a member of the London Speaker Bureau.

• Co-Founder of All Points Investigations, LLC, a global cyber and physical investigations firm.
• Former managing investigator at Facebook.
• Featured in multiple interviews and articles on effective cyber and physical investigations.
• Christopher Salgado has trained numerous investigators, members of law enforcement, corporations and law firms globally on effective cyber and physical investigations.
• Christopher Salgado currently offers aggressive cyber investigations training to investigators and companies across the globe.

1:30 PM to 2:30 PM

Session Title

Reviewing Data for Beach Notifications

Join James and Warren as they discuss the process surrounding data mining and review following a cyber incident. The conversation will cover data collection post forensic analysis, the use of technology to identify sensitive material as well as strategies to reduce populations requiring review. Additionally, the panel will discuss review strategies focused on creating efficiencies in downstream workflows such as jurisdictional analysis and notification.

Speaker Bio

Warren Kruse, Consilio

Warren Kruse is a vice president with Consilio, an eDiscovery and document review service provider. He has spent the last thirty years between law enforcement and as a consultant supporting various agencies with incident response, computer forensics, and eDiscovery.

Warren, co-author of “Computer Forensics: Incident Response Essentials”, is the past International President of the High Crime Investigative Association (HTCIA) and Past President of the Digital Forensics Certification Board (DFCB).

He has supported projects across a wide range of major U.S. corporations and agencies. In addition, he led a team of computer forensic experts in a three-year engagement in support of a fraud investigation task force at the world’s largest international cooperative organization. Recipient of the HTCIA “High Tech Case of the Year” award, Kruse was recognized for his forensic analysis conducted on a case surrounding the theft of intellectual property and trade secrets on the billion-dollar “Comtraid” matter; was a court-appointed expert, and testified as a computer forensic expert for the US Securities and Exchange Commission (SEC).

He has a Master of Science, Digital Investigation Management and a Bachelor of Science, Digital Forensics from Champlain College.

Speaker Bio

James Jansen, Consilio

James Jansen leads Cyber Incident Response Services at Consilio, a global leader in eDiscovery and consulting services.

As the Global Lead of Cyber Incident Response Services and senior member of Consilio’s Client Services team, James focuses on helping clients and their counsel develop and implement effective strategies based on the needs of their matter.

With more than a decade of legal and eDiscovery experience, James has consulted on and managed highly complex engagements for clients across a range of industries including the financial, insurance and technology sectors.  As the Global Lead for Consilio’s Cyber Incident Response Services, James uses this expertise to assist clients impacted by a range of cyber incidents including Business Email Compromise, Ransomware and Data Exfiltration. Working hand in hand with clients, their breach counsel, and cyber forensic firms, James and his team offer clients a range of services when responding to a Cyber Incident including data collection and hosting, analytics driven data mining, document review, and notification report generation.

Additionally, James is an adjunct professor at Wake Forest University School Law where he teaches a course on Electronic Discovery. He is also a frequent CLE panelist on topics relating to both Cyber Incident Response and eDiscovery.

James received his undergraduate degree from the University of North Carolina at Chapel Hill and his law degree from Wake Forest University School of Law in Winston Salem, NC. He is based in Raleigh, NC and has maintained an active license to practice law in North Carolina since 2007.

3:00 PM to 4:00 PM

Session Title

DFIR Toolmarks: Extending detection, analysis, and attribution

Typical CTI products do not delve into DFIR toolmarks, and typical DFIR business models and training obviate analysts from developing toolmarks.  However, DFIR toolmarks have been leveraged to enable higher fidelity detections, further analysis, and develop more granular attribution.

Speaker Bio

Harlan Carvey

Harlan Carvey has been a DFIR practitioner for over two decades and been engaged in information security practices for another decade beyond that.  After leaving active duty, Harlan was leading teams conducting vulnerability assessments and “war dialing” in the private sector before moving into DFIR full time.  During his time, Harlan has engaged in a wide range of analysis and response, from malware eradication to AUP violations to targeted, nation-state threat hunting and response. Harlan is an accomplished public speaker and a prolific published author.

4:00 PM to 5:00 PM

Session Title

ForensICS | Breach Investigation in ICS/SCADA

It has been a big challenge when Industrial Control Systems got compromised due to the limitations of skillful professionals in the OT environment.

In Generation IV, the ability to conduct both live analysis and memory acquisitions has opened the door for Forensicators who have an understanding of ICS/SCADA systems.

In this talk, it will be demonstrated how to acquire a memory dump in a system running under Windows OS in a forensically sound manner when a breach is assumed..

KET TAKEAWAY

1. Gain a fundamental understanding of the OT environment.
2. Learn the practical steps of memory acquisition for forensics investigation from a compromised OT system.
3. Equip the CERT/DFIR/CSIRT team of the applied forensics in ICS/SCADA.
4. Formulate Incident Response playbook in OT.

Speaker Bio

Art Rebultan, Envision Digital

Mike “Art” Rebultan has more than 17 years of experience as an IT professional with a background in PCI-DSS audit management, Unix/Linux server lockdown and systems administration, R&D, VAPT, DFIR/SecOps, and currently leading the Threat Intelligence program in an ICS/OT company.

Holding a master’s degree in IT with a concentration in E-Commerce security. He has also a professional graduate diploma in Digital Forensics and Cyber Security as continuing education.

Specializing in Computer Forensics, Network Intrusion, Data Breach, Cybercrime Investigation, Malware Analysis, and Reverse Engineering.

Thursday September 16

8:00 AM to 9:00 AM

Session Title

Mobile Device Management & Stalking & Surveillance

This seminar will explore the interpretation ( and misinterpretation) of common Mobile Device Management artifacts resident on electronic devices.  The presenters have experienced several cases throughout the past year in which individuals have turned to forensic analysts to explain the existence of MDM artifacts resident upon their electronic devices without their knowledge or consent.  In many cases, the artifacts can be traced to the interdependence of, and data sharing capabilities of, apple and android products.  In at least one case, the inaccurate explanation of MDM artifacts led one client to initiate legal action against the client’s spouse’s employer.

Speaker Bio

Don Wochna, Wochna Law Office

I am one of a few experienced litigators in the United States to have been certified as a Computer and Mobile Device Forensic Examiner and to have testified in federal and state courts.  Beginning in 1999, I focused the Wochna Law Firm on criminal defense cases in which evidence is found on computers, cell phones, and/or networks. Leveraging my 37 years practicing law and my 20 years as a consulting and testifying digital forensic expert, I accept engagements from Criminal Defense attorneys and law firms in the United States looking to leverage a strategic insight into electronic evidence that can only be delivered by an attorney who is also an electronic evidence expert.

In 1983, I obtained my law degree from Law School, the University of Chicago where I first observed the need for simple and effective explanations of complicated technical concepts that underlie many criminal defense matters in the modern electronic society. I strive for explanations that are understood by attorneys, judges, clients, and jurors that do not have significant technical backgrounds. Contact me today to give your case the edge it needs. 

Hayden Pritchard

Director of Information Security and Data Privacy Law. Providing strategic leadership of global information security and data privacy within cloud-hosted and geographically dispersed regions. Experience mostly centered on the healthcare industry with some energy sector consultancies.

Born and educated in England. I hold dual UK and USA Citizenship. My professional career has included living and working for five years in Tokyo, Japan. Plus lived and worked in Europe, Asia, and now in North America. Relevant professional certifications include CISM, CIPM & HICCSP & CDPSE. 

9:00 AM to 10:00 AM

Session Title

Automating Threat Hunting On Dark Web Using nitty-gritty things

How can you monitor and collect data from the dark web, what open-source tools you can utilize, and what are the benefits? If you are curious about the answers to these questions, then this talk is for you. There are many forums and marketplaces on the dark web where actors buy, sell, and trade goods and services like exploits, trojans, ransomware, etc. Monitoring and collecting data from the dark web can help any organization identify and detect risks that may arise due to their assets being sold on the dark web. In this presentation, you will learn why collecting data from the dark web is essential, what open-source tools you can use to collect these data, and how you can create your data collection architecture using different open-source tools.

 Objective:

Understand Deep/Dark Web

Open Source Intelligence Tools

Dark Web Monitoring

Encountering Threats Related To Deep Web

Speaker Bio

Lakshit Verma

Independent Security Practitioner Osint Evangelist , Freelance Law enforcement consultant

10:30 AM to 11:30 AM

Session Title

Tools and Techniques for Linux Skeptics

WindowsOS is your preferred platform (understandably). But you can turbocharge your forensic work by adding Linux innovations to your toolbox. Two dynamic Forensicators will show you how.

In this session you will learn how to:
* Add Linux to your workbench can save you time and money
* Validating results uncovered from Microsoft Windows tools
* Use Linux on your existing computer(s)
* Better leverage file systems
* Use Linux outside your lab
* Use Linux in court

Speaker Bio

Ira Victor

Ira Victor has more than 25 years of information security and digital forensics experience.  Ira first installed Linux on a “WinTel” computer at about the time RedHat Linux v3 (stable) became available. Ira is named as co-developer on multiple U.S. patents related to information security. His professional background includes work in messaging, incident response, digital forensics, and eDiscovery. Mr. Victor coauthored ground-breaking legislation on information security, privacy and digital forensics in his home state of Nevada. Ira has earned and maintained certifications from GIAC and ISACA.

Kevin Fisher 

Kevin Fisher has been a foundation in the Paraben support team for 10 years. Kevin’s dedication to the Paraben customers goes well beyond work hours with volunteering to help them in his free time as well. Kevin has had a love of computers for many years and that love and passion come through with all of his time and effort he puts into Paraben. Kevin loves all the Paraben tools, but E3:DS has a special place in his heart because of the challenge it is as no two devices are the same.

11:30 AM to 12:30 PM

Session Title

Coffee, Tea or NVMe

On March 1, 2011 the NVM Express (NVMe) specification was released. Though not as long a history as mechanical or SSD hard drives, NVMe touts faster read and write speeds, somewhat easier to install, and bypasses the SATA bus completely. With all of this, NVMe is poised to make a significant impact on computing. This presentation explores NVMe for the digital forensics lab. How can we use it, how can we collect from it, and can it make a significant enough impact to encourage more of its use in our labs.

A comparison has been made between SATA III mechanical hard drives, SATA III SSD hard drives, and NVMe storage. Standard benchmarking software has been used, and also the processing of a suspect hard drive has been run using all three different media. An examination of how we can collect data from a suspect drive in a forensically sound manner is also part of this talk.

Speaker Bio

Tim Carver, The University of Alabama, Huntsville

Prof. Timothy A. Carver holds a Bachelor of Science in Computer Science and Electronics Engineering, a Master of Science in Computer Science, and is ABD on his Ph.D. Over the years, he has designed and programmed video games, consulted at General Electric Aircraft Engines, and run his own business, He fell in love with teaching and has served in various faculty positions at The University of Cincinnati and other universities.

Currently, Prof. Carver teaches at The University of Alabama in Huntsville. He is a practicing Forensic Computer Examiner, a member of the International Society of Forensic Computer Examiners (ISFCE) and is a member of the Board of Directors for the High Tech Crime Consortium (HTCC). Because of his research on Bitcoin Forensics, Prof. Carver has been asked to consult on several cases and provide training to quite a few law enforcement organizations in recent years. He has also been referenced by the National Security Agency for his knowledge of Bitcoin.

1:30 PM to 2:30 PM

Session Title

Forensic Analysis of Fake Multimedia

In this session, we’ll focus on the media aspects of fake news, disinformation campaigns, and fake intel with deep analysis of altered images, audio, and video to uncover methods used to twist narratives and mislead perceptions. We’ll dive into the taxonomy of fake photos, deepfakes, phishing audio fraud attacks, fake rallies, nation-state fake intelligence, and media-generated to inspire mass hysteria. We’ll then further categorize these threats by their TTPs and provide methods for enhancing detection and response strategies. We’ll also demonstrate our Python Machine Learning-based media analysis tool to demonstrate detection of fake media gathered from news sites and social media, and provide deep and tangible insights into this systemic problem.

Speaker Bio

Mike Raggo, SilentSignals Inc. 

Michael T. Raggo (Co-Founder, SilentSignals, Inc.) has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is also the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books co-authored with Chet Hosmer and is a contributing author to Information Security the Complete Reference 2nd Edition. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; is a former participating member of FSISAC/BITS and PCI Council, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

Chet Hosmer, Python Nation

Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open source investigative technologies using the Python programming language.   Chet has been researching and developing technology and training surrounding forensics, digital investigation and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio’s Kojo Nnamdi show, ABC’s Primetime Thursday, NHK Japan, CrimeCrime TechTV and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine.

Chet is the author of five recent Elsevier/Syngress Books:

• Passive Python Network Mapping,
• Python Forensics,
• Integrating Python with Leading Computer Forensic Platforms,
• Data Hiding which is co/authored with Mike Raggo,
• and Executing Windows Command Line Investigation, which is co/authored with Joshua Bartolomie and Ms. Rosanne Pelli

Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and the latest active cyber defense methods and techniques.

Chet is also an adjunct professor at Champlain College, where his research and teaching focus on applying the Python programming language to solve challenging problems in digital investigation and forensics.

Chet delivers keynote and plenary talks on various cyber security related topics around the world each year.  He is also well-known as the Co-Founder of WetStone Technologies, Inc. a renowned cyber security organization developing malware and steganography solutions in use by Law Enforcement, Defense and the Private sector world-wide.

3:00 PM to 4:00 PM

Session Title

The cat and mouse game with iOS Forensics

iOS forensics has been a hot topic over the last few years. Apple is constantly strengthening its security measures on their devices such as iPhones, iPADs, Apple TV, Apple Watch etc.  This was designed to prevent hackers and by doing so law enforcement investigators access to its devices, Things like remote phone wiping, not allowing the passing of data through lightning cable, requests to enter a PIN after potentially suspicious actions (like changing a SIM card), 6-digit PIN by default etc, make digital investigations much more difficult.

There are, however, some breakthrough advances in the field of Apple device forensics, such as checkm8, unc0ver and checkra1n jailbreaks, as well as advances in agent-based acquisition. These advances gave investigators the forgotten possibility to acquire so-called “full file system copy”, which has far more data than a regular iTunes backup. Under some circumstances, there is a possibility to acquire data and keychain even without a jailbreak!

Speaker Bio

Yuri Gubanov, Belkasoft

Yuri Gubanov is a recognized digital forensics expert. He is a frequent speaker at industry-known conferences such as HTCIA, TechnoSecurity, EnFuse/CEIC, FT-Day, CAC, CACP, ICDDF, and others. Yuri organizes his own digital forensic conference in Europe. Yuri is the Founder and CEO of Belkasoft, the manufacturer of digital forensic software empowering police departments in more than 130 countries. With years of experience in digital forensics and security domain, Yuri led forensic training courses for multiple law enforcement departments in several countries. Besides, Yuri is a senior lecturer in St-Petersburg State University.

4:00 PM to 5:00 PM

Session Title

A Holistic Approach to Combatting Ransomware AI

The ever-evolving digital age affects every critical infrastructure on a global scale. IoT devices leverage the Internet to enable on-demand control and data feed to transform innocuous devices into powerful smart tech. IoT has transcended into a movement, shifting to what is now referred to as the Internet of Everything. The implications of IoE on the cybersecurity landscape are vast. Threat actors will continue to invest heavily in the exploitation of new technologies to advance the efficiency and decisiveness of their criminal operations. Experts estimate that in 2021 global ransomware attacks will reach a total of $6 trillion in damages, and it is forecasted that the sophistication of disruptive methods of attack will only increase. The methods of attack are beginning to include machine learning AI’s which allow threat actors to stealthily traverse an environment and attack specific targets autonomously, resulting in attacks that are more difficult to detect, prevent, and investigate. The uptick in deepfake technology over the last two years has also provided additional capabilities for threat actors to leverage, including elaborately convincing fabricated voice, image and video content. Faced with the threat of increasingly advanced ransomware attacks, sophisticated protections must be implemented. AI powered threat detection tools can identify patterns of malicious behavior and autonomously prevent intrusions and pacify deepfakes. Organizations must adopt a holistic approach when combatting AI ransomware, leveraging machine learning neural networks, to keep up with the advancing threat landscape.

Speaker Bio

Richard D’Souza, CyberClan

Richard D’Souza is the Owner and CEO of CyberClan. CyberClan has been providing cybersecurity services since its inception in 2006. Richard brings over 20 years of comprehensive cybersecurity experience in areas including incident response, computer forensics, secure architecture, security assessment, auditing, cyber extortion, and dark web investigation. Richard has conducted hundreds of vulnerability assessments and penetration tests, as well as business transformation computing efforts and architecture decisions in various IT environments including the gaming industry, government, foreign embassy, insurance, critical infrastructure, telecommunications, and engineering.  His deep knowledge in identification and prioritization, in addition to authorship of critical cloud security architecture decisions, requirements, guidelines, policies, and procedures across multiple domains provide expertise to lead in any complex security enterprise. In addition, Richard was the Managing Director of Operations and Head of Information Security at UK based Accredited Test Facility (ATF) where he established the ATF’s Canadian operations with particular emphasis in security auditing, compliance testing, sales and business development.

End of Event-Recordings will be made available by the following week.