Speakers & Abstracts

Get into the details of all the innovating ideas and concepts that you can learn at PFIC.

Tuesday September 22

8:00 AM to 9:00 AM

Session Title

Smartphone & Computer Data Nuggets

The addiction to technology has not decreased, but as communities end up more separated the draw to technology has skyrocketed. As new trends in what is popular and what is not on the devices from apps to changes in firmware, there are new nuggets of data that can be captured and used as digital evidence. Common communication platforms and their data can be key to finding your evidence. This session is great for anyone doing digital investigations and needs to know where to look in the nooks and crannies of data to find what they are looking for.

Speaker Bio

Amber Schroader, CEO & Founder, Paraben Corporation
Throughout the past two decades, Ms Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed over two-dozen software programs designed for the purposes of recovering digital data from mobile phones, computer hard drives, email, and live monitoring services. Ms. Schroader has taught and designed the established protocols for the seizure and processing of digital evidence that has been used by numerous organizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to digital forensics” as well as started the momentum and push to the “Forensics of Everything-FoE” with her focus to unique problems in digital evidence and solutions. Ms. Schroader has been a huge industry influence in pushing for a big-picture consideration of the digital evidence and the acquisition process and analysis techniques used. An accomplished curriculum developer and instructor; Ms. Schroader has written and taught numerous classes for this specialized field as well as founded multiple certifications. Ms. Schroader continues to support through book contributions and other industry speaking engagements.

9:00 AM to 10:00 AM

Session Title

Where to find good sh*t in Windows that most tools don’t show you

With every new upgrade/update to Windows 10, forensic artifacts change. In this 60-minute session, we will cover a few new artifacts such as the location of removable storage items, etc. We will review how to do this without the use of conventional tools. 

Speaker Bio

Dave Shaver, Digital Forensic Examiner
Dave Shaver has been a digital forensic examiner since 1999. He currently is working for the U.S. Government. 

10:00 AM to 10:30 AM

Sponsor Spotlight

Latest Innovations from Weibe Tech

10:30 AM to 11:30 AM

Session Title

Adapting to remote investigations and DFIR challenges

Now more than ever, digital investigators have to protect themselves, even as they protect and preserve critical evidence.  We will discuss smart, prioritized distance collection techniques involving the Cloud, collecting from network endpoints (or, suspect computers), even when not persistently connected, along with non-invasive, network-based Mac collection, even when T2 security is present.

Speaker Bio

Chuck Dodson, Sr Director, Product Strategist [Security], OpenText

A recognized authority on leading-edge technologies, emerging solutions, best practices, and transformational journeys, Chuck has a proven track record of successful digital transformation engagements providing independent assessments and trusted advice to senior executives.

In addition to his 20 years in State, local, and federal law enforcement, Chuck recently served as the State of Illinois Chief Information Officer for State Public Safety providing agency information security program vision, strategy, and technology roadmaps.

Chuck possesses a Master of Science Degree in Military Studies with a focus on Terrorism and Master and Bachelor of Arts Degrees in Business Administration majoring in Technology, and a Bachelor of Science Degree in Criminal Justice.

Chuck served with the U.S. Army Special Forces (Green Berets) specializing in counter-insurgency and intelligence operations; retiring with the rank of Sergeant Major/E-9.

Carl Wong, Lead Solutions Consultant, OpenText

Carl is a Lead Solutions Consultant for Opentext’s EnCase Security solutions for the last 5 years. He is an accomplished practitioner in the fields of Digital Forensics, eDiscovery, and Incident Response.

In addition, he has been an Adjunct Professor of a graduate-level Digital Forensics Applications course at The John Jay College of Criminal Justice for the past 8 years.

 

11:30 AM to 12:00 PM

Sponsor Spotlight

Belkasoft Evidence Processing

12:00 PM to 1:00 PM

Session Title

Creating VM’s from Forensic Images for Courtroom Presentation

One of the biggest hurdles in computer forensic testimony is figuring out how best to approach all the technical terms, procedures, and evidence that needs to be explained and presented to a “non-technical” courtroom.  One of the best ways to overcome this hurdle is by providing them with a “virtual tour” of the evidence.  By harnessing forensic and VM technology, you can virtually “boot” the suspect’s system by creating a virtual machine from your forensic image file (e.g., .E01, .DD, etc.), and viewing the system just as if you had brought the computer into the courtroom and powered it on.  Judges and jurors can now see the system just as the suspect saw it, in its native Windows environment, and you will be able to present your evidence and findings in a much more efficient and effective way.  Attendees will learn the process of creating and booting a VM of a forensic image, and how they can use this process to locate additional evidence that’s not typically viewable via traditional forensic tools.  Attendees will also learn useful tips and tricks on how to successfully introduce this in a courtroom setting.

Speaker Bio

Jeff Shackelford, PassMark

Jeff Shackelford is an Applications Engineer and Digital Forensics Specialist for PassMark Software, makers of OSForensics. As a former Digital Forensics Lab Director, Supervisory Special Agent, and Certified Law Enforcement Instructor, Jeff has over 17 years of law enforcement experience and has been an active member, practitioner and speaker in the digital forensics and cyber-crime communities for the past 12+ years. Now with PassMark Software, Jeff utilizes his prior training and ‘real-world’ experience to help design, develop, and implement new features for OSForensics.

1:00 PM to 2:00 PM

Session Title

#OSINT: Knowledge is power

The rise in popularity of Open Source INTelligence (“OSINT”) has allowed digital investigators, hackers, and cyber security practitioners easier access to more information about people or organizations. OSINT information can benefit digital investigations or create vulnerabilities for organizations and individuals. Let’s look at OSINT tools that gather public information and applications for use during your digital investigations.

 

Speaker Bio

Stephen Ramey, Arete Incident Response

Stephen Ramey advises clients on data breach response, digital investigations, and computer security. He has particular expertise in digital forensics, litigation support, and incident response. Stephen has led numerous high-profile incident response teams investigating nation-state sponsored attacks, ransomware outbreaks, and breaches that resulted from IT misconfigurations. He currently holds a SANS GIAC Information Security Professional (“GISP”) certification.

2:00 PM to 3:00 PM

Session Title

I Rest My Case

Impressing Your Lawyer Clients and Avoiding Disaster in Cross-Examination Best practice tips when conducting digital forensics investigations for litigation lawyers – from a former lawyer.  From engagement to written reports and giving evidence at trial, Tyler Hatch of DFI Forensics will provide insight into working with lawyers and preparing for cross-examination.

 

Speaker Bio

Tyler Hatch, DFI Forensics

Tyler was born and raised in suburban Vancouver, B.C., Canada. Following a 6 year legal career that included representing clients in legal proceedings in Small Claims, Supreme Court, and a variety of administrative tribunals in B.C., Tyler found his way into the fascinating world of digital forensics and never looked back. After spending some time with a Vancouver-based digital forensics firm, Tyler had a desire to provide superior value and service to clients and formed DFI Forensics in July 2018.

Tyler deals directly with clients and cares deeply about executing the vision for the company and ensuring that clients are well-informed, properly advised, get expert-level results, and receive excellent value from DFI Forensics. Tyler is a Certified Computer Forensics Examiner (CCFE) and a Certified Mobile Forensics Examiner (CMFE) and is always training and receiving education to further his knowledge and understanding of computer forensics, IT forensics, digital forensics, cybersecurity, and incident response.

Tyler is a frequent contributor to written articles to various legal and digital forensics publications, including AdvocateDaily.com, LawyersDaily.ca, eForensics Magazine, and Digital Forensics Magazine.

3:00 PM to 3:30 PM

Sponsor Spotlight

Susteen Mobile Approach

3:30 PM to 4:30 PM

Session Title

Omnipod Insulin Pumps: Vulnerabilities and Proposed Security Measures

The convergence of communications technology and healthcare has both transformed treatment options and fueled the growth of the connected medical device industry. This rapid advancement has coincided with a rise in reported medical device vulnerabilities. Popular insulin pumps, like the Omnipod system, are amongst the vulnerable devices; these vulnerabilities are widely known and many diabetics use online guides to hack their own pumps and automate insulin delivery. Though some users see this as beneficial, they may not realize it is a health risk. A software bug or malicious actor can compromise health data, change pump settings, or even administer lethal doses of insulin. The severity of the vulnerabilities and relative ease with which they can be exploited warrants proactive action. This research explores the extent of vulnerabilities involving Omnipod insulin pumps and provides recommendations to improve security and mitigate device infiltration.

Speaker Bio

Naveed Yazdi, Saddleback College

Naveed is a graduate student at Georgia Tech’s College of Computing and a cybersecurity student at Saddleback College. Prior to graduate school, he earned two A.S. degrees in Biology and Chemistry from Saddleback College as well as a B.S. in Public Health Sciences from UC Irvine. While attaining his health degree, Naveed gained hands-on experience at UCI Health where he worked directly with physicians and data analysts to identify trends in patient outcomes and improve the patient experience. Naveed is most passionate about the intersection of technology and healthcare, and he is especially interested in the connected medical device industry, health data management, and the future implications for cybersecurity in healthcare.

 

 

 

Felix Murray, Saddleback College

Felix Murray is a software developer and computer science student at Saddleback College. He has pursued projects and careers at organizations such as Northrop Grumman, NASA, and American Financial Network and is currently helping to build the fintech startup USAloans. Felix specializes in developing automation solutions for traditionally non-technical businesses and providing ongoing security support for information technology and software development teams. Having a passion for device security, he has explored avenues for cybersecurity research to further the integrity of hand-held mobile devices.

4:30 PM to 5:30 PM

Session Title

Cloud Breach Forensics

Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look amongst the plethora of services available through Cloud Service Providers such as AWS, Azure, and Google Cloud. In this session, we’ll enumerate sources of forensic evidentiary data amongst the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real-world breaches will be highlighted providing practical approaches to exposing the attacker’s methods and compromise.

Speaker Bio

Mike Raggo, Cloudknox Security

Michael T. Raggo, Cloud Security Expert, Cloudknox Security, has over 20 years of security research experience. His current research focuses on Cloud security. Over the years he has uncovered numerous vulnerabilities in commercial networking, mobile, and security products including Samsung, CheckPoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” for Syngress Books, and is a contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

 

5:30 PM to 6:00 PM

Hosted in Google Meet

Wednesday September 23

8:00 AM to 9:00 AM

Session Title

Validating Forensic Processes, Hardware and Software

This presentation will give the attendee’s the information needed to build or enhance a comprehensive methodology for validating their procedures, hardware, and software. Techniques for validation and available resources will be provided. This discussion is suitable for all levels of expertise.

 

Speaker Bio

Greg Dominguez

Greg Dominguez is currently an independent contractor specializing in forensic product testing and evaluation. He is a retired US Air Force Office of Special Investigations Computer Crime Investigator.  As an Air Force Special Agent, he was the first Chief of the Air Force Computer Forensic Lab that later became the Department of Defense Computer Forensics Lab (DCFL).  Since retiring from the Air Force in October 1997, he has held positions at Trident Data Systems in Information Security; at Ernst & Young LLP as the Director of the National Computer Forensics Lab; and at Fiderus, Inc. as the Director of Computer Forensics.  He was the Chief Operations Officer at Forensic Computers where he managed the day-to-day operations.

9:00 AM to 10:00 AM

Session Title

Modern Data Types Introduction: Slack, cloud, and communication platforms

While the collection phase of legal discovery only consumes between 8-12% of each dollar spent on eDiscovery, it is increasingly becoming the most critical and complex task in the eDiscovery lifecycle based on the accelerating introduction of new data types along with new input and storage technologies. From the expanding universe of social media applications such as Twitter and Tic-Tok to modern productivity tools ranging from Slack to Office 365, eDiscovery professionals continually are challenged with identifying and understanding new types of data. In this expert presentation, computer forensics and eDiscovery authorities Michael Sarlo and John Wilson will share an overview of critical considerations, proven protocols, and best practices for discovering and dealing with new types of data. Presentation highlights include:

Emerging Types of Data

+ GSuite: Collection, Processing, and Review Considerations
+ O365: Collection, Processing, and Review Considerations
+ Slack and Other Web-Based Collaboration Platforms: Fundamentals and Collection Considerations

Web-Based Collections

+ Considering APIs: Definition and Description
+ Two Major Methods of Cloud Collection: Data+Metadata and Web Imaging
+ From Calculable Websites to Stealth Collections

 

Speaker Bio

John Wilson, HaystackID

John Wilson is a licensed private investigator, certified examiner, and information technology veteran with over two decades of experience working with the US government, public, and private companies. He serves clients in many industries as a trusted advisor to law firms, corporate legal departments, outside counsel and executives on best practices for litigation readiness.

As CISO at HaystackID, John provides consulting and forensic services to help companies address various matters related to electronic discovery and computer forensics including leading forensic investigations, cryptocurrency investigations, ensuring proper preservation of evidence items and chain of custody. He develops forensic workflows and processes for clients including major financial institutions, Fortune 500 companies, AmLaw 100 law firms as well as many other organizations.

10:00 AM to 10:30 AM

Sponsor Spotlight

OpenText Product Demonstration

10:30 AM to 11:30 AM

Session Title

Using Modern Digital Forensics Tools To Hunt the Most Advanced Threat Actors

Using Modern Digital Forensics Tools To Hunt the Most Advanced Threat Actors One of the fastest growing areas of my business has been providing Cyber Threat Hunting services to my customers. Watch as we combine open-source memory forensics tools such as Volatility with next-generation forensics solutions like Paraben E3 to track even the most advanced adversaries through the environment. This will be a live very technical deep dive and demonstration of a live breach, followed by live tracking of that breach’s threat actors.

Speaker Bio

Keatron Evans, KM Cyber Security

Keatron Evans is the Managing Partner at KM Cyber Security, LLC, and responsible for global information security consulting business which includes penetration testing, incident response management/consulting, digital forensics, and training.

11:30 AM to 12:00 PM

Sponsor Spotlight

Magnet Forensics

12:00 PM to 1:00 PM

Session Title

In a work at home world, how is your evidence changing?

The current epidemic has shown the innovation and resilience of American companies and employees. It has also uncovered areas where many industries can be better prepared. With many companies allowing their employees to work from home and access Company-owned data from personal devices, a great area for business owners to begin improving is protecting intellectual property. The focus of protecting data on company-owned devices needs to shift to protect company data whether it exists on a personal device, consumer cloud, or company-owned and/or operated devices and/or services.

Speaker Bio

Michael Zinn, Microsystems Management Technology Consultants

Michael Zinn (ACE, CCE, CEH, CHFI, DSMO, MCSA, P2CE) is a recognized digital forensics and cybersecurity expert who has more than 14 years of experience working in Information Technology and focused on cybersecurity. Michael is a Systems Engineer at Micro Systems Management who focuses on firewalls, VPNs, cybersecurity incident response, and cybersecurity training.

1:00 PM to 2:00 PM

Session Title

Analyzing WiFi Connections

Proving one single WiFi connection may solve a case. Was the suspect at a given time, connected to a specific WiFi spot, which is located in the address of interest? Was the record of this connection stored in their device? Is the last connection time close to the time of a crime or incident? 

Speaker Bio

Yuri Gubanov, Belkasoft

 Yuri Gubanov is a recognized digital forensics expert. He is a frequent speaker at industry-known conferences such as HTCIA, TechnoSecurity, EnFuse/CEIC, FT-Day, CAC, CACP, ICDDF, and others. Yuri organizes his own digital forensic conference in Europe. Yuri is the Founder and CEO of Belkasoft, the manufacturer of digital forensic software empowering police departments in more than 130 countries. With years of experience in digital forensics and security domain, Yuri led forensic training courses for multiple law enforcement departments in several countries. Besides, Yuri is a senior lecturer in St-Petersburg State University.

2:00 PM to 3:00 PM

Session Title

Legal Issues of 5G

Riding the 5G wave:  New Business opportunities for Forensic Professionals Aside from legal challenges surrounding spectrum allocation and licensing, 5G technology, privacy, cybersecurity, and healthcare concerns will explode with the introduction of 5G technology.  These concerns will result from billions of new interactions daily of individuals connected to an artificially intelligent neural network. The Internet of Things is just the beginning of an explosion of human-device interactions.  We can assume humans will embrace autonomous vehicles, robot doctors and lawyers, virtual managers, etc.

Humans being humans, we can assume that they will be mostly ignorant of the means, methods, and protocols used by these devices to create, record, capture, process, transport, store, and analyze data.  Similarly, the desire to form predictive behavior algorithms from the analysis of a tsunami of real-time data will naturally move data from operation technology to monitoring or surveillance.

 In this data-intensive future, the use of device-specific forensics may face existential threats, as relevant forensic evidence of human conduct is displaced by real-time covert monitoring (surveillance). Data generated from electronic devices have already been granted special treatment in the Federal Rules of Evidence, and the future seems to be one in which data will be presumed to be accurate and reliable. Forensic analysis of the protocols used by devices within a 5G environment may be most valuable to challenge such data.

Speaker Bio

Don Wochna, Wochna Law Office

 I am one of a few experienced litigators in the United States to have been certified as a Computer and Mobile Device Forensic Examiner and to have testified in federal and state courts.  Beginning in 1999, I focused the Wochna Law Firm on criminal defense cases in which evidence is found on computers, cell phones, and/or networks. Leveraging my 37 years practicing law and my 20 years as a consulting and testifying digital forensic expert, I accept engagements from Criminal Defense attorneys and law firms in the United States looking to leverage a strategic insight into electronic evidence that can only be delivered by an attorney who is also an electronic evidence expert.

In 1983, I obtained my law degree from Law School, the University of Chicago where I first observed the need for simple and effective explanations of complicated technical concepts that underlie many criminal defense matters in the modern electronic society. I strive for explanations that are understood by attorneys, judges, clients, and jurors that do not have significant technical backgrounds. Contact me today to give your case the edge it needs. 

3:00 PM to 3:30 PM

Sponsor Spotlight

Passmark Tips & Tricks

3:30 PM to 4:30 PM

Session Title

Deepfake Forensic Investigations

The global impact resulting from the distribution of doctored digital photographs, videos, and audio has reached an epidemic proportion.  These digitally altered fakes are distributed through social media, news outlets, traditional web resources and are making their way into the mainstream media. The impact of these Deepfakes can dramatically change the way people think, act, react, believe, and can ultimately cause harm.  At the simplest level, they represent fraud.

During this presentation, I will convey real examples along with the resulting impacts that have already occurred. 

Most importantly, I will demonstrate a new methodology rooted in the dark art of steganography that can actively identify these Deepfakes and even trace their origins back to their creators.

Speaker Bio

Chet Hosmer, Python Forensics

Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using the Python programming language.   Chet has been researching and developing technology and training surrounding forensics, digital investigation and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio’s Kojo Nnamdi show, ABC’s Primetime Thursday, NHK Japan, CrimeCrime TechTV and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine.

Chet is the author of five recent Elsevier/Syngress Books. Passive Python Network MappingPython ForensicsIntegrating Python with Leading Computer Forensic Platforms, Data Hiding which is co/authored with Mike Raggo, and Executing Windows Command Line Investigation, which is co/authored with Joshua Bartolomie and Ms. Rosanne Pelli.

Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and the latest active cyber defense methods and techniques.  Chet is also an adjunct professor at Champlain College, where his research and teaching focus on applying the Python programming language to solve challenging problems in digital investigation and forensics.

Chet delivers keynote and plenary talks on various cybersecurity-related topics around the world each year.  He is also well-known as the Co-Founder of WetStone Technologies, Inc. a renowned cybersecurity organization developing malware and steganography solutions in use by Law Enforcement, Defense, and the Private sector world-wide.

4:30 PM to 5:30 PM

Session Title

Tips  & Tricks in Digital Forensics

Pending

Speaker Bios

Mike Menz, Green Dot Corp

Michael Menz is a long time professional in the field of digital forensics and investigations. With over two decades of experience in both law enforcement and corporate investigations. As a senior director of investigations, there is no limit to, the knowledge and expertise when it comes to digital forensics and eDiscovery. From fraud, theft, violent crimes, sexual harassment, cyber-related crimes, malware analysis, financial reporting irregularities, incident response, cyber intelligence collection, social media investigations, and response, as well as insider threat detection the variety of cases worked, attests to the skills and knowledge of Mr. Menz.

 

Kipp Loving

Kipp Loving retired after 31 years of law enforcement for three California agencies. He also worked as a Criminal Investigator for the Stanislaus County District Attorney’s Office. He has held many assignments, including Detectives, Auto Theft, SWAT, Impact Weapons Instructor and the Training Manager position for the Sacramento Valley Hi-Tech Crimes Task Force.

For the last twelve years of his career, Detective Loving was deputized as a U.S. Marshal and assigned to the FBI Cyber Crime ICAC Task Force & Sacramento Valley Hi-Tech Crimes Task Force, assisting agents with crimes related to the abuse of children.  He has worked and assisted in a number of high profile cases involving technology. Among the most notable was the murder of California Highway Patrol Officer Earl H. Scott and the murder of Lacy Peterson and her unborn son, Conner.

Detective Loving regularly instructs for local, state and federal law enforcement on the topics of Cell Phone Evidence, Surveillance Equipment, Court Presentation of Hi-Tech Evidence, Onsite Search Tools and ID Theft.  Detective Loving maintains a Hi-Tech Crime Training website (kloving.net) used by law enforcement around the world.

 

End of Event-Recordings will be made available by the following week.

Join Us!

PFIC 2020

Virtual Event

September 22nd & 23rd 2020

8 AM to 5:30 PM Eastern Time

All sessions are recorded just in case you miss one.