Speakers & Abstracts
Get into the details of all the innovating ideas and concepts that you can learn at PFIC.
Tuesday September 22
8:00 AM to 9:00 AM
Smartphone & Computer Data Nuggets
The addiction to technology has not decreased, but as communities end up more separated the draw to technology has skyrocketed. As new trends in what is popular and what is not on the devices from apps to changes in firmware, there are new nuggets of data that can be captured and used as digital evidence. Common communication platforms and their data can be key to finding your evidence. This session is great for anyone doing digital investigations and needs to know where to look in the nooks and crannies of data to find what they are looking for.
Amber Schroader, CEO & Founder, Paraben Corporation
Throughout the past two decades,
9:00 AM to 10:00 AM
Where to find good sh*t in Windows that most tools don’t show you
With every new upgrade/update to Windows 10, forensic artifacts change. In this 60-minute session, we will cover a few new artifacts such as the location of removable storage items, etc. We will review how to do this without the use of conventional tools.
Dave Shaver, Digital Forensic Examiner
Dave Shaver has been a digital forensic examiner since 1999. He currently is working for the U.S. Government.
10:30 AM to 11:30 AM
Adapting to remote investigations and DFIR challenges
Now more than ever, digital investigators have to protect themselves, even as they protect and preserve critical evidence. We will discuss smart, prioritized distance collection techniques involving the Cloud, collecting from network endpoints (or, suspect computers), even when not persistently connected, along with non-invasive, network-based Mac collection, even when T2 security is present.
Chuck Dodson, Sr Director, Product Strategist [Security], OpenText
A recognized authority on leading-edge technologies, emerging solutions, best practices, and transformational journeys, Chuck has a proven track record of successful digital transformation engagements providing independent assessments and trusted advice to senior executives.
In addition to his 20 years in State, local, and federal law enforcement, Chuck recently served as the State of Illinois Chief Information Officer for State Public Safety providing agency information security program vision, strategy, and technology roadmaps.
Chuck possesses a Master of Science Degree in Military Studies with a focus on Terrorism and Master and Bachelor of Arts Degrees in Business Administration majoring in Technology, and a Bachelor of Science Degree in Criminal Justice.
Chuck served with the U.S. Army Special Forces (Green Berets) specializing in counter-insurgency and intelligence operations; retiring with the rank of Sergeant Major/E-9.
Carl Wong, Lead Solutions Consultant, OpenText
Carl is a Lead Solutions Consultant for Opentext’s EnCase Security solutions for the last 5 years. He is an accomplished practitioner in the fields of Digital Forensics, eDiscovery, and Incident Response.
In addition, he has been an Adjunct Professor of a graduate-level Digital Forensics Applications course at The John Jay College of Criminal Justice for the past 8 years.
12:00 PM to 1:00 PM
Creating VM’s from Forensic Images for Courtroom Presentation
One of the biggest hurdles in computer forensic testimony is figuring out how best to approach all the technical terms, procedures, and evidence that needs to be explained and presented to a “non-technical” courtroom. One of the best ways to overcome this hurdle is by providing them with a “virtual tour” of the evidence. By harnessing forensic and VM technology, you can virtually “boot” the suspect’s system by creating a virtual machine from your forensic image file (e.g., .E01, .DD, etc.), and viewing the system just as if you had brought the computer into the courtroom and powered it on. Judges and jurors can now see the system just as the suspect saw it, in its native Windows environment, and you will be able to present your evidence and findings in a much more efficient and effective way. Attendees will learn the process of creating and booting a VM of a forensic image, and how they can use this process to locate additional evidence that’s not typically viewable via traditional forensic tools. Attendees will also learn useful tips and tricks on how to successfully introduce this in a courtroom setting.
Jeff Shackelford, PassMark
Jeff Shackelford is an Applications Engineer and Digital Forensics Specialist for PassMark Software, makers of OSForensics. As a former Digital Forensics Lab Director, Supervisory Special Agent, and Certified Law Enforcement Instructor, Jeff has over 17 years of law enforcement experience and has been an active member, practitioner
1:00 PM to 2:00 PM
#OSINT: Knowledge is power
The rise in popularity of Open Source INTelligence (“OSINT”) has allowed digital investigators, hackers, and cyber security practitioners easier access to more information about people or organizations. OSINT information can benefit digital investigations or create vulnerabilities for organizations and individuals. Let’s look at OSINT tools that gather public information and applications for use during your digital investigations.
Stephen Ramey, Arete Incident Response
Stephen Ramey advises clients on data breach response, digital investigations, and computer security. He has particular expertise in digital forensics, litigation support, and incident response. Stephen has led numerous high-profile incident response teams investigating nation-state sponsored attacks, ransomware outbreaks, and breaches that resulted from IT misconfigurations. He currently holds a SANS GIAC Information Security Professional (“GISP”) certification.
2:00 PM to 3:00 PM
I Rest My Case
Impressing Your Lawyer Clients and Avoiding Disaster in Cross-Examination Best practice tips when conducting digital forensics investigations for litigation lawyers – from a former lawyer. From engagement to written reports and giving evidence at trial, Tyler Hatch of DFI Forensics will provide insight into working with lawyers and preparing for cross-examination.
Tyler Hatch, DFI Forensics
Tyler was born and raised in suburban Vancouver, B.C., Canada. Following a 6 year legal career that included representing clients in legal proceedings in Small Claims, Supreme Court, and a variety of administrative tribunals in B.C., Tyler found his way into the fascinating world of digital forensics and never looked back. After spending some time with a Vancouver-based digital forensics firm, Tyler had a desire to provide superior value and service to clients and formed DFI Forensics in July 2018.
Tyler deals directly with clients and cares deeply about executing the vision for the company and ensuring that clients are well-informed, properly advised, get expert-level results, and receive excellent value from DFI Forensics. Tyler is a Certified Computer Forensics Examiner (CCFE) and a Certified Mobile Forensics Examiner (CMFE) and is always training and receiving education to further his knowledge and understanding of computer forensics, IT forensics, digital forensics, cybersecurity, and incident response.
Tyler is a frequent contributor to written articles to various legal and digital forensics publications, including AdvocateDaily.com, LawyersDaily.ca, eForensics Magazine, and Digital Forensics Magazine.
3:30 PM to 4:30 PM
Omnipod Insulin Pumps: Vulnerabilities and Proposed Security Measures
The convergence of communications technology and healthcare has both transformed treatment options and fueled the growth of the connected medical device industry. This rapid advancement has coincided with a rise in reported medical device vulnerabilities. Popular insulin pumps, like the Omnipod system, are amongst the vulnerable devices; these vulnerabilities are widely known and many diabetics use online guides to hack their own pumps and automate insulin delivery. Though some users see this as beneficial, they may not realize it is a health risk. A software bug or malicious actor can compromise health data, change pump settings, or even administer lethal doses of insulin. The severity of the vulnerabilities and relative ease with which they can be exploited warrants proactive action. This research explores the extent of vulnerabilities involving Omnipod insulin pumps and provides recommendations to improve security and mitigate device infiltration.
Naveed Yazdi, Saddleback College
Naveed is a graduate student at Georgia Tech’s College of Computing and a cybersecurity student at Saddleback College. Prior to graduate school, he earned two A.S. degrees in Biology and Chemistry from Saddleback College as well as a B.S. in Public Health Sciences from UC Irvine. While attaining his health degree, Naveed gained hands-on experience at UCI Health where he worked directly with physicians and data analysts to identify trends in patient outcomes and improve the patient experience. Naveed is most passionate about the intersection of technology and healthcare, and he is especially interested in the connected medical device industry, health data management, and the future implications for cybersecurity in healthcare.
Felix Murray, Saddleback College
Felix Murray is a software developer and computer science student at Saddleback College. He has pursued projects and careers at organizations such as Northrop Grumman, NASA, and American Financial Network and is currently helping to build the fintech startup USAloans. Felix specializes in developing automation solutions for traditionally non-technical businesses and providing ongoing security support for information technology and software development teams. Having a passion for device security, he has explored avenues for cybersecurity research to further the integrity of hand-held mobile devices.
4:30 PM to 5:30 PM
Cloud Breach Forensics
Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look amongst the plethora of services available through Cloud Service Providers such as AWS, Azure, and Google Cloud. In this session, we’ll enumerate sources of forensic evidentiary data amongst the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real-world breaches will be highlighted providing practical approaches to exposing the attacker’s methods and compromise.
Mike Raggo, Cloudknox Security
Michael T. Raggo, Cloud Security Expert, Cloudknox Security, has over 20 years of security research experience. His current research focuses on Cloud security. Over the years he has uncovered numerous vulnerabilities in commercial networking, mobile, and security products including Samsung, CheckPoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” for Syngress Books, and is a contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
Wednesday September 23
8:00 AM to 9:00 AM
Validating Forensic Processes, Hardware and Software
This presentation will give the attendee’s the information needed to build or enhance a comprehensive methodology for validating their procedures, hardware, and software. Techniques for validation and available resources will be provided. This discussion is suitable for all levels of expertise.
Greg Dominguez is currently an independent contractor specializing in forensic product testing and evaluation. He is a retired US Air Force Office of Special Investigations Computer Crime Investigator. As an Air Force Special Agent, he was the first Chief of the Air Force Computer Forensic Lab that later became the Department of Defense Computer Forensics Lab (DCFL). Since retiring from the Air Force in October 1997, he has held positions at Trident Data Systems in Information Security; at Ernst & Young LLP as the Director of the National Computer Forensics Lab; and at Fiderus, Inc. as the Director of Computer Forensics. He was the Chief Operations Officer at Forensic Computers where he managed the day-to-day operations.
9:00 AM to 10:00 AM
Modern Data Types Introduction: Slack, cloud, and communication platforms
While the collection phase of legal discovery only consumes between 8-12% of each dollar spent on eDiscovery, it is increasingly becoming the most critical and complex task in the eDiscovery lifecycle based on the accelerating introduction of new data types along with new input and storage technologies. From the expanding universe of social media applications such as Twitter and Tic-Tok to modern productivity tools ranging from Slack to Office 365, eDiscovery professionals continually are challenged with identifying and understanding new types of data. In this expert presentation, computer forensics and eDiscovery authorities Michael Sarlo and John Wilson will share an overview of critical considerations, proven protocols, and best practices for discovering and dealing with new types of data. Presentation highlights include:
Emerging Types of Data
+ GSuite: Collection, Processing, and Review Considerations
+ O365: Collection, Processing, and Review Considerations
+ Slack and Other Web-Based Collaboration Platforms: Fundamentals and Collection Considerations
+ Considering APIs: Definition and Description
+ Two Major Methods of Cloud Collection: Data+Metadata and Web Imaging
+ From Calculable Websites to Stealth Collections
John Wilson, HaystackID
John Wilson is a licensed private investigator, certified examiner, and information technology veteran with over two decades of experience working with the US government, public, and private companies. He serves clients in many industries as a trusted advisor to law firms, corporate legal departments, outside counsel and executives on best practices for litigation readiness.
As CISO at HaystackID, John provides consulting and forensic services to help companies address various matters related to electronic discovery and computer forensics including leading forensic investigations, cryptocurrency investigations, ensuring proper preservation of evidence items and chain of custody. He develops forensic workflows and processes for clients including major financial institutions, Fortune 500 companies, AmLaw 100 law firms as well as many other organizations.
10:30 AM to 11:30 AM
Using Modern Digital Forensics Tools To Hunt the Most Advanced Threat Actors
Using Modern Digital Forensics Tools To Hunt the Most Advanced Threat Actors One of the fastest growing areas of my business has been providing Cyber Threat Hunting services to my customers. Watch as we combine open-source memory forensics tools such as Volatility with next-generation forensics solutions like Paraben E3 to track even the most advanced adversaries through the environment. This will be a live very technical deep dive and demonstration of a live breach, followed by live tracking of that breach’s threat actors.
Keatron Evans, KM Cyber Security
Keatron Evans is the Managing Partner at KM Cyber Security, LLC, and responsible for global information security consulting business which includes penetration testing, incident response management/consulting, digital forensics, and training.
12:00 PM to 1:00 PM
In a work at home world, how is your evidence changing?
The current epidemic has shown the innovation and resilience of American companies and employees. It has also uncovered areas where many industries can be better prepared. With many companies allowing their employees to work from home and access Company-owned data from personal devices, a great area for business owners to begin improving is protecting intellectual property. The focus of protecting data on company-owned devices needs to shift to protect company data whether it exists on a personal device, consumer cloud, or company-owned and/or operated devices and/or services.
Michael Zinn, Microsystems Management Technology Consultants
Michael Zinn (ACE, CCE, CEH, CHFI, DSMO, MCSA, P2CE) is a recognized digital forensics and cybersecurity expert who has more than 14 years of experience working in Information Technology and focused on cybersecurity. Michael is a Systems Engineer at Micro Systems Management who focuses on firewalls, VPNs, cybersecurity incident response, and cybersecurity training.
1:00 PM to 2:00 PM
Analyzing WiFi Connections
Proving one single WiFi connection may solve a case. Was the suspect at a given time, connected to a specific WiFi spot, which is located in the address of interest? Was the record of this connection stored in their device? Is the last connection time close to the time of a crime or incident?
Yuri Gubanov, Belkasoft
Yuri Gubanov is a recognized digital forensics expert. He is a frequent speaker at industry-known conferences such as HTCIA, TechnoSecurity, EnFuse/CEIC, FT-Day, CAC, CACP, ICDDF, and others. Yuri organizes his own digital forensic conference in Europe. Yuri is the Founder and CEO of Belkasoft, the manufacturer of digital forensic software empowering police departments in more than 130 countries. With years of experience in digital forensics and security domain, Yuri led forensic training courses for multiple law enforcement departments in several countries. Besides, Yuri is a senior lecturer in St-Petersburg State University.
2:00 PM to 3:00 PM
Legal Issues of 5G
Riding the 5G wave: New Business opportunities for Forensic Professionals Aside from legal challenges surrounding spectrum allocation and licensing, 5G technology, privacy, cybersecurity, and healthcare concerns will explode with the introduction of 5G technology. These concerns will result from billions of new interactions daily of individuals connected to an artificially intelligent neural network. The Internet of Things is just the beginning of an explosion of human-device interactions. We can assume humans will embrace autonomous vehicles, robot doctors and lawyers, virtual managers, etc.
Humans being humans, we can assume that they will be mostly ignorant of the means, methods, and protocols used by these devices to create, record, capture, process, transport, store, and analyze data. Similarly, the desire to form predictive behavior algorithms from the analysis of a tsunami of real-time data will naturally move data from operation technology to monitoring or surveillance.
In this data-intensive future, the use of device-specific forensics may face existential threats, as relevant forensic evidence of human conduct is displaced by real-time covert monitoring (surveillance). Data generated from electronic devices have already been granted special treatment in the Federal Rules of Evidence, and the future seems to be one in which data will be presumed to be accurate and reliable. Forensic analysis of the protocols used by devices within a 5G environment may be most valuable to challenge such data.
Don Wochna, Wochna Law Office
I am one of a few experienced litigators in the United States to have been certified as a Computer and Mobile Device Forensic Examiner and to have testified in federal and state courts. Beginning in 1999, I focused the Wochna Law Firm on criminal defense cases in which evidence is found on computers, cell phones, and/or networks. Leveraging my 37 years practicing law and my 20 years as a consulting and testifying digital forensic expert, I accept engagements from Criminal Defense attorneys and law firms in the United States looking to leverage a strategic insight into electronic evidence that can only be delivered by an attorney who is also an electronic evidence expert.
In 1983, I obtained my law degree from Law School, the University of Chicago where I first observed the need for simple and effective explanations of complicated technical concepts that underlie many criminal defense matters in the modern electronic society. I strive for explanations that are understood by attorneys, judges, clients, and jurors that do not have significant technical backgrounds. Contact me today to give your case the edge it needs.
3:30 PM to 4:30 PM
Deepfake Forensic Investigations
The global impact resulting from the distribution of doctored digital photographs, videos, and audio has reached an epidemic proportion. These digitally altered fakes are distributed through social media, news outlets, traditional web resources and are making their way into the mainstream media. The impact of these Deepfakes can dramatically change the way people think, act, react, believe, and can ultimately cause harm. At the simplest level, they represent fraud.
During this presentation, I will convey real examples along with the resulting impacts that have already occurred.
Most importantly, I will demonstrate a new methodology rooted in the dark art of steganography that can actively identify these Deepfakes and even trace their origins back to their creators.
Chet Hosmer, Python Forensics
Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using the Python programming language. Chet has been researching and developing technology and training surrounding forensics, digital investigation and steganography for over two decades. He has made numerous appearances to discuss emerging cyber threats including National Public Radio’s Kojo Nnamdi show, ABC’s Primetime Thursday, NHK Japan, CrimeCrime TechTV
Chet is the author of five recent Elsevier/Syngress Books. Passive Python Network Mapping, Python Forensics, Integrating Python with Leading Computer Forensic Platforms, Data Hiding which is co/authored with Mike Raggo, and Executing Windows Command Line Investigation, which is co/authored with Joshua
Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and the latest active cyber defense methods and techniques. Chet is also an adjunct professor at Champlain College, where his research and teaching focus on applying the Python programming language to solve challenging problems in digital investigation and forensics.
4:30 PM to 5:30 PM
Tips & Tricks in Digital Forensics
Mike Menz, Green Dot Corp
Michael Menz is a long time professional in the field of digital forensics and investigations. With over two decades of experience in both law enforcement and corporate investigations. As a senior director of investigations, there is no limit to, the knowledge and expertise when it comes to digital forensics and eDiscovery. From fraud, theft, violent crimes, sexual harassment, cyber-related crimes, malware analysis, financial reporting irregularities, incident response, cyber intelligence collection, social media investigations, and response, as well as insider threat detection the variety of cases worked, attests to the skills and knowledge of Mr. Menz.
Kipp Loving retired after 31 years of law enforcement for three California agencies. He also worked as a Criminal Investigator for the Stanislaus County District Attorney’s Office. He has held many assignments, including Detectives, Auto Theft, SWAT, Impact Weapons Instructor and the Training Manager position for the Sacramento Valley Hi-Tech Crimes Task Force.
For the last twelve years of his career, Detective Loving was deputized as a U.S. Marshal and assigned to the FBI Cyber Crime ICAC Task Force & Sacramento Valley Hi-Tech Crimes Task Force, assisting agents with crimes related to the abuse of children. He has worked and assisted in a number of high profile cases involving technology. Among the most notable was the murder of California Highway Patrol Officer Earl H. Scott and the murder of Lacy Peterson and her unborn son, Conner.
Detective Loving regularly instructs for local, state and federal law enforcement on the topics of Cell Phone Evidence, Surveillance Equipment, Court Presentation of Hi-Tech Evidence, Onsite Search Tools and ID Theft. Detective Loving maintains a Hi-Tech Crime Training website (kloving.net) used by law enforcement around the world.
End of Event-Recordings will be made available by the following week.
September 22nd & 23rd 2020
8 AM to 5:30 PM Eastern Time
All sessions are recorded just in case you miss one.