Where G33ks Gather

Abstracts & Bios

Virtual PFIC Portal
w
Network Virtually
Recordings Available

Until Dec 31st

PFIC 2022 Abstracts

Abstracts are listed in the order they show in the main agenda.

Malware & Ransomware Analysis Techniques (2 Hour Training)

This 2-hour training will walk you through an examination of a Windows 11 computer that has been compromised with ransomware. You’ll learn where to look for artifacts and how to use E3 to conduct the examination. 

Dave Shaver, DFIR Guru

Dave has been a digital forensic examiner since 1999 and works for the united states government.  

Cryptocurrency Ins and Outs (2 Hour Training)

With the increasing importance of privacy and security in today’s business world coupled with the advancement and acceptance of cryptocurrencies such as Bitcoin and Ethereum, today’s digital forensic professional is behind the proverbial power curve if they do not have a basic understanding of emerging blockchain, cryptocurrency, and digital asset technologies. During this session we will cover the following topics: Understand blockchain and transaction technologies; Examine raw data on blockchain ledgers; Research information about specific addresses and transactions; discuss exchanges; lastly talk about NFTs or blockchain-based digital assets.

John Wilson, Haystack ID

John Wilson is a highly motivated, strategic, results-oriented leader with over 20 years of experience in the information security and risk management field, focused on building strong Security Governance, Policies & Procedures, INFOSEC Teams, providing expert leadership, and assisting diverse organizations with developing and defining enterprise-level information security programs, which balance strong security practices with the needs of the business.
John provides expertise and expert witness services to help companies address various matters related to digital forensics and electronic discovery (eDiscovery), including leading investigations, and ensuring proper preservation of evidence items and chain of custody. He develops processes, creates workflows, leads implementation projects as well as GDPR data mapping services for clients, including major financial institutions, Fortune 100 companies, AmLaw 100 law firms as well as many other organizations small and large. In addition, he provides expert witness services and consulting in matters of all sizes. His work spans some of the largest litigations and matters on record in the United States and many of the 46 countries where he has worked on cases.

Digital Forensics Artifacts & Future

There is so much data just waiting to be found. In this session, a review of new artifacts that have come to light over the last year from computers, cloud, and smartphones. The future of your digital investigations lives with the artifacts and what can and cannot be recovered and processed.  

Amber Schroader, Paraben

Over the past three decades, Ms. Schroader has been a driving force for innovation in digital forensics. Ms. Schroader has developed numerous software programs, courses, and guides in the areas of recovering data from smartphones, computer hard drives, cloud, email, and gaming systems. Ms. Schroader established protocols for the seizure and processing of digital evidence that have been used by numerous organizations throughout the world. Ms. Schroader has coined the concept of the “360-degree approach to digital forensics” and “Forensics of Everything-FoE” with her focus on unique problems in digital evidence and solutions. Ms. Schroader has been a huge industry influence in pushing for a big-picture consideration of digital evidence. An accomplished design architect, curriculum developer, and instructor; Ms. Schroader has written and taught numerous classes for this specialized field as well as founded multiple certifications. Ms. Schroader continues to support her through book contributions and other industry speaking engagements.

A Consultative Approach to Forensics

Forensic data collections and examinations have become more complex.  Forensic practitioners now encounter many data sources, larger data volumes, and are frequently asked to perform targeted data collections, or analysis on multiple data sources.  Additionally, as we have shifted to a hybrid workforce, many processes are now performed remotely.  It has become increasingly important to communicate effectively with legal teams, data custodians, IT Teams, and business stakeholders that are involved in an investigation.  This session will discuss how to convey technical concepts and processes, address important issues such as data privacy and data sensitivity, and effectively present relevant findings from forensic analyses.

 

Robert B. Fried, Sandline Global

Robert B. Fried is a seasoned expert and industry thought-leader, with over twenty years of experience performing data collections and forensic investigations of electronic evidence. He is the Senior Vice President and Global Head of Sandline Global’s Forensics and Investigations practice. In this role, Robert leads the day-to-day operations of the practice, overseeing the forensic services offered to the firm’s clients, including data collections, forensic analysis, expert testimony, and forensic consultation. Previously, Robert held senior-level positions within the digital forensic practices at global professional services firms. Additionally, Robert was a Computer Crime Specialist at the National White Collar Crime Center (NW3C), where he developed and instructed computer forensic and investigative training courses for federal, state, and local law enforcement agencies. He attained a BS and MS in Forensic Science, and certificates in Law Enforcement Science, Computer Forensic Investigation, and Information Protection and Security from the University of New Haven. Robert serves on the Board of Advisors for the Masters in Investigations program at the University of New Haven. He holds and actively maintains the following industry certifications: Access Data Certified Examiner (ACE), Certified Forensic Computer Examiner (CFCE), EnCase Certified Examiner (EnCE), GIAC Certified Forensics Analyst (GCFA), Chainalysis Cryptocurrency Fundamentals Certification (CCFC), Chainalysis Reactor Certification (CRC), and C4 Certified Bitcoin Professional (CBP). Robert is a licensed Professional Investigator in Michigan and is a licensed Private Investigator in New York. He is a frequent speaker at industry events, has been a guest on industry podcasts, and has been published in several professional publications.  Robert is the author of Forensic Data Collections 2.0: The Guide for Defensible & Efficient Processes. Additionally, he is the author of PI Magazine’s CyberSleuthing Department, where he shares insightful content on topics relating to digital forensics, eDiscovery, data privacy, and cybersecurity.

Impactful Cybersecurity Tabletops

Tabletop exercises are a great tool to identify gaps and improve security posture. Sometimes mandated by regulations while other times directed by the board. They consume a lot of time and pull key people away from their daily jobs. Learn how to make them worth it and gain buy-in from other areas across the organization.

  1. Effective planning leading up to a tabletop exercise.
  2. Strategy for designing effective content to engage participants and push boundaries.
  3. Techniques to facilitate the exercise and maintain control to accomplish objectives

 

James Habben, AlixPartners

James has led victim organizations both large and small through the most devastating data breaches and uses this experience of more than 20 years to build prevention and resiliency with customers. James is laser-focused on quality and outcomes to ensure the overall success of cyber security programs.

On The Internet, No One Knows You’re a Sock Puppet

On The Internet, No One Knows You’re a Sock Puppet Have you ever seen an account that posts spam or seems to be an obviously fake account? They’re trying to sell you something, get you to click on a suspicious link, or maybe they’re commenting on the latest political situation. These accounts are the well-known side of sock puppet accounts—the type that sends out information. But what do you know about the accounts that are created to collect information? Sock puppet accounts are alternative accounts created on social media or online platforms and are incredibly useful for finding information for investigations and intelligence gathering. This session covers what sock puppet accounts are and why you should use them, addresses concerns about creating these accounts (legality, anonymity, etc.), and delivers a guide for creating a sock puppet account.

– What sock puppet accounts are and how you can use them

– Legality, anonymity, and other concerns of using sock puppet accounts

– Understand a process for setting up sock puppet accounts

 

Mariel Klosterman

Ms. Klosterman is an accomplished speaker, presenting at professional groups and conferences including Silicon Valley HTCIA, InfraGard South Dakota, NEbraskaCERT, OSMOSISCon, Day of Shecurity, and Rainbow Secure Cyber Symposium. She has appeared on podcasts such as PI Perspectives, Great Women in Fraud, and OSINT Cocktail. Ms. Klosterman is passionate about security and enjoys sharing her knowledge and skills. 

Zero trust and today’s modern networks

The presentation will introduce the concepts behind zero trust and today’s modern networks.  We will cover high-level concepts based on our own experience and challenges in implementing zero trust in our own environment.  As there are so many ways to implement the concept of the ‘zero trust’, the key takeaway is to assist the learner in recognizing and understanding the potential challenges to help facilitate and direct their investigations.

The learner should be able to:

1) Be able to define what a zero-trust network is…

2) …And understand why defining zero trust is difficult

3) Understand the basics of on-prem network segmentation, micro-segmentation as well as cloud and client isolation.

 

Chris Mellen, Ginkgo Bioworks

Chris is currently the Chief Information Security Officer of Ginkgo Bioworks, a biotech company headquartered in Boston, MA. He is a former U.S. Marine and White House cyber executive with more than 20 years of public-and-private-sector Information technology experience.

Chris’ background includes leading and managing IT and security teams including security operations, vulnerability management, and identity access management. His cyber career began while serving as Special Agent with NCIS while on active duty with the Marines. He also spent time as a computer crimes specialist with the National White Collar Crime Center (NW3C) providing cyber security and forensic training both nationally and internationally. Chris holds an M.S., from Boston University (Computer Information Systems) and a B.S., from Colorado Technical University (Criminal Justice). He also begrudgingly found the time to study and obtain his CISSP.

John Cottage, Ginkgo Bioworks

John is currently a Principle Security and Network engineer with Ginkgo and is considered an industry leader in Cisco network architecture and design. During John’s time at Ginkgo, first as a consultant and now as a full time Principle, he has been the primary architect to design and implement our zero-trust strategy. John’s 15 years of experience crosses multiple industries and practices working in the technology space. John currently holds his CISSP, CCNP Security, AWS Networking Specialty, FCC Amateur Radio License (K2PSU), and is currently in mortal combat with Cisco CCIE Security certification. In his spare time, he is the current National President of Triangle Fraternity (Triangle is the only men’s STEM fraternity experience, open to engineers, architects and scientists) and hot-wiring cars that belong in a junk yard to race at 24 hours of Lemons (Wheel to Wheel Racing for $500 Cars)

Security Mitigation for Ransomware Attacks

The session will start off with an example of what makes different industry verticals attractive targets for cybercriminals. The session will go beyond the standard ransomware attack cycle and common vectors of intrusion and focus more on how the extortion economy associated with ransomware has changed the way ransomware incidents are managed from the IR and forensic investigation perspective. In this part we will also highlight the TTPs commonly used by ransomware groups and how these have evolved over the last 3 years. We’ll then cover data related to the proliferation of ransomware, increases in demands and tactics for the same period.  The second half of the session will provide a broader overview of the ransomware landscape, underscoring the new approaches to responding to ransomware, including how proactive threat intelligence approaches can provide a new lens to protecting an organization as well as how it can enrich investigative data. We’ll wrap up the talk with a scenario based on a real ransomware attack that is interactive for the audience. This interactive scenario will simulate real decisions that need to be made during a ransomware response from all stakeholders involved including legal counsel, the response team, insurance, and the victim organization.

 

Marc Bleicher, Surefire Cyber, CTO 

Marc Bleicher is the Chief Technology Officer for Surefire Cyber, a leading cybersecurity consulting firm that offers an incident response, investigation services, and strategic advisory expertise to corporations, governments, major law firms, and insurance carriers. Marc has nearly two decades of experience as a cybersecurity professional specializing in digital forensics and incident response (DFIR), leading large slarge-scalecale complex investigations of cyber-related events. His primary focus for the last five years has been on helping clients respond to catastrophic business-impacting cyber events, where he applies knowledge of cybercrime, threat actor groups, computer systems, malware taxonomies, and threat intelligence to facilitate incident response. Prior to Surefire Cyber, Marc was the Managing Director and global practice lead for Arete Incident Response and before that a Senior Manager with Accenture Security’s Cyber Investigations Forensic Response (CIFR) team. He has been interviewed and featured in several publications including CNBC, Financial Times, and Security Magazine.

Amanda Fennell, CSO/CIO Relativity

Amanda joined the Relativity team in 2018 as CSO and her responsibilities expanded to include the role of CIO in 2021. In her role, Amanda is responsible for championing and directing security strategy in risk management and compliance practices as well as building and supporting Relativity’s information technology. She also hosts Relativity’s Security Sandbox podcast, which looks to explore and explain the unique links between non-security topics and the security realm. Relativity is passionate about its culture of security to ensure its data (and its customers’ and partners’ data) is secure.

Prior to joining Relativity, Amanda served as the global head of cyber response and digital forensics at Zurich Insurance Company. She also held several management and consulting positions at Symantec, Dell SecureWorks, Booz Allen Hamilton, and Guidance Software. Amanda received her Master’s in Forensic Science in the field of Digital Forensics: High-Technology Crime Investigation at the George Washington University.

Fun Facts

  • Specialized in human osteology in undergraduate archaeology studies
  • Made it through the infamous 50/50 white water rafting in Uganda
  • Collects special editions of books with the current prize being The Mayor of Casterbridge by Thomas Hardy

GPS forensics from the car dashboard

GPS Forensics is still part of our lives with them guiding us on our different paths. This presentation will go into the GPS devices in the dashboard and the use of write blockers to capture that information.  A review of the available artifacts and methods for capture will be discussed.

The Learning Objectives Are:

  1. Talk about the waypoints and the data that may come with them. 
  2. Talk about the need for write blockers, hardware, or software so the evidence is not changed
  3. Demonstrate a mapping program such as GPS Visualizer to map a trip by satellite view, road map, or hybrid view. 
  4. Discuss the difference between the American, Russian, Chinese, and Indian GPS systems

 

Eamon Doherty

Eamon Doherty Ph.D. CCE, CISSP, SSCP teaches Current Issues in Cyber Forensics and Computer Seizure and Examination for Fairleigh Dickinson University in New Jersey. He is also author of a text called, “Digital Forensics for Handheld Devices ” by CRC Press. https://www.taylorfrancis.com/books/mono/10.1201/b12664/digital-forensics-handheld-devices-eamon-doherty.  Dr. Doherty has also published numerous papers on teaching digital forensics and was an active member and once chair of the New Jersey Regional Homeland Security Technology Committee. Prior to working full time in education, he got his start in computers in the late 80s through the mid-90s working for Morris County Government, His job provided both on-site and technical support by phone to a wide variety of IT functions for the mainframe and PCs to over 30 municipalities as well as the county government.  

The Evidence Trifecta: Storage, Memory and Traffic

Watch as Keatron Evans does a live complex hack and data breach then launch into a hunt and incident response exercise to track down relevant evidence, artifacts, and Indicators of Compromise.

This is all no slides and live!

Keatron Evans, KM Cybersecurity

Keatron Evans is a cybersecurity and workforce development expert with over 17 years of experience in penetration testing, incident response and information security management for federal agencies and Fortune 500 organizations. He is Principal Security Researcher at Infosec Institute, where he empowers the human side of cybersecurity with cyber knowledge and skills to outsmart cybercrime. Keatron is an established researcher, instructor and speaker, as well as the lead author of the best selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He regularly speaks at industry events like Black Hat, OWASP, ISACA and RSA, and serves as a cybersecurity subject matter expert for major media outlets like CNN, Fox News, Information Security Magazine and more.

Keatron holds a Bachelor of Science in Business Information Systems and dozens of cybersecurity certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and Licensed Penetration Tester (LTP). When not teaching, speaking or managing his incident response business, KM Cyber Security LLC, Keatron enjoys practicing various martial arts styles, playing piano and bass guitar, and spending time with his family.

Applying Machine Learning to Challenging Digital Forensics Problems

Applying Machine Learning to Challenging Digital Forensics Problems Machine Learning offers great promise when applied to digital forensics. The question is how we can apply Machine Learning to digital forensics to: identify key evidence, uncover correlations, expose behaviors, categorize when/where/how, pinpoint aberrant activities, and even recognize anti-forensics techniques.

This is not a theoretical lecture, rather real examples of the application of Machine Learning applied to digital forensics challenges will be discussed and demonstrated. The demonstrations are based on the application of Python and key Python ML libraries. All examples will be provided to the attendees of the presentation.

What You’ll Learn:

  • What is Machine Learning and why is this important to the future of investigations?
  • What are supervised and unsupervised learning models
  • What roles does data science play?
  • Do you have to be a data scientist, computer scientist or have deep knowledge of statistics to leverage ML?
  • How can ML be applied to challenging digital investigation and incident response challenges?
  • What role do languages like Python play in the process?
  • What Python tools and technologies are available and how/when do they apply?
  • What other tools and technologies can be leveraged?
  • What are the Pros and Cons of ML and other AI technologies when applied to:
  • Digital Investigations
  • Incident Response
  • Open-Source Intelligence

What You’ll Learn:

  • What is Machine Learning and why is this important to the future of investigations?
  • What are supervised and unsupervised learning models
  • What roles does data science play?
  • Do you have to be a data scientist, computer scientist or have deep knowledge of statistics to leverage ML?
  • How can ML be applied to challenging digital investigation and incident response challenges?
  • What role do languages like Python play in the process?
  • What Python tools and technologies are available and how/when do they apply?
  • What other tools and technologies can be leveraged?
  • What are the Pros and Cons of ML and other AI technologies when applied to:
  • Digital Investigations
  • Incident Response
  • Open-Source Intelligence

Chet Hosmer, University of Arizona

Chet serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges.  Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages.

Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, forensics, PowerShell, and IoT.

MEDAL Tales: Advanced solutions when push-button mobile forensics won’t do

Advanced mobile solutions are needed to combat today’s security challenges that require more than just push-button mobile forensics. Methodologies must include more than a single tool approach to uncover the truth. The popularity and usage of encrypted messaging applications like WhatsApp, Signal, and Telegram have skyrocketed over the years making accessible and collection methods crucial to every investigation. Forensic professionals must think creatively about solutions if they are going to find the needle in the haystack. This presentation will cover real case information and methodologies used to gain access to data and results that were thought to be only obtainable by law enforcement.

Learning objectives

1)            What to do when your tool imaging is not enough

2)            Processing Signal data in the Private sector

3)            How the multi-pass approach plays an important role in data validation

 

Rene Novoa, Director of Forensics, HaystackID

Rene Novoa has more than 20 years of technology experience conducting data recovery, digital forensics, eDiscovery, and account management and sales activities. During this time, Rene has performed more than 180 investigations in both civil and criminal matters and has directly provided litigation support and forensic analysis for seven years. One example of his success is represented by his role at DriveSavers, where he grew the forensic practice by 65% during his first year of leadership. Additionally, Rene has worked with ICAC, HTCIA IACIS and other regional tasks forces supporting State Law Enforcement Division accounts and users in his most recent forensic leadership roles.

Full Story: leveraging the data between the documents–The evidence is not just in emails anymore

We live in the world of documents, reviews, and procedures, but with modern data infused with traditional eDiscovery processes, we see other data points necessary to completely tell the story. Join industry thought leaders as they discuss preferred ways to incorporate Slack, smartphones, social media, geolocation, and other modern data types into investigations and discovery.

  1. Leverage all relevant data to tell the story – Smartphones, applications, social media, geolocation, forensic artifacts, and more
  2. Modern data should be treated like data NOT documents for analysis (eDiscovery document review workflows)
  3. Case examples – White collar, Employment, IP Theft

Richard Clark, Sr. Director Sales Enablement and Strategy

Richard Clark has over 20 years in the legal industry with much of his career in legal technology. With the recent acquisition of ESI Analyst by CloudNine, Richard is the Sr. Director Sales Enablement and Strategy and works with corporations, law firms, and government agencies in managing the growing data types in investigation and discovery.

OSINT: the trends and takeaways

From traditional internet research to FINOsint (financial OSINT), the area of open source has grown, the followers and users have expanded, and the opportunities abound.  This session will highlight the industry use of open-source intelligence and applications that can be resourced from private investigators through corporate compliance, all the way to DOD.  Being on the cusp of a growing industry also requires the users to demonstrate the moral high ground in order to establish a code of ethics, Define the ‘SINTs… and the role each play for each industry or opportunity Decide when it’s legal, ethical or otherwise in a new industry, and setting a standard Examples of the future of OSINT in the financial hunt for fraud, terrorism, and opportunists Cynthia Hetherington, dog mom to Cayce and Ginger, works in a church, lives with fire, dances like no one is watching.  … and OSINT adventurer for 30 years.

Cynthia Hetherington, Hetherington Group

Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and has trained over 180,000 investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices.

For more than 25 years, Ms. Hetherington has led national and international investigations in corporate due diligence and fraud, personal asset recovery, and background checks. With a specialization in the financial, pharmaceutical, and telecommunications industries, her investigations have recovered millions of dollars in high profile corruption cases, assisting on the investigations of the top two Ponzi cases in United States history.

Ms. Hetherington provides expert commentary for national and international media outlets, including, the New York Times, Wall Street Journal, Irish Times, Washington Times, ABC News, and VoiceAmerica. Ms. Hetherington has presented at over 500 conferences across North America. In 2012, the Association of Certified Fraud Examiners named her the James Baker Speaker of the Year.

In 2015, Ms. Hetherington founded the OSMOSIS Institute, host of the annual OSMOSIS Conference. Hundreds of investigators across the nation attend to gain insights into Open Source Intelligence and receive training from the most recognized social media and open source trainers in North America.

Cynthia Navarro

Cynthia specializes in Social Media Investigations and recruiting digital forensics and cybersecurity professionals. Cynthia has her own business, Finnegan’s Way, prior to Digital Mountain, she worked over the last 30 years for various Silicon Valley companies including Palm-HP, Adobe Systems, as well as One-Red LLC. Cynthia has provided services for open source, IP licensing, fraud, business intelligence, project management, and brand protection investigations. She also provides training for law enforcement and corporate investigators. Cynthia received her Bachelor of Science in Criminal Justice from California State University Hayward. She has served as an officer numerous times with the High Technology Crime Investigation Association both locally and internationally, as well as is an active participant in the Association of Certified Fraud Examiners, Women in eDiscovery and Women in Security.

 

Exploring Current and Foreseeable Vulnerabilities Involving Electric Vehicle Charging Networks

Exploring Current and Foreseeable Vulnerabilities Involving Electric Vehicle Charging Networks Electric Vehicles have been growing in popularity over the last decade since the release of the Chevy Bolt in 2016. According to the center for sustainable energy, 2.4 million EVs have been sold in the US since 2010, and according to the US energy commission, EVs account for 3.4% of light-duty vehicles sold. Major US automakers anticipate 50% of new car sales to be EVs by 2030. As this shift in automotive technology and adoption occurs, so to must the infrastructure to support it.

Electric car manufacturers and consumers have prioritized how far their cars can take them, and how quickly they can be charged, glossing over the heavy implications to the nation’s critical grid infrastructure as more EVs enter the road and charging networks expand. Over 100,000 public EV charging ports currently exist in the US, representing 100,000 Internet of Things connected targets to be attacked and potentially exploited.

With mandates in place to create coast to coast charging stations to support the conversion of vehicles from gasoline to EV in the next decade, the threat to bringing the nation’s power grid to a halt is real and needs to be addressed sooner than later.

  1. Understanding cybersecurity threats to current EV charging infrastructure.
  2. Forecasting future vulnerabilities based on current and anticipated cybersecurity threats.
  3. Providing objectives and probable solutions to mitigate and, or lessen potential breach opportunities and current design flaws.

Cameron Cisneros, Student

My name is Cameron Cisneros and I am a student at Saddleback and Coastline Community Colleges.  I am pursuing a degree in Cybersecurity and have obtained CompTia Security+ and Linux+ certifications.  I’ve been working for a global Energy and Automotive company for 15 years and am now looking to transition into a Cybersecurity role.  I am excited about our research and this conference to learn about how new technologies can become more resilient to cyberattacks and analyze the forensics of these attacks. 

Zachary Wilson, Student

My name is Zachary Wilson, and I am a student at Saddleback College. I am excited to be a part of the PFIC conference. I enjoy actively learning about information security and cyber vulnerabilities, as well as sharing my knowledge with others. I am also an automotive industry enthusiast and am very interested in what is to come and how that will impact our everyday life.

Unny Menon, Student

My name is Unny Menon, I am a student at Saddleback College, as well as a Systems/Network Engineer. I am passionate about cybersecurity and exploring ideas on how to automate and patch cyber vulnerabilities.

Karla Soler, CyberClan

My name is Karla Soler, I am a Certified Fraud Examiner and I hold two Masters in Economic Crime Forensics and Cybersecurity from La Salle University. I am also an Associate Professor at Saddleback College’s Cyber Operations Degree Program and a Senior Digital Forensics Engineer with CyberClan. CyberClan is a cybersecurity firm, focusing on providing tailored incident response expertise and services. Our mission is to make the online world a safer and more secure place by delivering sophisticated cybersecurity solutions in a highly personalized — and human — way. This is a fun, collaborative educational experience and I am very proud to be presenting this research alongside my students. A special thank you to the Founder and President of CyberClan Richard D’souza, Professional Colleague DevOps Manager and automotive industry enthusiast Ian Yates and a handful of Saddleback’s Cyber Operation Student’s for their active collaboration in this research.

GEO-OSINT Situational Awareness of the Ukrainian War

Over the past 5 months we’ve analyzed Twitter posts geo-located as originating from locations within the Ukraine. Using a freely available API available for Live Twitter collection, we mapped the source location of the posts and collected images, video, emojis, and tweets. We then used this time and location data to perform chronolocation mappings of troop movements, tanks, damaged churches, and more. We then incorporated OSINT correlations to Facebook, Twitter, and Discord. In this session, we’ll explore the research and demonstrate the importance of GEO-OSINT data to emerging threats, people of interest, and situational awareness for not only wars, but natural disasters, events, outbreaks, and corporate geopolitical risks.

Mike Raggo, CEO & Co-Founder, SilentSignals, Inc. 

Michael T. Raggo has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books co-authored with Chet Hosmer, and is a contributing author to Information Security the Complete Reference 2nd Edition. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; is a former participating member of FSISAC/BITS and PCI Council, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

OSINT & Social Media Breadcrumbs (2 Hour Training)

Over the past year since our last presentation, we’ve performed GEO OSINT analysis of events to analyze the locations, chronology, behaviors, sentiment, and disinformation. The lack of metadata found in social media, can disrupt an investigation and therefore requires enhanced analysis to uncover altered images, geolocation breadcrumbs, sentiment, and more to build a chronology of events. In this session, we take a new and innovative way to map the locations of individuals and events. We’ll walk the audience through our analysis to help investigators bring further intelligence to their data acquisitions and drive deeper investigation into meaningful artifacts. A demo will also be included to highlight the methodologies used for the analysis.

Mike Raggo, CEO & Co-Founder, SilentSignals, Inc. 

Michael T. Raggo has over 20 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. His research has been highlighted on television’s CNN Tech, and numerous media publications including TIME, Forbes, Bloomberg, Dark Reading, TechCrunch, TechTarget, The Register, and countless others. Michael is the author of Mobile Data Loss: Threats & Countermeasures and Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books co-authored with Chet Hosmer, and is a contributing author to Information Security the Complete Reference 2nd Edition. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; is a former participating member of FSISAC/BITS and PCI Council, and is a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.

Chet Hosmer, Co-Founder, SilentSignals, Inc. 

Chet serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges.  Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages.

Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, forensics, PowerShell, and IoT.

Forensics Media Exploitation (2 Hour Training)

ArcPoint will deliver training on the fundamentals of digital forensics and transition into the overview and use of ATRIO. ArcPoint will highlight the key features and easy-to-use buttonology of ATRIO.

Daniel Taye, ArcPoint Forensics

Daniel Taye has over 10 years of experience in digital forensics and cyber incident response within the DoD space. He has supported numerous Intelligence Agencies and has deployed overseas in support of DoD operations. Currently, he is a Technical Researcher and Development Engineer with ArcPoint Forensics.

Cesar Quezada,ArcPoint Forensics
Cesar Quezada is an experienced technical professional with over 10 years of experience in digital forensics, military intelligence, and computer systems administration. He currently supports the DoD conducting forensic examinations and is currently a Cyber Operations Officer in the Virginia Army National Guard. He has achieved a Master’s Degree in Computer Forensics and numerous forensic and technical certifications.

Our 2022 Sponsors