From the 22nd to the 25th of May 2017, Forensic Focus will be attending Enfuse (formerly known as CEIC) in Las Vegas, Nevada, USA. If there are any topics you’d particularly like us to cover, or any speakers you think we should interview, please let us know in the comments.
Below is an overview of the speakers and subjects that will be featured at Enfuse.
There are several tracks running throughout the conference, including Cybersecurity, Incident Response, Data Governance, eDiscovery, and Basic & Advanced tracks in Conducting Digital Forensic Investigations.
Monday May 22nd
The conference will begin with two sessions for first-time attendees, led by Daniel Smith from Guidance Software. There will then be a welcome reception in the evening.
Tuesday May 23rd
The day will begin at 8:00am, with opening sessions running across all the tracks. Matt McFadden from Guidance will discuss the importance of investigative skill in digital forensic investigations, including a look at how EnCase Forensic 8 can help with raw keyword searching, timeline analysis, bookmarking and more.
Jonathan Rajewski of Champlain College will talk about Internet of Things forensics, with examples from civil and criminal cases.
Ransomware has been in the news a lot lately, and at Enfuse Nick Hyatt from Optiv will give an overview of ransomware for people who are not engineers, stressing the importance of being able to understand what ransomware is and what it does, as well as take-aways that will help your less technical colleagues.
At 9:15 Patrick Dennis, CEO of Guidance Software, will give the opening keynote, and after that the day will once again split into tracks.
Jarrett Kolthoff from SpearTip will talk about accountability and culpability in digital forensics, particularly in instances where an investigator must report to the board of a company. Gerard Johansen will talk about operational security; and there will be two sessions specifically about EnCase, with Lance Mueller demonstrating how to write EnScripts, and Jeremy LeRoy talking about EnCase security fundamentals.
Matt McCartney from Ernst & Young will discuss how to manage large-scale discovery cases, and Ronen Engler from Cellebrite will give a primer on Android forensics.
There will also be a discussion between Guidance Software and SC Magazine regarding the GDPR and the future of sensitive data – a hot topic in today’s world!
Following a break for lunch, Scott Gibbs from Direct Data Discovery will demonstrate how to deal with degraded data in forensic investigations, while in the cybersecurity and incident response streams there will be talks about cyber attacks in banking and ecommerce, as well as a guide to creating an incident response plan.
Brian Chase from Chase Technology will talk about working with lawyers, and Brian Smith from Cellebrite will show a case study in which data are extracted from severely damaged mobile devices.
William Lederer from kCura will talk attendees through the dos and don’ts of evidence handling in forensic investigations; Stephen Windsor from Maddrix will demonstrate how to respond to targeted attacks; and Amber Schroader of Paraben will talk about connecting smartphones to the IoT, and how these connections can help and hinder investigations.
The intriguingly named ‘How To Eat The Elephant’ will be led by Scott Van Nice and will look at dealing with insider risk. James Habben from Verizon will look at the methodology of USB attacks and how to analyse them.
Doug Kaminski from kCura will show how RelativityOne and EnCase can work together on investigations. And Jessica Bair from Cisco Security will discuss how behavioural analysis can be used to identify new ransomware threats.
Following the afternoon break, Stephen Windsor from Maddrix will discuss how to respond to targeted attacks, while Michael Harrison from NTAC will look at password cracking with commercial and open source tools.
Jason Sachowski from Scotiabank will talk about how digital forensic readiness should be proactive rather than reactive, and how companies can begin to make that change.
For anyone who is looking to take their Certified Forensic Security Responder certifications soon, there are a couple of sessions throughout the day that will help you prepare.
Brian Smith from Cellebrite will run a session about advanced cell phone analysis, following which there will be a happy hour in the expo hall.
Wednesday May 24th
The opening panel discussion on Wednesday will talk about how almost every case in the news these days involves digital forensics to some extent, and how investigators can make digital forensics relevant even when it’s not necessarily at the heart of a case.
There will be various EnCase-specific sessions running on Wednesday morning, including a demonstration of how EITT can be used to perform an initial triage of an infected machine, as well as prep for EnCE and EnCEP.
Cindy Jenkins from the University of Washington will demontrate the dissection of ransomware, while Suzanne Widup from Verizon discusses the findings of the 2017 Data Breach Investigation Report.
Brian Smith will take to the stage again to discuss how to legally gather evidence from the cloud, while Greg Hoglund from Outlier Security will talk about machine reasoning and forensic automation, and a group of researchers will discuss the intersection of forensics and incident response.
The former CIO of the White House will give a keynote at 10.30am, after which there will be a break for lunch.
After lunch, speakers from LIFARS will discuss the first 24 hours after a security breach and what should be done. Julie Lewis from Digital Mountain will talk about digital evidence preservation from social media, and speakers from Guidance will give an overview of how to collect data from the cloud.
Forensic report writing will also be a subject of discussion on Wednesday afternoon, along with a session discussing due diligence concerning privacy and data security. Jake Williams from Rendition Infosec will talk about how to uncover malware in Windows 10, and Kathy Winger will help attendees to her session understand cybersecurity and breaches from the perspective of a business lawyer.
The final sessions of the day will focus on compromised web applications, passwords and encryption, Mac hardware triage, and full case automation. After this will be the SANS DFIR NetWars Tournament, in which an incident simulator will require people to learn new skills in a fun, interactive environment.
Thursday May 25th
The final day of the conference will begin with David Ellis from SecurityMetrics talking about why websites are still vulnerable. Suzanne Widup will demonstrate how to use EnScript to make your life easier; and Rajan Udeshi will demonstrate what’s new in EnCase 8.
Jerald Garner from NCUA will discuss how to report cyber and payments risks to the board; Lee Whitfield from Digital Discovery will demonstrate how timestamps on copied files can foil an investigation; and trainers from Guidance will be available to answer your questions.
The ever-popular ‘Tips and Tricks’ session is back this year, in which the Menz brothers and Kip Loving show some of the latest forensic techniques and how they can be applied to investigations.
The closing session will happen at 9.45 in the ballroom, however there will still be a few more talks following the closing session. These will focus mainly on the use of EnCase in investigations, and there will also be discussions of legal discovery on iPhones; the security threats posed by connection devices; and efficient decryption of electronic evidence.
Forensic Focus will be in attendance throughout the conference, and you can see the full programme and register here. If there are any topics you would particularly like to see covered in-depth, or if there are any speakers you would like to see interviewed, please leave a comment below or email [email protected] with suggestions.