The Marriott Resort at Grande Dunes in Myrtle Beach, South Carolina, USA will host the 23rd edition of the Techno Security & Digital Forensics Conference flagship event, May 9-12 – nearly one month sooner than its accustomed kickoff the Sunday after Memorial Day weekend in late May/early June.
In addition to being held a month earlier than in previous years, the event will also shift by a day and run on a Monday-Thursday day pattern.
Jennifer Salvadori, Techno Security’s event director, recognizes that the show’s timing among other industry events makes for a hectic spring travel schedule for many sponsors and attendees, and hopes that future dates can return to the more traditional time frame going forward.
“Regardless of the schedule changes, with international travel restrictions easing up and corporate travel bans being lifted, our registrations for this year in Myrtle are trending to meet or exceed the 2019 attendance,” said Salvadori.
With the Techno events shifting to a 2-per-year format on the East and West Coasts, show management reports an increased focus on growing the attendee base for both the California and Myrtle Beach events, with the goal for the West Coast event expanding its content and expo floor to mirror the flagship event beginning in 2023.
According to Salvadori, “We spent a great deal of time talking to the event stakeholders and reviewing years’ worth of survey results while events were suspended [during the pandemic], and it became clear that the industry preferred two larger events annually, rather than three smaller ones.“
Salvadori recommends registering and making travel plans for Techno “sooner rather than later,” as conference participants are eager to return fully to face to face events. The event hotel block is already near capacity, with nearby properties also filling up quickly.
Read on for an overview of what to expect for digital forensics content at the show. For the full program including information security, investigations, audit / risk management, and more, visit the Techno Security website.
The conference’s first keynote, “The Evolving Threat Landscape in 2022,” will take place Tuesday, May 10. Speaker Dr. Joye Purser, Regional Director at the Cybersecurity and Infrastructure Security Agency (CISA) Region 4, will explore how CISA is leveraging partnerships with the public and private sectors to reduce risk and improve cyber resiliency from attack.
The following day, Brett Shavers will keynote “It’s Not the Tool, But the Examiner That Does the Forensics, covering the intersection between digital forensic science and art: the humans behind the forensic tools. His talk will focus on “that extra percentage of skill needed to be the best examiner possible.”
Data Extraction & Analysis
The presentations under this heading reflect the way digital forensics has continued to evolve from computer, mobile and then cloud evidence to include additional subcategories of vehicles and video – but as well, how “traditional” digital forensics remains as relevant as ever.
Mobile Device and App Forensics
“The New Universal Way to Extract Data from Android Mobile Phones” will be offered Monday, May 9 by ACE Lab’s Alexander Leonenko, senior engineer and training instructor. He’ll cover a new way of getting access to locked and even encrypted mobile phones, the “Hard Key” method which is the result of research by his team.
Also on Monday, Belkasoft Forensic Sales Engineer Jared Luebbert will speak about “Encrypted Messenger Forensics (Signal, Wickr, Telegram, & More) on Mobile and Computer Platforms.” This talk will focus on advances in the decryption of these hard-to-crack applications for proper acquisition, analysis, and reporting.
Cellebrite’s Heather Mahalik, senior director of digital intelligence and Lockheed Martin’s Jared Barnhart, cyber software engineer will present “Building a Pattern of Life: Leveraging Location and Health Data” on Tuesday, May 10. What a device owner was doing in a given location can be as important as the location itself, and the talk will explore physical activity in particular.
The following day, “007: The Parallel World of Malicious Apps” will be the subject of a talk by Ronen Engler, Cellebrite’s senior manager of technology and innovation; Beth Lancaster, security analyst at Virginia Tech’s IT Security Office; and Sahil Dudani, PhD Student and Research Assistant, also of Virginia Tech. Using a real-world case study, they’ll focus on malicious apps – and the artifacts they leave behind – masquerading as parental control apps, harvesting data and tracking users from behind often disguised icons.
A presentation by Oxygen Forensics’ vice president of training, Keith Lockhart, will segue from mobile into cloud and computer forensics. “When the Phone Just Isn’t Cutting It,” offered Wednesday, May 11, is an intermediate-level session covering how computer and cloud account data – credentials, browser and chat data, geo-location, and file system artifacts and memory – can round out an investigative picture, especially when the phone isn’t available.
Tuesday, May 10 will see two talks on cloud forensics. In “Cloud Data: The Growing Digital Evidence”, Paraben Corporation’s Amber Schroader will discuss how the cloud stores data, what data can be captured, cloud keys, and both mobile and desktop cloud data capture methods, along with common cloud programs and platforms.
Later in the day, Jessica Hyde, owner / founder of Hexordia, will present “Forensics in the Cloud – Digital Forensic Examinations in Amazon Web Services, Azure, and Google Cloud Platform.” This intermediate-level session will cover two aspects of cloud forensics: both the forensic analysis of data in cloud storage, and the use of cloud infrastructure to scale, process, and conduct analysis.
Hyde will return Thursday with another cloud-oriented presentation, “Exploring the Data available from Google Takeout,” which will focus on what data can be obtained from Google Takeouts; how to acquire the data from Android devices, Chromebooks, the Chrome browser used across devices, Gmail, and more; and how to analyze that data.
Computer forensics remains as relevant as ever. To that end, three talks will cover different aspects of “dead box” forensics.
On Tuesday, John Day, senior manager of SUMURI’s software division, will talk about “Everything You Need to Know About Imaging Apple Silicon Macs.” New boot security measures and the removal of Target Disk Mode will be particular areas of focus in this presentation.
Also on Tuesday, Eugene Filipowicz, vice president of cyber risk at Kroll, will deliver a hands-on lab: “KAPE for Collections and Investigations,” which will cover the fundamentals of this free, non-commercial collection tool. Attendees will have the opportunity to “test drive” KAPE using predefined and creating custom targets, and process data via modules. Note: a Windows computer is required for this lab.
Thursday, Rob Attoe, CEO of training company Spyder Forensics, will discuss “Windows 11 Updates: What’s New in Windows OS Forensics,” in particular what’s new, old, and depreciated on this latest version of Windows. In addition to new operating system artifacts and file system changes, Attoe will cover local artifacts versus cloud-based data, the challenges of log file analysis, and virtualized app analysis.
Video is becoming more and more ingrained in traditional digital forensics, and three presentations reflect some of the biggest challenges in this field.
On Monday, “Can You Fool a Surveillance DVR?” will share research designed to attempt to modify digital video recorders (DVRs) to remove, swap, and even replace video with fake footage. Presenters Monica Segura-Bunch, Tim Bate, and Bart Wolczyk, all of DME Forensics, will seek to understand the plausibility of such “deepfake” attacks and potential tampering detection methods.
The same day, Amped Software’s Blake Sawyer will discuss “When You Need to Get it Right: Understanding Video Playback and Timing Data.” File creation, decoding and playback issues, video and frame timing, and their relationship to speed will all be covered with an eye toward helping attendees to understand common issues.
On Wednesday, Sawyer and Bate will join Brandon Epstein and Bertram Lyons, both of MedEx Forensics, for a panel on “Let’s Get Real… Realistic Expectations of Video Evidence.” Current capabilities and best approaches to acquisition, authentication, processing, and enhancement will seek to correct common misconceptions about this often crucial evidence.
Knowing how and when a vehicle generates digital data that could be useful for an investigation is the focus of “Vehicle Forensics: Applying Vehicle Data to Your Investigations.” Scheduled for Monday, this talk, delivered by Berla Corporation’s Ben LeMere, will focus on geolocation data, recorded events, and other data that can help reconstruct vehicle-related incidents – including who was involved.
The following day, Magnet Forensics’ Kim Bradley will offer “Driving on Data Street with Vehicle Forensics.” This session will review sources and analysis of data artifacts from vehicles and the digital devices connected to them.
AI & ML in Digital Forensics
On Monday May 9, “Artificial Intelligence: A Crucial Ingredient for Victim Identification in Child Sexual Abuse Investigations” will feature Semantics 21’s Claude Chibelushi, Director of Research and Development, speaking about how this technology is used to identify victims, manage data volumes, and even extract clues to find suspects and victims.
Monday will also see Chester Hosmer, Assistant Professor of Practice at the University of Arizona, discuss “Applying Machine Learning to Challenging Digital Forensics Problems.” A practical rather than theoretical approach, this talk will rely on the application of Python and key Python ML libraries to demonstrate how machine learning can identify key evidence, uncover correlations, expose behaviors, categorize when/where/how, pinpoint aberrant activities, and even recognize anti-forensics techniques.
On Thursday, Meg Coker, Consultant at ArnoldIT, will follow up with “AI/ML: The Surprising Impact of Smart Software on Law Enforcement Methods.” Workflows and standard operating procedures will be the main focus of this talk, which will also cover opportunities and challenges of using tools with this technology.
The Human Side: Wellness, and Expert Witness Testimony
Offering trial testimony about digital evidence may be a rare event, but that doesn’t make it impossible. On Monday, Exterro’s Dan Sumpter will talk about “Testifying as a Digital Forensics Examiner,” focusing in particular on reporting, public speaking, and explaining complex concepts to nontechnical audiences.
In Wednesday’s “Legal Qualifications of a Digital Forensics Expert Witness,” Herbert Joe, an attorney and forensic examiner, will focus on the U.S. Frye and Daubert rules for qualifying expert witnesses, along with different jurisdictional requirements and case law relevant to testifying about digital forensics.
Soft skills aren’t only valuable on the witness stand. “Don’t Leave Them Out: Wellness Solutions for Digital Forensics Investigators” on Wednesday will see Grayshift’s Debbie Garner discuss the development of wellness programs for sworn and non-sworn law enforcement personnel working on technology-facilitated crime.
Digital forensics intersects with incident response in analytical skills. In “Ghidra: Malware Analysis for the People,” Cyber Defense Solutions’ James Dodmead will overview and demonstrate Ghidra, the malware analysis tool which the US National Security Agency (NSA) recently made available free to the public in counterpoint to more expensive commercial tools.
Of course, malware is only one small aspect of cyber attack. On Wednesday, Magnet Forensics’ Steve Gemperle will present “ Debrief Takeaway from a Hacker – How to Make it Difficult for Cyber Attacks.” Based on insights from a federal suspect, the talk will provide a hacker’s perspective on security, as well as countermeasures to cyber attacks and a likely future for cybersecurity based on current trends.
Sometimes, attacks come from inside rather than outside. Tuesday, Nuix’s Hoke Smith and Robert O’Leary will discuss “Nuclear Family Meltdown: Insider Threat Detection and Investigation Through the Lens of a Current Case.” This overview of a real-world case will discuss the opportunities and challenges to detecting and investigating insider threats, including detecting suspicious printing, using cryptocurrency, communicating over secure webmail, and using a personal device.
Espionage isn’t limited to military secrets. Thursday, EY’s Daniel Gleisner and Kyle Heath will discuss “The Great Resignation: Preparing for Employee Departure and Protecting The Data That Matters.” Looking at current trends, the speakers will talk about a multi-layered proactive strategy to protecting company data, including frameworks for both employee departure and insider risk programs, and how technology and investigations fit.
Of course, not all insider threats are malicious. Thursday, Bob Gaines, Director at HKA, will offer “Approaches to Business Email Compromise Investigations.” Focusing on Microsoft Office 365 and Exchange, as well as Google Workspace email environments, the talk will cover methodology, data collection, data analysis and reporting.
Investigative Methods From Other Disciplines
Tuesday’s “Best of Both: Tracking New Trends and Best Practices from Special Operations and Law Enforcement” will see Detego’s Andrew Lister discuss options and methodologies used by law enforcement and military personnel to address present-day digital forensics challenges both in the field and in the lab.
On Thursday, Chester Hosmer will be back, taking the floor with SilentSignals’ Mike Raggo to present “OSINT Chronolocation Bread Crumbs.” Open source intelligence (OSINT) can provide valuable context for investigations, but needs to be authenticated through image and optical character recognition among other methods. This session will be an in-depth presentation of those methods and how they can be used to develop critical timelines around analyzed media.
Wednesday, Spyder Forensics’ Rob Attoe will also return, this time to offer “DarkWeb Fundamentals and Investigation Techniques.” Dark web access and usage will be discussed, along with use of the clear web – and host system artifacts – that can help to assemble clues about dark web user activity.
Find out more and register at https://www.technosecurity.us/mb!