From the 31st of May to the 3rd of June 2015, Forensic Focus will be attending the Techno Security & Forensics Investigations Conference in Myrtle Beach, South Carolina. If there are any topics you’d specifically like us to cover, or any speakers you think we should interview, please let us know in the comments.
The conference is running in conjunction with Mobile Forensics World and will feature sessions led by over 75 industry experts, as well as two keynote speeches. Attendees are expected from 52 countries around the world, and the conference promises to be an enlightening series of training and networking events, relevant for professionals working in the digital forensics and computer security fields.
Below is an overview of the talks and events that will be taking place at TSFIC.
Saturday 31st May
Saturday’s programme kicks off with The State of the Hack, a presentation by Chris Pogue from Nuix, which will discuss the recent rise in media coverage of corporate data breaches. Attendees will hear details of attack patterns and security vulnerabilities, as well as case studies from Nuix’s Cyber Threat Analysis team.
Ronan Engler of Cellebrite will then describe a scenario illustrating how combining artifacts from mobile, operator and other data sources can improve investigations both in terms of overall quality and decreasing backlogs.
SSD drives will be the subject of the next discussion, with Belkasoft’s CEO Yuri Gubanov looking at SSD self-corrosion and how to recover evidence from TRIM-enabled SSD drives.
Later in the day, David Vargas of VATG will look at Tor forensics and conducting investigations on the Dark Web. A review of a couple of famous FBI takedowns will also be given, including the case of Dread Pirate Roberts. This will be followed by a discussion of whether Tor use can still be properly called ‘anonymous’, focusing on attempts by international governments and law enforcement agencies to de-anonymise its users.
White Badger Group’s CTO, Paul Williams, will take attendees through some real-world examples of hack attacks, describing how seemingly small errors of personnel or software can lead to alarming breaches of data. This will be followed by an exploration of mobile forensics, with a presentation of the Periodic Mobile Forensics system, a federally-funded research & development project by the MITRE foundation.
Nuix will take the stage again to look at browser history analysis and the challenges faced by investigators when attempting to link history across browsers and devices. An examination of the internal structure of an SSD drive will then be given by James Wiebe of CRU, followed by Oleg Davydov from Oxygen Forensics looking at the delicate balance between consumer data protection and investigation of encrypted messengers.
Towards the end of the afternoon, Jie Chen will present software from Nuix and NetClean that aims to help digital forensics practitioners who are investigating child protection cases, and Jad Saliba of Magnet Forensics will follow up with a discussion of anti-forensic methodology and how investigators can circumvent obfuscation techniques.
Michael Penhallurick of MD5 will close the first day with a look at the techniques and methodologies used in virtual forensic computing, including an analysis of the differences between investigations in the real and virtual worlds.
Monday 1st June
Monday’s sessions will begin with Lee Reiber from AccessData talking about today’s ‘digital battleground’ and how device proliferation and the challenge of big data can be addressed using advanced triage methods. Mari DeGrazia will then demonstrate how investigators can use artifacts from Google Analytics to build a comprehensive internet timeline of their cases.
Visual data analysis will be the next subject of discussion, addressing the need for digital forensic examiners and investigators to put together data in a way that is both forensically sound and visually accessible. The following two sessions will focus on volume shadow copies and audit structures, with the latter including examples of mission statement audits from the US Military and Fuji Photo Film.
Nuix will lead the following session, which will focus on detecting, and defending against, insider threats. James Wiebe will then present a demonstration of real-time remote logical imaging, which will be followed by a session examining the cyber risks of the dark net, including how to monitor and engage black market sites, disruption strategies by law enforcement, and a look at the strategic advantages of cybercriminals over the agencies who investigate them.
Amber Schroader, the CTO of Paraben Corp, will then discuss smartphone forensics, imparting several tips and tricks that can help digital forensic investigators to find quality data about a subject. Following Schroader’s session, Jeff Shackleford of the Arkansas Attorney General’s Office will talk about the budgetary challenges faced by forensic teams, particularly in government agencies, and will posit some solutions to ease the load.
Insider threats will once again be a subject of discussion, with Ryan Duquette from Magnet Forensics talking about IP theft and multi-party collusion. The next session will look at how modern teenagers use technology, with input from Roxanne Ellington-Speed about how the increasingly immersive use of technology by today’s adolescents is rewiring the brains of the next generation.
Shahaf Rozanski of Cellebrite will then review current methods of obtaining data from the cloud and social media, particularly with regard to mobile forensic investigations.
After lunch, Paul Williams will look at the evolving threat landscape, presenting a cyber intelligence forecast of upcoming hacker activity. A team from Celerity Consulting Group will discuss some of the current challenges of the digital forensics landscape, with a focus on solid state technology, social media services and the cloud.
Mobile network forensics will be the next presentation topic, exploring the plethora of new vulnerabilities that have been introduced by the increase in device proliferation and the ways in which approaches to mobile network forensics need to be revised.
John Bradley from SiQuest will continue the afternoon’s sessions with a discussion of how biometric facial recognition can be used as an early assessment tool in investigations of crimes against children. This will be followed by examinations of workarounds for Apple and Android encryption; iOS forensics; and responding to critical security incidents.
Ryan Lynn from Nuix will then teach attendees to “think like hackers”, discussing sniper forensics from the perspective of the people digital forensics examiners investigate. The remaining sessions will cover such diverse topics as decryption, the issues with modern Information Technology training programs, and how to augment your current digital forensics lab.
David Vargas will lead a session concerning the emerging cyber cold war, discussing the how the ambiguity and potential anonymity of the internet essentially gives everyday citizens the the same attack force as nation states. The concept of the “patriotic hacker” will be examined, with examples including the 2007 cyber attacks on Estonia, the Syrian Electronic Army’s activities, and online battles between Chinese and Filipino hackers.
Tuesday 2nd June
Tuesday will begin with a panel discussion reviewing trends in mobile forensics. Academia, industry and law enforcement will all be represented on the panel, giving a well-rounded mid-year review of the mobile forensics industry and the key challenges faced by practitioners.
The subject of collaboration, a frequent topic of discussion at many of this year’s conferences, comes up in TSFIC on Tuesday, with Nuix’s Troy Bettencourt discussing how to collaborate with subject matter experts during forensic investigations.
John Wilson of Trustpoint International will look at cross-border evidence collection, followed by a presentation about remote digital forensics tools and techniques from Matthew Shannon of F-Response.
The evolving nature of national security threats will again be a subject of discussion, with James Kates of Cognizant questioning whether the Security Operation Centres of today are built to handle modern threats to security. Triage and backlog reduction will also be discussed in the morning sessions, with a specific focus on backlogs in mobile device forensic examinations and simplifying investigations using compound cases.
Majid Hassan of CAPIT will begin the afternoon sessions with an examination of how forensic artifacts from smartphone apps can be used to gather intelligence in counter-terrorism cases.
Berla’s CEO, Ben LeMere, will discuss vehicle infotainment and telematics systems and the data that can be gleaned from these. Kevin Fealey of Aspect Security will demonstrate how tool automation can assist in investigations, providing real-time intelligence and freeing up security professionals to work on more in-depth tasks.
Taking inspiration from the Riley v. California ruling of 2014, Lee Papathanasiou from Cellebrite will look at the changing state of mobile forensics in terms of its legality, presenting a three-pronged approach to mobile evidence collection that allows for necessary gathering of data whilst keeping risks at a minimum.
The afternoon sessions will continue with Stuart Clarke from Nuix demonstrating how to extract evidence from a variety of log formats, including Microsoft IIS, Windows event logs and Apache web servers. The legal framework of US 4th Amendment requirements regarding search and seizure of digital evidence, with reference to mobile device forensics.
Tim Moniot will then bring the afternoon to a close with a discussion of triage and assessment of bulk evidence in child exploitation cases, looking at ways in which investigators can pare down the amount of evidence gathered into a manageable number of items.
Wednesday 3rd June
Wednesday will begin with a collaborative workshop from Haase & Haase and 4Discovery, demonstrating how investigators can build a digital footprint from disparate sets of data obtained from mobile devices.
Dark Voodoo’s three-hour session is next on the agenda, with an examination of the Internet of Things and the challenges this raises for forensic investigators, as well as an all-encompassing look at what technology changes in recent years mean for digital forensic practitioners. This will be followed by a panel discussion featuring representatives from Dark Voodoo, AccessData and CSFI, which will cover future requirements in the digital forensics field, including new sources of evidence, legal considerations and future means of data acquisition.
Ken Cutler will evaluate the prevalence of BYOD in corporations and the security risks this entails. A comprehensive mobile device audit program will be put forward, alongside a presentation regarding how to identify the electronic footprints of different device types.
The conference will draw to a close with a session from Kim Thomson of H-11, who will look at custom ways in which examiners can extract data from Android smartphones in a forensically sound manner.
Forensic Focus will be in attendance throughout the conference, and you can see the full programme here. If there are any topics you would particularly like to see covered in depth, or if there are any speakers you would like to see interviewed, please leave a comment below or email [email protected] with suggestions.