In 2020, as workplaces and schools worldwide shut down to help control the spread of the novel coronavirus COVID-19, many professional conferences followed suit. Some promoted professional development via webinars; others kept a three- to five-day format, but went entirely online.
Others, however, did not — notably the Techno Security & Digital Investigations Conference, held annually in Myrtle Beach (South Carolina), Denver (Colorado), and San Diego (California). “There were so many events shifting formats that ‘virtual fatigue’ set in,” said Jennifer Salvadori, Techno Security Event Director.
She went on: “In speaking with our sponsors, they expressed that most virtual events provided little value. In addition, we wanted to be able to offer a full program of content, rather than a modified event just to check a box.”
In part, this was because of the conferences’ networking value. “One of the main strengths of the Techno events, particularly with the history of the Myrtle Beach flagship event over 21 years, has always been the networking,” Salvadori explained. “We felt the best service and value we could offer our sponsors and paid attendees was to hold off and move forward to a live, face-to-face event when it was safe to gather again.”
Renewing a live, in-person event for 2021
As the Myrtle Beach event gears up to take place in June, Salvadori described how pandemic response is driving decisions this year to move forward. “The ‘wait and see how things progress’ has been a challenge,” she said, across all aspects of planning: marketing, sales, operational, and logistical tasks and timelines.
That’s driven, in part, by local, state, federal, and even international progress with regard to the virus spread, vaccine rollout, and travel restrictions. “Each city and state that we are scheduled in for Techno this year presently has different safety guidelines,” said Salvadori.
“For example, the South Carolina governor lifted all mandates as of March 1 this year. Recognizing that although social distancing and other measures may be ‘recommended,’ ‘encouraged’ and ‘suggested,’ the lifting of bans allows us the flexibility to confidently move forward with our own Event Safety Guidelines in place.”
Salvadori said to that end, masks will be required at Techno Security, and local requirements in place at the time of the events will be followed. “Both the Marriott (Myrtle Beach) and Hilton (Denver and San Diego) properties have developed their own cleanliness and safety procedures,” Salvadori added, “and we communicate regularly with each for updates specific to their property.”
That isn’t to say that social distancing doesn’t make events challenging to balance. At the same time, said Salvadori: “As things open up, we are reminded that the Techno events are considered relatively small gatherings. Each property has been very creative and flexible, allowing us the option to utilize additional and/or outdoor space to adjust for our actual number of event participants as we get closer to the conferences.”
“Given the current outlook, we feel the decision to move forward starting with Myrtle Beach in June is appropriate,” said Salvadori, “given that a large portion of our participants are expected to be vaccinated as members of various [law enforcement] agencies, and the continued rollout of vaccines to other eligible groups.”
So what can attendees expect, especially newcomers? “There is really nothing out there like Techno – especially Myrtle Beach,” said Allison Dowd, Content Manager. “This year will be the 22nd edition of the flagship location and the quality of the education sessions, variety of tools and new technologies showcased by our sponsors continue to grow.
“Combine these learning opportunities with the incredible networking within the industry, and newcomers will quickly understand why we refer to our audience as the ‘Techno extended family,’” Dowd continued.
“Each year it is a reunion of brilliant minds and individuals that truly have a collective interest in helping to further each other’s experience and knowledge. When newcomers fully participate and engage at the event, they will come away with an assortment of contacts who they can call upon anytime to answer a question to solve a road block within their day-to-day job functions.”
What you’ll learn
A keynote address by Scott Augenbaum, a cybersecurity expert who built his expertise as an FBI agent specializing in cybercrime and computer intrusions, will kick off the conference. “Protecting Your Data in 2021” will focus on improving an organization’s security strategy without spending money. Augenbaum will describe how breaches happen even with security technology and incident response (IR) plans, as well as how to “stress test” an organizational IR plan.
In addition to labs from host sponsors Cellebrite and Magnet Forensics, four tracks will offer CPE credits in audit and risk management, information security, digital forensics, and investigations.
“As we strive to keep the content current and relevant, some of the most interesting topics this year focus on fake news and disinformation campaigns and diving into deepfake threats,” said Salvadori. “There are also several sessions that focus on a post-COVID world and highlight what security measures are needed with so many in the workforce going remote.”
Some of the topics include artificial intelligence, cloud forensics, the dark web, data breaches, insider threats, the internet of things, mobile forensics, OSINT, ransomware and many more. Our selected list focuses on digital forensics and investigations:
Digital forensics techniques
In addition to sessions on digital forensic report preparation, digital forensics using Kali Linux, and mobile malware, this track will include:
“Forensic Imaging — The Ins and Outs” will give attendees a detailed overview of forensic imaging, including the continued need for write protection devices and a brief look at some current forensic imaging software and hardware, as well as proper validation techniques.
“Mac Forensics — Intel vs Apple Silicon” will take a look at the latest security enhancements stemming from the introduction of Apple’s new proprietary processors, and what they mean for forensic examination.
“Remote Collections in Forensics (Tele-Imaging)” will explore various free and low-cost software/applications and methods used to conduct remote forensic collections of computers, based on their data, collection size, defensibility, risk, and time.
“Taking Chromebook Analysis to New Heights” will build from a 2019 Denver workshop that sought to understand Chromebook data acquisitions from device and cloud. This session will compare and contrast types of data that can be recovered from different data sources and locations.
“Using Wi-Fi to Develop Case Leads and Improve Intelligence” will describe how to find Wi-Fi enabled client devices, how Wi-Fi network geolocation information can be collected and used for additional intelligence and to supplement mobile forensics, and how to use free tools to leverage Wi-Fi signals, along with legal limits and ramifications.
Mobile device forensics
“Everything You Wanted to Know About Physical Acquisition but Were Never Told” will describe the methods that enable investigators to bypass screen locks on the latest devices, deal with full disk and file-based encryption, and find passcodes with the built-in brute force module.
“Forensic Analysis of Data Stored in SQLite” will explore how data is stored in SQLite and how to recover data from these databases. The presenter will discuss the basics of SQLite including WAL files and recovered data, look at freelist pages, BLOB content, as well as how to use SQLite Queries to present results and coordinate data from multiple tables.
“Mobile Device Emulation for Open Source Intelligence: Investigating Suspicious Apps and Sock Puppet Management” will introduce how mobile devices are emulated, methods to detect malicious mobile apps using mobile device emulators, and how to leverage the tactics used by malicious actors for the purpose of investigations and maintaining sock puppets.
“Mobile Forensics: Taking the Logic Out of Traditional Logical Collections” will demonstrate modern approaches to digital forensics that enable examiners to reduce backlog by achieving same-day results (often within hours) to extract more data from locked and encrypted mobile devices.
“The Cat and Mouse Game with iOS Forensics” will discuss the latest advances in iOS forensics — including checkm8, unc0ver and checkra1n jailbreaks, as well as advances in agent-based acquisition — along with the proper process of analyzing iDevices.
“The Good, Bad, Ugly in Jailbreaking iPhones” will share how easily you can access valuable file system and keychain evidence via checkm8, the unpatchable exploit.
“Using Call Detail Records and Geolocation Analysis to Solve Major Crimes” will cover homicide case studies involving Google locations and geofencing, social media, video surveillance, cell phone forensics, and call detail records from Verizon, T-Mobile, AT&T, and Sprint telecoms.
“UAS Security and Forensic Challenges: A Threat Modeling Approach” will discuss security risks from drones, as well as best practices for security assessment whether for emergency, safety, or rescue operations).
“UAV Forensics — A Deep Dive into All Aspects of Drone Forensic Analysis” will describe the analysis of a PixHawk powered UAV, its mobile app, and bespoke system from DJI, all with the goal in mind to place someone and/or something at a crime scene.
“Driving Investigations: Exploiting Vehicle Tech to Break the Law or Solve Crimes” will describe how to go beyond traditional vehicle forensics to solve auto theft, fraud and identity theft, stalking, trafficking and homicide.
“Tesla Cars: The Solved Case of a Dead eMMC Chip” will offer a case study of how to use a vehicle’s SD interface to obtain valuable data from a damaged or malfunctioning Tesla car eMMC chip.
“Capturing the Shot: Analysis of Apple & Google Photos” will provide attendees with an in-depth understanding of how images are captured and saved within Android, Apple, and cloud evidence sources.
“Forensic Analyses of Audio, Acoustic and Video Evidence” will discuss why all parties in civil or criminal litigation must at least be generally familiar with what can and can’t be done both forensically and legally with multimedia evidence.
“Video Evidence Pitfalls” will show why video playback alone might not answer all of an investigator’s (or jury’s) questions, owing to how different sources — CCTV, body-worn, social media, and cellphones — could affect how the video is played.
“Video Acquisition from Social Media and Cloud Data Sources” will discuss best practices and methodology for acquiring video from cloud-based security video systems like Ring Doorbells, Arlo, and Nest cameras as well as social platforms like Facebook, YouTube, Instagram, etc.
Cloud-based forensics and investigations
“Digital Forensics and Cloud Computing” will discuss the cloud’s role in digital forensics investigations, in particular how devices and information systems interact with each other; how people interact with devices, information, and systems; and ultimately, how investigators interact in a cloud environment.
“Forensics in the Cloud — Leveraging Azure Cognitive Services” will discuss the basics of moving digital forensics to the cloud, review the security and evidentiary considerations necessary to conduct investigations, and how to leverage facial recognition, object and optical character identification, and translation to improve investigative efficiency and cost savings.
“Corporate Data Exfiltration Covid Edition: How Do Large Entities Protect and React to Security Events When There is Not an Office” will cover how infosec and legal teams can design a proactive workflow to enforce remote security policies and other challenges.
“Investigations with Disparate Data Types: How Analysis with a Multitude of Data Types Requires Modern Technology and Workflows” will discuss the complexities associated with case strategies, discovery requests and criminal investigations.
“Leveraging Python Augmented with Yara Rules to Root Out Advanced Persistent Threats” will walk through the process of creating advanced Python-script-driven Yara rules to uncover advanced persistent threats embedded in files or memory, or transported through the Internet.
“Slacking on Insider Threats? Investigative and Monitoring Approaches to Use within Slack to Locate Bad Actors” will discuss the kinds of communication and file transfers taking place within Slack, why it can be crucial to corporate investigations, and the need for proactive investigative approaches to Slack.
Digital forensics and information security
“Deep Packet Inspection (DPI) -How it’s used in Government, Business, Hacking, and Prevention” will describe the necessity of deep packet inspection in preventing worms, spyware, and viruses from infiltrating a corporate or government network via laptops.
A “Cyber Resilience Workshop” will offer an overview of the 10 domains of cyber security and introduce the no-cost Department of Homeland Security (DHS)’s Cyber Resilience Program services, including how to incorporate it into operational environments to assist in achieving security goals.
“Active Directory Security: Assess, Monitor, Alert, Detect” will guide attendees through the process to secure a corporate Active Directory and provide real-time detection and notification of attacks.
“Automating the Human Elements of Cybersecurity” will share how through automation, many of the risks caused by humans — including phishing, social engineering, and password hygiene — can be mitigated or eliminated.
The “Cyber-Espionage Report — Out of the Shadows, Into the Digital Crosshairs” will discuss seven years of Verizon Cyber-Espionage Report data, identifying the frameworks and tools needed to help improve capabilities to better prevent, mitigate, detect, and respond to advanced cyber-espionage attacks.
“Extending the Root-Cause Analysis Phase of Incident Response by Exploring End-User Decision Making” will explore the need to extend root cause analysis to include end-user behavior, understand the role stress plays on end-user decision making, and include decision analysis to impact the identification and implementation of preventive controls.
“Persistence Techniques of Today’s Most Advanced Threat Actors” will introduce attendees to the general steps of a compromise and then to specific persistence techniques and more advanced exploitation steps, such as, evading defenses, establishing C&C, and creating exfiltration channels.
“Legal Qualifications of a Testifying Digital Forensics Expert Witness” will describe jurisdictional requirements to testify as an expert witness, as well as how expert witness legal qualifications continue to evolve as technology advances.
“Preservation & Spoliation of Virtual Meeting & Ephemeral Messages” will focus on when the content of ephemeral (disappearing) communications might be subject to an obligation to retain or a duty to preserve for litigation, and the possibility of sanctions.
“The Legal Landscape for Digital Evidence – Recent Court Decisions and Their Implications Going Forward” will cover border searches of electronic devices, compelled decryption, network investigative technique warrants, and geofence warrants as well as Constitutional implications.