The Techno Security and Digital Forensics Conference is back in San Diego for its fourth year and is set to be even more successful than previous years. Running Monday, October 10th through Wednesday, October 12th, Techno Security will feature talks from a broad range of experts in digital forensics, e-discovery, information security and related fields.
Conference organizer Jennifer Salvadori said the event is on track to boast record attendance, with the goal of growing the event to mirror the Techno East conference in size and format as early as next year. Registrations from international attendees are higher than anticipated now that COVID test restrictions for travel have been lifted.
The steady cadence of registrations is noteworthy at a time when staffing shortages and court backlogs affecting many government agencies and corporate teams have driven some to curtail their travel plans. At the same time, said Salvadori, people are eager to return to in-person networking and learning opportunities.
Here’s what to expect this year in Techno Security’s digital forensics track:
On Tuesday, October 11th, Mike Lettman, a cyber security advisor with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), will deliver the conference’s keynote address. “What Keeps Me Up at Night? The Merging of Cyber and Physical Security Threats” will describe how a cyber-attack can have physical effects and vice versa; current and emerging threats; and best practices on protecting data and environments.
Mobile and IoT forensics
Oxygen Forensics’ Dan Dollarhide will present “When the Phone Is All You Have” on Monday, October 10th, covering multiple methods for examiners who need to break encryption on a mobile device to get to important evidence.
Dollarhide will follow that talk in Tuesday’s “When the Phone Just Isn’t Cutting It,” about how to obtain critical evidence from computer and cloud accounts.
Encryption will also be the focus of “Encrypted Messenger Forensics (Signal, Wickr, Telegram, & More): on Mobile and Computer Platforms,” a Monday talk by Belkasoft’s Jared Luebbert. He’ll talk about decrypting these apps to perform forensic acquisition and analysis, as well as reporting.
On Tuesday, TransPerfect’s Jon Langton and Andrew Tappeto will focus on a very specific area of group messaging. “Irish Exits: An Examination of iOS Group Message Participant Departures” will close a purported gap in existing mobile parsing and reporting capabilities: the possibility that participant departures could mislead examiners or result in otherwise incomplete forensic examinations.
Grayshift’s Matt Fullerton will home in on the iOS KnowledgeC database in a law enforcement-only session on Tuesday. This talk will discuss the database’s location, the events it records, and how it can be used in conjunction with other mobile device data to paint a clearer picture of a case.
Finally, Cellebrite’s Heather Mahalik and Jared Barnhart will discuss “Building a Pattern of Life. Leveraging Location and Health Data” also on Tuesday. How physical movement correlates to health and locations will be the main topic of this talk.
Attendees interested in researching their own vacuum cleaner bots can learn how in Tuesday’s “Clean Forensics: Analyzing Network Traffic of Vacuum Bots.” There, Karan Dwivedi, a security engineering manager at Google, will describe step by step how to examine a vacuum bot’s processes as well as any vulnerabilities it may have.
Exterro’s Justin Tolman will present “Conducting Forensic Investigations in a Zero-Trust Environment” on Monday, October 10th. This best practices-oriented session will describe the challenges of a zero-trust environment and how to address them while maintaining the organization’s security posture.
On Wednesday, Matt Danner, founder of Monolith Forensics, will offer “Investigating Docker – The New Virtual Machine” in use by companies worldwide to deploy services within isolated Linux “containers.” Danner’s talk will discuss acquisition and analysis for these containers.
In Monday’s “When You Need to Get it Right: Understanding Video Playback, Interpolation, and Timing Data,” Amped Software’s Melissa Kimbrell will discuss common issues related to file creation, decoding and playback issues, video and frame timing, and their relationship to speed.
Also on Monday, Semantics 21’s Liam Owens will help attendees improve their workflow in “How to Leverage Best Practices and Automation to Put Victims First in Examinations of Child Sexual Abuse Material.”
On Tuesday, Sumuri’s John Day will discuss “Everything You Need to Know About Imaging Apple Silicon Macs,” addressing some of the challenges posed by the removal of Target Disk Mode as well as new limits on the creation of boot environments.
The following day, investigator Greg Tassone will cover “Bulk_Extractor – An Open-Source Tool for Memory Forensics” from servers and other computers.
Digital forensics online
The value of “Digital Evidence from Social Networking Sites & Smartphone Apps” will be the topic of a Tuesday talk by Digital Mountain’s Julie Lewis and Addison Bradley. With social networking said to be on track to replace email entirely, this talk will focus on the preservation and collection of social media evidence from computers, smart devices, and the cloud.
“Internet Browser Artifacts” more broadly will be the topic of a Tuesday talk by Digital Intelligence’s Charles Giglia, who will revisit common artifacts from common browsers including Google Chrome, Mozilla Firefox, and Microsoft Edge.
Turning to the dark side Tuesday will be Spyder Forensics’ Todd Shipley, who will go over “DarkWeb Fundamentals and Investigation Techniques.” The talk will discuss anonymization on darknets, deanonymization via the clear web, and trace evidence left behind on user computing systems.
On Wednesday, Digital Evidence Ventures’ Don Vilfer will talk about the “necessary evil” of court testimony in “What to Expect When You Are Expecting (to Testify).” Report writing, preparation, listening, and communication skills will all be covered in this talk.
These are just a sampling of the many topics and sponsor demos that will be available this year at Techno Security San Diego. Forensic Focus members who attend will receive a 10% discount on their registration. To access the discount, use the code FFOCUS22 at checkout.