The annual International High Technology Crime Investigators Association Conference is back this year, this time at the Hard Rock Hotel in Atlantic City, New Jersey. The hybrid event will feature a fully virtual first day, followed by three days of in-person talks which will also be streamed from the main stage at the event.
The talks will offer a wide array of topics on digital forensics and investigations, including vendor showcases, an exhibit hall that will be both in person and virtual, and giveaways. Sessions will be available on demand for 60 days following the conference and are eligible for points towards certification from the National White Collar Crime Center (NW3C).
A newer feature at this year’s conference is student-oriented content. A new, ad hoc Academic Student Outreach Subcommittee is working, said conference spokesperson Jessica Hyde, on finding ways to increase student involvement.
The subcommittee will be meeting on Friday, September 30th to brainstorm ideas for further engagement. In the meantime, said Hyde, student-submitted “Chalk Talks” will be on the agenda. Developed by students with the assistance of mentors, this year’s Chalk Talks include:
- “Taking the Expert out of Forensic Expert”
- “Date and Time Artifacts”
- “An Investigation on Data Validity of Vulnerable Higher Education Services”
Here’s a sampler of what else to expect for digital forensics content from the HTCIA International Conference:
On Tuesday, Major General (Ret.) David Lacquement, now serving as Arete’s Senior Vice President for Government Relations and Operational Intelligence Sharing, will deliver “Sword and Shield: A Cyber Warrior’s Perspective from the Trenches of Government and the Private Sector.”
The following day, Dragos, Inc.’s Lesley Carhart will offer “The Unexplored Continent of Industrial Forensics,” drawing on experience as Dragos’ director of incident response for North America, incident response team lead at Motorola Solutions, and other distinguished roles.
Amped Software’s Blaine Davison will present “Video Evidence: Why there is more to it than “just pressing play.” Find out how Amped Software solutions address reliability and admissibility challenges by utilizing a ‘Camera to Court’ science-based workflow from conversion through interpretation, restoration, enhancement, analysis, and presentation.
“Digital Evidence from Social Networking Sites & Smartphone Apps” will be the topic of a talk by Digital Mountain’s Julie Lewis. She’ll walk through preservation and collection best practices when it comes to desktop, mobile device, and cloud based evidence, as well as emoji and avatar apps.
A virtual panel on mobile forensics, featuring experts Alexis Brignoni, Geraldine Blay, Josh Hickman, and Kevin Pagano will kick off the conference. Additional virtual sessions will include “Digital Investigations with OSForensics,” and talks on OSINT investigations.
Artifacts and authentication
Cellebrite’s Heather Mahalik will talk about “FAKE News: Don’t believe what you see until you validate it.” She’ll offer case scenarios featuring misleading artifacts, showing attendees how to test their hypothesis on how the artifacts came to be and what it might mean for the truth of a case.
Artifacts will also be the topic of “Uncovering the Artifact – Where it came from and why it’s useful.” ADF Solutions’ Richard Frawley will focus on what attendees might discover during the triage process, covering user accounts, USB history, user logins, recent files, web history and downloads, and other artifacts, along with where they come from and why they’re important.
Later in the conference, Frawley will also talk about “Documenting Digital Evidence with Screenshots” when acquiring application or device-specific data. Best practices, including chain of custody and when to use screenshots, will be covered for beginner-level attendees from investigators to prosecutors.
Special Master Daniel Garrie will talk about “Understanding Authentication of Physical and Digital Items Redefined with Immutable Blockchain Technology,” focusing on the chain of custody of evidence located on the blockchain and in particular, relevant case law.
In “Where did this come from???? Revealing the sending phone number of an unidentified AirDrop file,” Brandon Epstein and Benjamin Klein, both law enforcement investigators, will describe a novel method to identify the phone number of an AirDrop sending device using logs found on the receiving device – a critical method for investigators of “cyber flashing” or other threatening acts.
Later in the conference, Epstein will also co-present alongside Medex Forensics’ Bertram Lyons in “Digital forensics for video files: Identifying the source of unknown video files and new approaches to authentication.”
Arctic Wolf Labs’ Jesse Spangenberger will talk about “The Signal: Investigations into Metadata to Catch Villains,” relying on DC Comics’ Duke Thomas – “The Signal” – to demonstrate how metadata helps in investigations.
Magnet Forensics’ Kim Bradley will present “Merging into the Fast Lane with Vehicle and Mobile Data,” a discussion of correlation between mobile and vehicle data, timeline development based on event and geolocation data, and other artifacts.
Monolith Forensics’ Matt Danner will present “Collection and Analysis of Network Traffic from Mobile Apps and Websites,” looking at the tools and techniques used to capture and evaluate HTTP traffic sent and received by both web and mobile applications.
Oxygen Forensics’ Dan Dollarhide will present “When the Phone is All You Have,” covering multiple methods for examiners who need to break encryption on a mobile device to get to important evidence. Later in the conference, Dollarhide will follow up with “When the Phone Just Isn’t Cutting It,” about how to obtain critical evidence from computer and cloud accounts.
Raven Works LLC’s Robert Schmicker will answer the question: “How Many Android Phones Does it Take to Fly a Drone?” Focusing on DJI unmanned aerial systems, Schmicker will cover accessing, parsing, and examining modern DJI drone data, as well as how to evaluate forensic results using both open source and advanced tooling.
Big data and the cloud
Not only at DFRWS-APAC, but also here at HTCIA, will be “Hansken: How to Handle Big Data in Digital Forensic Investigations.” Community manager Kristien Siemons, of the Netherlands Forensic Institute, will walk attendees through this “digital forensics as a service” platform and collaboration tool, including its benefits and an opportunity to participate.
In “Crime Scenes to Courtroom – Processing, Investigating and Presenting Digital Evidence From All Sources To Show The Big Picture In A Holistic View,” Nuix’s Robert O’Leary will also discuss big data challenges from network shares, cloud storage, and the internet of things, and the workflows that can manage it all effectively.
Exterro’s Justin Tolman will present “Forensic Investigations in Zero Trust Environments,” describing what “zero trust” means, obstacles to corporate forensic examiners, and potential solutions to these problems.
Tolman will additionally, later in the conference, discuss ““Forensic Review In the Cloud,” in which he’ll describe how cloud environments can improve the efficiency of both law enforcement and corporate investigations.
Attorney Thomas Yohannan will discuss “Performing Digital Investigations in the Cloud,” a focus on remote forensic collections from an on-premise device to a cloud platform such as Microsoft’s Azure or Amazon Web Services. He’ll cover tasks to be performed in each environment, along with legal or security challenges associated with these investigations.
Machine learning and artificial intelligence
The “Application of Machine Learning and Artificial Intelligence in Digital Forensics” will be the subject of a talk by Krešimir Hausknecht, head of digital forensics at INsig2. His talk will add to existing thought on the topic by going beyond marketing to highlight how digital forensic software continues to advance through the use of these technologies.
“Applying Machine Learning to Challenging Digital Forensics Problems” will additionally be the subject of a talk by Chester Hosmer, Assistant Professor of Practice at the University of Arizona. Relying on Python libraries, Hosmer will talk about – and demonstrate – the application of machine learning to real digital forensics challenges.
“Trickle Down Effect” will see Kroll Cyber’s Devon Ackerman walking the audience through threat actor tactics, in particular how those of skilled groups deploying advanced persistent threats have “trickled down” to organized crime groups deploying them for mass scale executions.
In “Investigation of Cyber Attacks Leveraging ‘False Flags,’” Resecurity, Inc.’s Christian Lees and Selene Giupponi will follow Ackerman’s talk with a description of how APT groups and other advanced cybercriminals seek to prevent attribution research and analysis. Based on past incidents, they’ll discuss what false flags are in this context; tactics, techniques, and procedures; artifacts; and geopolitical elements that may influence these types of operations.
INsig2’s Savina Gruičić will add to this discussion with “What are the modern methods of attack and how to fight against them using the role based approach in digital forensic education,” an overview of specialized fields within digital forensics, including recommended training courses for each role.
For more information, including a full agenda and to register, visit https://www.htciaconference.org/