Download - PFIC - Paraben's Forensic Innovations Conference
Download - PFIC - Paraben's Forensic Innovations Conference
Download - PFIC - Paraben's Forensic Innovations Conference
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Basel<br />
<strong>Innovations</strong> Track<br />
8:00 AM - 12:00 PM (Noon)<br />
MPE+ Bootcamp<br />
Presenter: Lee Reiber,<br />
AccessData<br />
1:00 PM - 5:00 PM<br />
ROOM CLOSED<br />
Saturday, November 3rd, 2012<br />
Interlaken<br />
<strong>Forensic</strong>s Track<br />
8:00 AM - 12:00 PM (Noon)<br />
Social Media &<br />
Internet Investigations<br />
Presenter: Nicole Bocra,<br />
Infi nity Investigative Solutions<br />
Lunch Break 12:00 PM - 1:00 PM (On Your Own)<br />
1:00 PM - 5:00 PM<br />
Cell Phone Tower Analysis<br />
Presenter: Glenn K. Bard,<br />
PATCtech<br />
Opening Social 7:00 PM - 10:00 PM<br />
(Casino Night) Sponsored by: Paraben Corporation<br />
St. Moritz<br />
Legal Track<br />
8:00 AM - 12:00 PM (Noon)<br />
eDiscovery Challenges for<br />
Civil & Criminal Cases<br />
Presenters: Josh Gilliland,<br />
Jessica Mederson, Aaron<br />
Crews, Magistrate<br />
Judge David Nuffer, Judge<br />
Matthew Sciarrino, & John<br />
Bargiel<br />
1:00 PM - 5:00 PM<br />
Deposition Bootcamp<br />
Presenters: Joshua Gilliland,<br />
Jessica Mederson, &<br />
Stephanie Sparks
Neuchatel<br />
Lab A Track<br />
8:00 AM - 12:00 PM (Noon)<br />
Apple <strong>Forensic</strong>s Bootcamp<br />
(Morning Session)<br />
Presenter: Don Brister,<br />
BlackBag Technologies, Inc.<br />
1:00 PM - 5:00 PM<br />
Apple <strong>Forensic</strong>s Bootcamp<br />
(Afternoon Session)<br />
Presenter: Don Brister,<br />
BlackBag Technologies, Inc.<br />
Saturday, November 3rd, 2012<br />
Geneve<br />
Lab B Track<br />
8:00 AM - 12:00 PM (Noon)<br />
Mobile <strong>Forensic</strong>s Basics<br />
Presenter: Amber Schroader,<br />
Paraben Corporation<br />
Lunch Break 12:00 PM - 1:00 PM (On Your Own)<br />
1:00 PM - 5:00 PM<br />
Data Exploitation <strong>Forensic</strong>s<br />
(Mobile to Machine)<br />
Presenter: Ryan Washington<br />
AR-<strong>Forensic</strong>s<br />
Uri<br />
Lab C Track<br />
8:00 AM - 12:00 PM (Noon)<br />
In-Depth Steganography:<br />
Examination, Detection, and<br />
Hidden Information<br />
Extraction<br />
Presenter: Chad Davis,<br />
BackBone Security<br />
1:00 PM - 5:00 PM<br />
In-Car Navigation System<br />
Exploitation Class<br />
Presenter: Ben Lemere,<br />
Berla Corp<br />
Opening Social 7:00 PM - 10:00 PM<br />
(Casino Night) Sponsored by: Paraben Corporation
Davos<br />
<strong>Innovations</strong> Track<br />
Sunday, November 4th, 2012<br />
8:00 AM - 9:00 AM<br />
Keynote Presentation: Cyber <strong>Forensic</strong>s in the Future | Room: Grindelwald<br />
Keynote Speaker: Greg Kipper, STG<br />
9:00 AM - 10:00 AM<br />
<strong>Forensic</strong> Analysis of Digital<br />
Photos<br />
Presenters: Vickie Rafter &<br />
Don Vilfer, Califorensics<br />
10:30 AM - 11:30 AM<br />
How to Get a Grant for Your<br />
Organization<br />
Presenter: Keith Gray,<br />
Gray Matters<br />
Breakfast with Sponsors 7:30 AM - 8:00 AM<br />
9:00 AM - 10:00 AM<br />
The Art to the Science-Quick<br />
<strong>Forensic</strong>s<br />
Presenter: Ryan Washington,<br />
AR-<strong>Forensic</strong>s<br />
Sponsor Break 10:00 AM - 10:30 PM<br />
10:30 AM - 11:30 AM<br />
Case Study: Antonio<br />
Cardenas -Distributor and<br />
Manufacturer of Child<br />
Pornography<br />
Presenter: Jeff Ross, FBI<br />
9:00 AM - 10:00 AM<br />
Discovery & Admissibility of<br />
Social Media<br />
Presenters: Stephanie Sparks,<br />
Judge Matthew Sciarrino<br />
10:00 AM - 11:30 AM<br />
Communication Protocols<br />
in eDiscovery and Internal<br />
Investigations<br />
Presenter: Albert Barsocchini<br />
Director of Strategic Consulting<br />
NightOwl DMS, Inc.<br />
Lunch Break 11:30 AM - 12:30 PM (Provided in Bernese Event Center)<br />
12:30 PM - 2:00 PM<br />
Exploiting mobile devices<br />
for profi t (iOS and Android)<br />
Presenter: Chet Hosmer, Allen<br />
Corporation/Wetstone<br />
2:00 PM - 3:30 PM<br />
Hiding Information on Hard<br />
Drives, in Ways your<br />
Standard <strong>Forensic</strong> Software<br />
will Never Find<br />
Presenter: James Wiebe,<br />
CRU DataPort<br />
4:00 PM - 5:30 PM<br />
Data Hiding and Steganography<br />
– An update on the<br />
latest innovations 2012<br />
Presenters: Chet Hosmer &<br />
Mike Raggo, Authors of Data<br />
Hiding<br />
Interlaken<br />
<strong>Forensic</strong>s Track<br />
12:30 PM - 2:00 PM<br />
Tips and Tricks For <strong>Forensic</strong>s<br />
and Investigations<br />
Presenter: Mike Menz, HP<br />
2:00 PM - 3:30 PM<br />
Visualization of Digital<br />
<strong>Forensic</strong>s Data<br />
Presenter: John J. Carney,<br />
Esq. Carney <strong>Forensic</strong>s<br />
Sponsor Break 3:30 PM - 4:00 PM<br />
4:00 PM - 5:30 PM<br />
Automating <strong>Forensic</strong><br />
Correlation via Open-Source<br />
Tools<br />
Presenter: Harlan Carvey,<br />
Applied Security, Inc<br />
St. Moritz<br />
Legal Track<br />
12:30 PM - 2:00 PM<br />
Social Media Challenges:<br />
Navigating Privacy “Beliefs”<br />
in a “Shared Communication”<br />
Environment<br />
Presenter: Donald Wochna,<br />
Vestige Ltd.<br />
2:00 PM - 3:30 PM<br />
Issuing Litigation Holds<br />
Presenter: Aaron Crews, Esq.<br />
4:00 PM - 5:30 PM<br />
<strong>Forensic</strong>s meets Records<br />
Management, Medical Device<br />
Manufacturers, and Lawyers: The<br />
Electronic Medical Record and the<br />
Need for <strong>Forensic</strong> Understanding<br />
of Health IT Systems<br />
Presenter: Donald Wochna,<br />
Vestige Ltd.<br />
Sponsor Social 6:00 PM - 7:30 PM (In Grand Matterhorn Ballroom)
Neuchatel<br />
Lab A Track<br />
9:00 AM - 10:00 AM<br />
Social Media Investigations<br />
Presenter: Nicole Bocra,<br />
Infi nity Investigative Solutions<br />
10:30 AM - 11:30 AM<br />
E-mail Evidence: Finding the<br />
Needle in the E-mail Haystack<br />
Presenter: Rob Schroader,<br />
Paraben Corporation<br />
12:30 PM - 2:00 PM<br />
Data carving and making<br />
sense of the unknown<br />
Presenter: Zeke Thackary,<br />
<strong>Forensic</strong>s Limited<br />
2:00 PM - 3:30 PM<br />
Identifying the Artifacts and<br />
Behavior of an Unknown<br />
Application<br />
Presenter: Michael Wilkinson,<br />
Champlain College<br />
4:00 PM - 5:30 PM<br />
iOS <strong>Forensic</strong>s & Top Five<br />
Artifacts<br />
Presenters: Don Brister,<br />
BlackBag Technologies<br />
Sunday, November 4th, 2012<br />
Geneve<br />
Lab B Track<br />
Breakfast with Sponsors 7:30 AM - 8:00 AM<br />
9:00 AM - 10:00 AM<br />
iPhone Backup Data Parsing<br />
Presenter: Glenn K. Bard,<br />
PATCtech<br />
Sponsor Break 10:00 AM - 10:30 PM<br />
10:30 AM - 11:30 AM<br />
Managing evidence in the<br />
Era of Big Data<br />
Presenter: John Bargiel, NUIX<br />
12:30 PM - 2:00 PM<br />
Memory Analysis & Malware<br />
Triage<br />
Presenter: Tomas Castrejon,<br />
Jeff Dye, & David Nardoni<br />
PWC<br />
2:00 PM - 3:30 PM<br />
The New Field of <strong>Forensic</strong><br />
Search<br />
Presenter: Natasha Lockhart,<br />
Vound<br />
Sponsor Break 3:30 PM - 4:00 PM<br />
Uri<br />
Lab C Track<br />
8:00 AM - 9:00 AM<br />
Keynote Presentation: Cyber <strong>Forensic</strong>s in the Future | Room: Grindelwald<br />
Keynote Speaker: Greg Kipper, STG<br />
9:00 AM - 10:00 AM<br />
Physical Imaging of Smart<br />
Devices<br />
Presenter: Amber Schroader,<br />
Paraben Corporation<br />
10:00 AM - 11:30 AM<br />
Modern Password Recovery<br />
Techniques<br />
Presenter: Christopher Currier,<br />
Passware & Sumuri<br />
Lunch Break 11:30 AM - 12:30 PM (Provided in Bernese Event Center)<br />
4:00 PM - 5:30 PM<br />
Log Analysis and<br />
Data Visualization<br />
Presenter: Tomas Castrejon,<br />
Jeff Dye, & David Nardoni<br />
PWC<br />
12:30 PM - 2:00 PM<br />
Introduction to<br />
GPS <strong>Forensic</strong>s<br />
Presenter: Ben Lemere,<br />
Berla Corp<br />
2:00 PM - 3:30 PM<br />
Stega-what? A Beginner’s<br />
Guide to Digital<br />
Steganography<br />
Presenter: Chad W Davis,<br />
BackBone Security<br />
4:00 PM - 5:30 PM<br />
Android <strong>Forensic</strong>s<br />
Presenter: James Eichbaum,<br />
MicroSystemation<br />
Sponsor Social 6:00 PM - 7:30 PM (In Grand Matterhorn Ballroom)
Davos<br />
<strong>Innovations</strong> Track<br />
8:00 AM - 9:00 AM<br />
User Activity Monitoring- how<br />
monitoring digital behavior is more<br />
and more important from a Investigation<br />
and <strong>Forensic</strong>s standpoint<br />
Nick Cavalancia, Spectorsoft<br />
9:00 AM - 10:00 AM<br />
Exploiting online classifi eds<br />
as a source for OSINT<br />
Presenter: Allen Atamer,<br />
LTAS Technologies<br />
10:30 AM - 11:30 AM<br />
Wireless Incident Response<br />
& <strong>Forensic</strong>s – Latest Techniques<br />
Presenter: Mike Raggo,<br />
MobileIron<br />
2:00 PM - 3:30 PM<br />
How Hackers Move<br />
Presenter: Patrick Stump,<br />
Roka Security LLC<br />
4:00 PM - 5:30 PM<br />
The very latest on Solid State<br />
Drives and forensic practice<br />
Presenter: James Wiebe,<br />
CRU DataPort<br />
Monday, November 5th, 2012<br />
Breakfast with Sponsors 7:30 AM - 8:00 AM<br />
8:00 AM - 9:00 AM<br />
Correct Evidence Collection,<br />
inc: Biological & DNA Processing<br />
from Digital Items<br />
Presenter: Dyer Bennett,<br />
SIRCHIE<br />
Interlaken<br />
<strong>Forensic</strong>s Track<br />
9:00 AM - 10:00 AM<br />
Digital <strong>Forensic</strong> Hardware<br />
Confi guration<br />
Presenter: Charles Giglia,<br />
Digital Intelligence, Inc.<br />
Sponsor Break 10:00 AM - 10:30 PM<br />
10:30 AM - 11:30 AM<br />
Geeks & Lawyers: You Can’t<br />
Handle the Truth<br />
Presenter: Joshua Gilliland,<br />
Esq.<br />
12:30 PM - 2:00 PM<br />
Intro to Windows 7 <strong>Forensic</strong><br />
Analysis<br />
Presenter: Harlan Carvey,<br />
Applied Security, Inc<br />
2:00 PM - 3:30 PM<br />
Comprehensive Network<br />
<strong>Forensic</strong>s<br />
Presenter: Jeff Atkinson,<br />
General Dynamics<br />
4:00 PM - 5:30 PM<br />
Electronic Location<br />
Evidence<br />
Presenter: Todd L Gabler,<br />
Rudiger Investigations<br />
<strong>PFIC</strong> After Dark 7:30 PM - 11:59 PM<br />
St. Moritz<br />
Legal Track<br />
8:00 AM - 9:00 AM<br />
In Review: Effectively<br />
Reviewing eDiscovery<br />
Presenter: Joshua Gilliland,<br />
Esq.<br />
9:00 AM - 10:00 AM<br />
Computer <strong>Forensic</strong>s in Civil<br />
Litigation & Testimony<br />
Presenter: Kevin Ripa,<br />
Computer Evidence Recovery,<br />
Inc.<br />
10:30 AM - 11:30 AM<br />
Digital <strong>Forensic</strong>s:<br />
A Defense Perspective<br />
Presenter: Brian K Ingram<br />
Lunch Break 11:30 AM - 12:30 PM (Provided in Bernese Event Center)<br />
12:30 PM - 2:00 PM<br />
Anti Anti-<strong>Forensic</strong>s<br />
Presenter: David Cowen,<br />
G-C Partners LLC<br />
Final Sponsor Break 3:30 PM - 4:00 PM<br />
12:30 PM - 2:00 PM<br />
Social media evidence a<br />
legal perspective<br />
Presenters: John J. Carney,<br />
Esq., Carney <strong>Forensic</strong>s<br />
2:00 PM - 3:30 PM<br />
Child Pornography Developments:<br />
Is federal law preempting<br />
state law; are computer<br />
forensic expert witnesses immune<br />
from civil suit for accessing contraband<br />
images with intent to view<br />
in federal or state actions—the<br />
lessons of Dean Boland Case<br />
Donald Wochna, Vestige Ltd.<br />
4:00 PM - 5:30 PM<br />
Preparing for Your Next Internal<br />
Investigation<br />
Presenter: Albert Barsocchini<br />
Director of Strategic Consulting<br />
NightOwl DMS, Inc.
Neuchatel<br />
Lab A Track<br />
8:00 AM - 9:00 AM<br />
Hard Drive <strong>Forensic</strong> Triage<br />
Using P2 Commander<br />
Presenter: Rob Schroader,<br />
Paraben Corporation<br />
9:00 AM - 10:00 AM<br />
Examinations on Virtual<br />
Machines<br />
Presenter: Chris Taylor,<br />
Cytech<br />
10:30 AM - 11:30 AM<br />
Social Media Investigations<br />
Presenter: Nicole Bocra,<br />
Infi nity Investigative Solutions &<br />
Paraben Corporation<br />
12:30 PM - 2:00 PM<br />
Practical Hard Drive Technology:<br />
How it really works<br />
Presenter: Christ Taylor,<br />
Cytech<br />
2:00 PM - 3:30 PM<br />
iOS <strong>Forensic</strong>s & Top Five<br />
Artifacts<br />
Presenter: Don Brister,<br />
BlackBag Technologies<br />
4:00 PM - 5:30 PM<br />
Data carving and making<br />
sense of the unknown<br />
Presenter: Zeke Thackary,<br />
<strong>Forensic</strong>s Limited<br />
Monday, November 5th, 2012<br />
Geneve<br />
Lab B Track<br />
Breakfast with Sponsors 7:30 AM - 8:00 AM<br />
8:00 AM - 9:00 AM<br />
Shadow <strong>Forensic</strong>s<br />
Presenter: Glenn K. Bard,<br />
PATCtech<br />
9:00 AM - 10:00 AM<br />
Digital Analysis Reporting<br />
Tool (DART)<br />
Presenter: Tom Eskridge,<br />
HTCI<br />
Sponsor Break 10:00 AM - 10:30 PM<br />
10:30 AM - 11:30 AM<br />
PALADIN in the fi eld for triage<br />
and previews<br />
Presenter: Christopher Currier,<br />
Passware & Sumuri<br />
12:30 PM - 2:00 PM<br />
In-Car Navigation System<br />
<strong>Forensic</strong>s<br />
Presenter: Ben Lemere,<br />
Berla Corp<br />
2:00 PM - 3:30 PM<br />
The New Field of <strong>Forensic</strong><br />
Search<br />
Presenter: Natasha Lockhart,<br />
Vound<br />
Final Sponsor Break 3:30 PM - 4:00 PM<br />
4:00 PM - 5:30 PM<br />
Digital <strong>Forensic</strong> Report<br />
Writing<br />
Presenter: Melia Kelley,<br />
First Advantage Litigation<br />
Consulting<br />
<strong>PFIC</strong> After Dark 7:30 PM - 11:59 PM<br />
Uri<br />
Lab C Track<br />
8:00 AM - 9:00 AM<br />
Windows Registry Analysis<br />
Presenters: Jon Hansen,<br />
H-11 Digital <strong>Forensic</strong>s<br />
9:00 AM - 10:00 AM<br />
Physical Imaging of Smart<br />
Devices<br />
Presenter: Amber Schroader,<br />
Paraben Corporation<br />
10:30 AM - 11:30 AM<br />
Start to Finish Mobile Acquisitions<br />
Using Paraben Tools<br />
Presenters: Amber Schroader,<br />
Paraben Corporation<br />
Lunch Break 11:30 AM - 12:30 PM (Provided in Bernese Event Center)<br />
12:30 PM - 2:00 PM<br />
Android <strong>Forensic</strong>s<br />
Presenter: James Eichbaum,<br />
MicroSystemation<br />
2:00 PM - 3:30 PM<br />
osTriage<br />
Presenter: Eric Zimmerman<br />
4:00 PM - 5:30 PM<br />
Development of Chip-off<br />
Procedures for Cellphones<br />
Presenter: William Matthews<br />
& Joan Runs Through, Southwest<br />
Regional Computer<br />
Crime Institute (SWRCCI)
Davos<br />
<strong>Innovations</strong> Track<br />
8:00 AM - 9:00 AM<br />
Timeline Analysis<br />
Presenter: Harlan Carvey,<br />
Applied Security, Inc<br />
9:00 AM - 10:00 AM<br />
Why The Bad Guys Win<br />
Presenter: Kevin Ripa,<br />
Computer Evidence Recovery,<br />
Inc.<br />
Tuesday, November 6th, 2012<br />
Interlaken<br />
<strong>Forensic</strong>s Track<br />
Breakfast (Served in Monterosa)<br />
8:00 AM - 9:00 AM<br />
Automating <strong>Forensic</strong> Pre-Processing<br />
Steps Using<br />
TAPEWORM<br />
Presenters: Michael Wilkinson,<br />
Champlain College<br />
9:00 AM - 10:00 AM<br />
<strong>Forensic</strong> Triage in a Modern<br />
Day TB Era<br />
Presenter: Zeke Thackary<br />
St. Moritz<br />
Legal Track<br />
8:00 AM - 9:00 AM<br />
The future of Digital <strong>Forensic</strong>s<br />
in Southern Africa<br />
Presenter: Alec Kaguru<br />
Chief Executive Offi cer<br />
ARS Digital <strong>Forensic</strong>s<br />
(Zimbabwe)<br />
9:00 AM - 10:00 AM<br />
Track Closed<br />
10:00 AM ~ 11:30 AM<br />
Panel of Experts: Open Discussion on the latest Issues & <strong>Innovations</strong><br />
Moderator: Greg Kipper, STG<br />
Panel Members: Patrick Stump, Tomas Castrejon, Chet Hosmer<br />
<strong>Conference</strong> End - 11:30 AM
Neuchatel<br />
Lab A Track<br />
8:00 AM - 9:00 AM<br />
E-mail Evidence: Finding the<br />
Needle in the E-mail Stack<br />
Presenter: Rob Schroader,<br />
Paraben Corporation<br />
9:00 AM - 10:00 AM<br />
Identifying the Artifacts and<br />
Behavior of an Unknown<br />
Application<br />
Presenters: Michael Wilkinson,<br />
Champlain College<br />
Tuesday, November 6th, 2012<br />
Geneve<br />
Lab B Track<br />
Breakfast (Served in Monterosa)<br />
8:00 AM - 9:00 AM<br />
iPhone Backup Data Parsing<br />
Presenter: Glenn K. Bard,<br />
PATCtech<br />
9:00 AM - 10:00 AM<br />
Managing Evidence in the<br />
Era of Big Data<br />
Presenter: James Kent,<br />
NUIX<br />
Uri<br />
Lab C Track<br />
8:00 AM - 9:00 AM<br />
Modern Password Recovery<br />
Techniques<br />
Presenter: Christopher Currier,<br />
Passware & Sumuri<br />
9:00 AM - 10:00 AM<br />
Windows Registry Analysis<br />
Presenter: Jon Hansen,<br />
H-11 Digital <strong>Forensic</strong>s<br />
10:00 AM ~ 11:30 AM<br />
Panel of Experts: Open Discussion on the latest Issues & <strong>Innovations</strong><br />
Moderator: Greg Kipper, STG<br />
Panel Members: Patrick Stump, Tomas Castrejon, Chet Hosmer<br />
<strong>Conference</strong> End - 11:30 AM
Morning Bootcamp Abstracts<br />
Saturday, November 3rd, 2012<br />
Time: Saturday, 8:00 AM – 12:00 PM<br />
Track: Bootcamp<br />
Room: Basel<br />
Presenter: Lee Reiber, AccessData<br />
Title: MPE+ Bootcamp<br />
MPE+ is a stand-alone mobile forensics software solution that is also available on a preconfi gured touchscreen<br />
tablet for on-scene mobile forensics triage. Mobile Phone Examiner Plus® integrates seamlessly with<br />
<strong>Forensic</strong> Toolkit® (FTK®) computer forensics software, allowing you correlate evidence from multiple mobile<br />
devices with evidence from multiple computers within a single interface. This bootcamp will go through the<br />
operation of this innovative mobile phone solution.<br />
Time: Saturday, 8:00 AM – 12:00 PM<br />
Track: Bootcamp<br />
Room: Interlaken<br />
Presenter: Nicole Bocra, Infi nity Investigative Solutions & Paraben Corporation<br />
Title: Social Media & Internet Investigations<br />
Valuable information is lurking throughout the web and fi nding the information can save you and your<br />
organization. Participants will be introduced to a wide variety of public records and social media websites to<br />
obtain information on individuals and the basic understanding they need to conduct cyber-based investigations.<br />
Special interest will be paid to the latest in social media sites and the information they hold.<br />
Time: Saturday, 8:00 AM – 12:00 PM<br />
Track: Bootcamp<br />
Room: St. Moritz<br />
Presenters: Josh Gilliland, Jessica Mederson, Charlie Kaupp, Aaron Crews, Magistrate Judge David Nuff er,<br />
Judge Matthew Sciarrino, & John Bargiel<br />
Title: eDiscovery Challenges for Civil & Criminal Cases<br />
eDiscovery Challenges is a four part series with eDiscovery attorneys, experts and Federal and State Court<br />
Judges. The fi rst session addresses the core elements of eDiscovery, focuses on the key terms, basic rules,<br />
case law overview and examples of discovery requests. The second session focuses on the technology used<br />
to search and review ESI. The third session is with eDiscovery attorneys putting the technology into practice.<br />
The fourth session is a panel with three judges, one Federal Magistrate Judge, one New York State Judge and<br />
one California State Court Judge, who will address the ESI issue they face from the bench.<br />
Time: Saturday, 8:00 AM – 12:00 PM<br />
Track: Bootcamp<br />
Room: Neuchatel<br />
Presenter: Don Brister, BlackBag Technologies, Inc.<br />
Title: Apple <strong>Forensic</strong>s Bootcamp (Morning Session)<br />
The apple has not fallen far from the tree with all the new innovations coming out of Apple and these devices<br />
are now becoming a regular occurrence in your investigation. This course will take you through a variety<br />
of iOS based devices and what you should do and the analysis process you should be following.
Time: Saturday, 8:00 AM – 12:00 PM<br />
Track: Bootcamp<br />
Room: Geneve<br />
Presenter: Amber Schroader, Paraben Corporation<br />
Title: Mobile <strong>Forensic</strong>s Basics<br />
This is an introductory course for beginners in the fi eld of mobile forensics. You will learn everything from<br />
seizure rules through practical examinations. The tools used in this course will help you gather both logical<br />
and physical images of common mobiles. This is a hands-on and lecture bootcamp.<br />
Time: Saturday, 8:00 AM – 12:00 PM<br />
Track: Bootcamp<br />
Room: Uri<br />
Presenter: Chad W. Davis , Backbone Security<br />
Title: In-Depth Steganography: Examination, Detection, and Hidden Information Extraction<br />
Digital steganography is an eff ective anti-forensics tool because steganalysis is not performed as a routine<br />
aspect of computer forensic examinations. Investigators and forensics examiners must be aware that criminals<br />
can easily use steganography to conceal their digital foot prints. This boot camp will provide information<br />
on methods used by criminals to conceal evidence of criminal activity in seemingly innocuous fi les as<br />
well as techniques to detect and extract the hidden evidence.<br />
Afternoon Bootcamp Abstracts<br />
Saturday, November 3rd, 2012<br />
Time: Saturday, 1:00 PM – 5:00 PM<br />
Track: Bootcamp<br />
Room: Interlaken<br />
Presenter: Glenn K. Bard, PATCtech<br />
Title: Cell Phone Tower Analysis Bootcamp<br />
In this bootcamp the attendee will be introduced to cellular records analysis and mapping. The discussion<br />
will include what is available from the Wireless service providers, such as Call / SMS / Data usage and tower<br />
locations for each, and much more. Then the group will discuss how to prepare the legal process required<br />
to obtain the information and how to understand the documents once they are received by investigators.<br />
The students will then be shown responses from various Wireless service providers including AT&T, Verizon<br />
Wireless and Sprint. Attendees will be shown how each WSP is diff erent and how their results may vary from<br />
other WSP’s. The class will end with a mapping demonstration of various actual cases, as well as tips and<br />
tricks on mapping.<br />
Time: Saturday, 1:00 PM – 5:00 PM<br />
Track: Bootcamp<br />
Room: St. Moritz<br />
Presenters: Joshua Gilliland, Jessica Mederson, Stephanie Sparks<br />
Title: Deposition Bootcamp<br />
The Deposition Bootcamp is a hands-on exercise where attendees will the essential requirements for deposing<br />
expert witnesses. After the short presentation, there will be a brief mock deposition for the attendees.<br />
The attorney attendees will be divided into small groups with an attorney coach. They will be given a mock<br />
expert report and develop questions for their Deponent. Each attorney will be able to conduct a short deposition<br />
and also defend a deposition.
Time: Saturday, 1:00 PM – 5:00 PM<br />
Track: Bootcamp<br />
Room: Neuchatel<br />
Presenters: Don Brister, BlackBag Technologies, Inc.<br />
Title: Apple <strong>Forensic</strong>s Bootcamp (Afternoon Session)<br />
Please Note: This is a repeat class of the morning session.<br />
The apple has not fallen far from the tree with all the new innovations coming out of Apple and these devices<br />
are now becoming a regular occurrence in your investigation. This course will take you through a variety<br />
of iOS based devices and what you should do and the analysis process you should be following.<br />
Time: Saturday, 1:00 PM – 5:00 PM<br />
Track: Bootcamp<br />
Room: Uri<br />
Presenters: Ben Lemere, Berla Corp<br />
Title: In-Car Navigation System Exploitation Class<br />
Worldwide sales of vehicles with advanced features, such as in-car navigation systems, are predicted to jump<br />
from 9.5 million to 56 million in the next fi ve years. Vehicles are no longer just a method of transportation<br />
but have become complete entertainment and communications hubs fully integrated into everyday digital<br />
life.<br />
Vehicles collect and store a vast amount of user related data such as recent destinations, favorite locations,<br />
call logs, contact lists, SMS messages, pictures, videos, and a history of everywhere the vehicle has been. This<br />
presentation will cover the diff erent in-car systems where user data is located, and focus on how to acquire<br />
and analyze the data.<br />
Keynote Address<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 8:00 AM – 9:00 AM<br />
Track: Keynote<br />
Room: Grindelwald<br />
Presenter: Greg Kipper, STG<br />
Title: Cyber <strong>Forensic</strong>s in the Future<br />
In barely more than a decade, digital forensics has evolved from a niche market to a highly diverse and specialized<br />
industry that touches almost every corner of information technology. As our digital technology continues<br />
to become indispensable infrastructure we as practitioners fi nd ourselves facing new challenges with<br />
new types of devices and storage, social networks, big data as well as all the regular challenges we continually<br />
face with fi le systems, mobiles and eDiscovery. But while we cannot predict the future, there are patterns<br />
we can follow...if we know where to look. These patterns are technological, social, political and economic<br />
-- and they off er valuable clues. This keynote will outline these patterns and highlight the current trends of<br />
today and show you what they mean, where we’re going, and how to best use them in your life and career.
Abstracts<br />
<strong>Innovations</strong> Track<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenters: Vickie Rafter & Don Vilfer, Califorensics<br />
Title: <strong>Forensic</strong> Analysis of Digital Photos<br />
This class addresses the needs for forensic analysis of digital photos, such as to de-authenticate a photo; the<br />
types of photos that one might need to examine, such as crime scene photos or scientifi c research and alternative<br />
sources of digital photos. The class includes an introduction to using various tools and techniques<br />
to examine digital photos, such as Access Data’s <strong>Forensic</strong> Took Kit (FTK), Adobe Photoshop and newly developed<br />
specialized digital photo analysis software. This presentation will cover the use of fuzzy hashing in<br />
FTK to determine if two photo fi les are identical, use of basic observation techniques and specifi c processes<br />
or actions in Adobe Photoshop to analyze photos for manipulation and the use of the newly developed<br />
software that uses signature analysis to determine if a .jpeg is an untouched, original from a digital camera.<br />
Photoshop actions will be made available for download and a vendor discount will be provided for one of<br />
the software tools.<br />
Time: Sunday, 10:30 AM – 11:30 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Keith Gray, Gray Matters<br />
Title: How to Get a Grant for Your Organization<br />
Utilizing grants and federal contracts to grow your business is a great way to leverage public funding opportunities.<br />
However, the several thousand grant and federal contracting programs can be confusing and<br />
overwhelming. Keith Gray, President of Gray Matter Consulting, has 20 years’ experience in working with<br />
federal contractors and grants for small businesses and municipalities. Many ask the following:<br />
How do I apply for a grant?<br />
How do I fi nd a grant or federal contract for my business?<br />
Am I eligible for grants or loans or federal contracts?<br />
What is a NAICS code?<br />
How do I know my idea will be funded?<br />
These are some of the questions that will be answered during the informative session.<br />
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Chet Hosmer, Allen Corporation/WetStone<br />
Title: Exploiting Mobile Devices for Profi t (iOS and Android)<br />
This lecture/demonstration will take an in depth look at specifi c Android and iOS exploits, the damage they<br />
have caused and the fi nancial gain that has resulted. During Q1 2012, over 7,000 new malware threats have<br />
been identifi ed for Android OS alone. These threats exploit vulnerabilities inherent to the operating systems<br />
of these mobile platforms. We will also discuss preemptive measures that can be used to identify quarantine<br />
and mitigate such threats now and in the future. Finally, we will take a close look at what Google, Apple<br />
and the development community at large is actively pursuing to reduce and mitigate these threats.
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: James Weibe, CRU DataPort/Weibe Tech<br />
Title: Hiding Information on Hard Drives in Ways Your Standard <strong>Forensic</strong> Software will Never Find<br />
In this presentation, James Wiebe will present some new thoughts on how data may be hidden on hard<br />
drives. Covering old concepts fi rst, (such as Host Protected Areas), James will also present alternative methods<br />
for hiding information on hard drives, such as in supervisory areas. These areas are never visible through<br />
standard drive commands, and are also are not visible to any operating system. Also discussed will be hypothetical<br />
examples of how drives may be ‘tampered’ by sophisticated bad guys in order to provide facade<br />
characteristics to a forensic investigator.<br />
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenters: Chet Hosmer & Mike Raggo, Authors of Data Hiding<br />
Title: Data Hiding & Steganography - An Update on the Latest <strong>Innovations</strong> in 2012<br />
If the newswire is any indication, corporate espionage, covert communications, and evidence concealment<br />
continue to plague corporations, investigators, and the military. Use of steganographic techniques by Russian<br />
Spies for covert communications is the latest in a series of incidents involving data hiding.<br />
This presentation will highlight some of the latest research of the 21st century involving data hiding techniques<br />
over the network and with data-at-rest. The highlights will demonstrate new techniques for hiding<br />
data on mobile devices, VOIP, virtualimages, social networks, and other dominating technologies in today’s<br />
world.<br />
Having demonstrated the latest data hiding techniques, we will propose detailed analytical methods for<br />
discovering hidden data, as well as jamming methods for disrupting data hiding operations. These examples<br />
of warfare include image, multimedia, and network protocol jamming.<br />
We will then consider emerging technologies and attack methods, including cloud considerations, parallel<br />
processing attack methods, privacy protection, and derivative datahiding and detection theories.
<strong>Forensic</strong>s Track<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Ryan Washington, AR-<strong>Forensic</strong>s<br />
Title: The Art to the Science - Quick <strong>Forensic</strong>s<br />
This presentation (originally titled “Nintendo <strong>Forensic</strong>s Saves Lives”) will go over methodologies, case scenarios,<br />
and pros and cons of using commercial software and freeware. It will cover some aspects of utilizing<br />
digital profi ling to correctly assess the target and their digital equipment.<br />
Time: Sunday, 10:30 AM – 11:30 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Jeff Ross, FBI<br />
Title: Case Study: Antonio Cardenas - Distributor and Manufacturer of Child Pornography<br />
Come and review a case study on a pedophile arrested and prosecuted in Salt Lake City. We will review the<br />
investigation of Antonio Cardenas. He was an individual responsible for manufacturing and distributing one<br />
of the most prolifi c series of child pornography today. The presentation will discuss the investigation, apprehension<br />
and prosecution of Cardenas.<br />
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Mike Menz, HP<br />
Title: Tips and Tricks for <strong>Forensic</strong>s and Investigations<br />
This class is a montage of techniques and tools to solve current problems in investigations, eDiscovery and<br />
forensics cases. A CD will be provided with most of the items talked about in the class. The attendee will<br />
learn of new and current solutions to a variety of problems faced day to day by an investigator in the investigations,<br />
eDiscovery and forensics fi elds. Resources on the web will be shown and how their unique use, can<br />
solve investigative problems. Everything from researching suspects to cracking hard drive passwords will be<br />
discussed and shown. Mike has taught this class at almost every HTCIA conference since 1997. It has always<br />
been standing room only and has been rated as one of the top information and tools class given.<br />
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: John J Carney, Esq., Carney <strong>Forensic</strong>s<br />
Title: Visualization of Digital <strong>Forensic</strong> Data<br />
Digital evidence is usually presented today as narrative and numbers accompanied by a stream of bits and<br />
bytes in computer forensic reports that are at best sorted into buckets of similar items. For example, mobile<br />
phone evidence is presented such that call logs appear in one section split into inbound, outbound, and<br />
missed calls. Text messages appear elsewhere split into inbound and outbound messages. And the phone’s<br />
address book appears yet somewhere else. This primitive and fragmented approach at production hides or<br />
makes opaque the evidence story that attorneys desperately need to develop a theory of the case for presentation<br />
to juries to win at trial. Technically, forensics data is made available to attorneys and their clients,<br />
but often this evidence is so diffi cult to interpret and understand that they derive little, if any, value from it.<br />
Why? Because many digital forensic examiners report their fi ndings one-dimensionally and out of context.<br />
Unfortunately, legal professionals, who are not technologists, cannot relate to it. They miss the substance<br />
and the import of the evidence’s meaning and its ability to tell the story of the case.
Visualization of Digital <strong>Forensic</strong> Data (Cont.)<br />
This presentation will show how digital forensic examiners can put meaningful evidence to use with attorneys,<br />
opposing counsel, judges, juries, and their own legal teams. The focus is on how meaning can be<br />
mined from forensics data cost eff ectively using software automation. It will include technical information<br />
on software bridges that span leading mobile forensic examination tools and popular timeline, mapping,<br />
and investigative software packages used by attorneys and investigators today. Evidence visualizations created<br />
by this technology will be briefl y demonstrated for the audience.<br />
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Harlan Carvey, Applied Security, Inc.<br />
Title: Automating <strong>Forensic</strong> Correlation via Open-Source Tools<br />
The title of this course is a fancy way of saying, “you should use the <strong>Forensic</strong> Scanner”. Most of the tools<br />
currently available for digital analysts provide a framework that they can use to view the collected data. The<br />
<strong>Forensic</strong> Scanner is RegRipper’s big brother, which provides a means for applying a good deal of automation<br />
and intelligence to many of the tedious tasks that occupy the initial stages of analysis.<br />
Legal Track<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenters: Stephanie Sparks & Judge Matthew Sciarrino<br />
Title: Discovery & Admissibility of Social Media<br />
This session focuses on the issues of privacy and admissibility around social media. We will address third-party<br />
requests to service providers and the impact of the Stored Communication Act. The material will explore<br />
the challenges created for the authentication and admissibility of the many forms of social media and their<br />
impact on litigation today.<br />
Time: Sunday, 10:30 AM – 11:30 AM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Albert Barsocchini, Director of Strategic Consulting NightOwl DMS, Inc.<br />
Title: Communication Protocols in eDiscovery and Internal Investigations<br />
One of the biggest challenges of discovery is communicating eff ectively in order to get the job done right,<br />
on budget and on time. Using the right tools to communicate the right message at the right time can make<br />
the diff erence between success and failure. This seminar will explore communication protocols for all types<br />
of investigations, what to say, when to put it in writing and when to use the phone.<br />
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Donald Wochna, Vestige Ltd.<br />
Title: Social Media Challenges: Navigating Privacy “Beliefs” in a “Shared Communication” Environment<br />
This seminar will explore the manner in which computer forensic professionals can navigate the area of<br />
Social Media, recognizing the confl ict between citizens’ expectations of privacy and federal and state laws<br />
Attendees will learn a “way of thinking” about privacy that will allow them to diff erentiate between expectations<br />
of privacy that are simply beliefs held by citizens and need not be accommodated in an investigation,<br />
and expectations of privacy that must be accommodated in order to satisfy federal or state laws.
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Aaron Crews, Esq.<br />
Title: Issuing Litigation Holds<br />
The transition from information management to litigation holds is one of the greatest malpractice risks for<br />
attorneys. Join us to learn about the duty to preserve, triggering events and how to properly issue and<br />
manage a litigation hold.<br />
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Donald Wochna, Vestige Ltd.<br />
Title: <strong>Forensic</strong>s meets Records Management, Medical Device Manufacturers, and Lawyers: The Electronic Medical<br />
Record and the Need for <strong>Forensic</strong> Understanding of Health IT Systems<br />
The emergence of the Electronic Medical Record pursuant to the guidelines and mandates of the Department<br />
of Health and Human Services has presented forensic professionals with a model of a standardized<br />
electronic record that leverages metadata and forensic artifacts for purposes of authentication. This seminar<br />
describes the capabilities of such medical record systems, and presents attendees with a method of<br />
determining the capabilities of a system before conducting any forensic investigation. We will discuss the<br />
“audit log” features of these systems and review the certifi cation requirements for compliant IT health record<br />
systems.<br />
Lab Track A<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Nicole Bocra, Infi nity Investigative Solutions<br />
Title: Social Media Investigations<br />
With the change in technology, you will learn current research techniques and procedures along with the<br />
scope and capabilities of online systems, the hottest search tools and evidence collection methods.<br />
Time: Sunday, 10:30 AM – 11:30 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Rob Schroader, Paraben Corporation<br />
Title: E-mail Evidence: Finding the Needle in the E-mail Haystack<br />
E-mail can be an important source of evidence. This lab will show examiners how to examine several diff erent<br />
types of e-mail databases from local mail stores to network mail stores and in P2 Commander including<br />
mail store structure, attachment sorting, advanced fi ltering and searching, and exporting.
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Zeke Thackray<br />
Title: Data Carving and Making Sense of the Unknown<br />
During this session attendees will be introduced to the fundamental elements of data carving and making<br />
sense of the unknown within cellular technology. Although the automated mobile forensic products identify<br />
large volumes of “low hanging fruit (evidence)” much more is left behind. Attendees will gain hands on<br />
practical experience to identify, recover and decode a variety of information from cellular devices, such as,<br />
image fi les, SMS messages and their associated telephone numbers, date and times. Attendees to this session<br />
will receive a variety of useful software tools and reference material to enhance their cellular<br />
investigations.<br />
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Michael Wilkinson, Champlain College<br />
Title: Identifying the Artifacts and Behavior of an Unknown Application<br />
This lab will focus on identifying the artifacts and behavior of unknown applications. Many times you will<br />
run across an app you might not have seen before and you want to know what traces it leaves on the system.<br />
What information that is left has meaning and what does not. We will focus on developing results that<br />
are robust enough to stand up in court and more emphasis on decoding fi le structures so you are prepared.<br />
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Don Brister, BlackBag Technologies, Inc.<br />
Title: iOS <strong>Forensic</strong>s and Top Five Artifacts<br />
iPhone, iPad, and iPod Touch device popularity has introduced unique forensics and corporate policy enforcement<br />
challenges. Examiners must understand the attributes and fi le types unique to Mac OS X and<br />
iOS fi le systems. If your casework involves examining geo-location and EXIF camera metadata, evidence of<br />
device wiping, or SMS, contacts, and phone call data marked for deletion in SQLite databases, then this lab is<br />
for you. Attendees will gain valuable insight into the ever-evolving forensics challenges associated with iOS<br />
devices, and learn ways to conduct highly effi cient and eff ective Mac OS X and iOS device investigations.<br />
Lab Track B<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Glenn K Bard, PATCtech<br />
Title: iPhone Backup Data Parsing<br />
In this lab the attendee will be introduced to iOS backup analysis. The class will begin with identifying the<br />
locations of iOS backups on various Operating Systems to include Windows XP, Vista and 7 as well as Mac.<br />
Once the backups are located the folder structure will be forensically extracted from the suspect computer.<br />
The students will then be introduced to how the backup fi les store the information on the computer system.<br />
The class will then end with various tools ranging from free and inexpensive to full forensic applications, all<br />
capable of extracting diff erent types of data from the backups and deconstructing various fi les into usable<br />
information.
Time: Sunday, 10:30 AM – 11:30 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: John Bargiel, NUIX<br />
Title: Managing Evidence in the Era of Big Data<br />
Investigators and forensic examiners are seizing historic levels of evidence while backlogs grow. This handson<br />
lab will focus on managing evidence in the era of Big Data seizures - an all too familiar situation for today’s<br />
investigations. We will take you through investigative examples and demonstrate high speed indexing<br />
and triage strategies that will save you time and valuable resources. Learn about the advantages of custom<br />
scripting to automate forensic triage and other investigative functions and join us discussing real world scenarios<br />
that will help you apply these techniques to rapidly solve your investigations.<br />
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenters: Tomas Castrejon, Jeff Dye, & David Nardoni, PwC<br />
Title: Memory Analysis & Malware Triage<br />
In this hands-on lab, we will cover the basics of live memory analysis and its importance during an investigation,<br />
especially involving malware. Attendees will explore the diff erences between memory collection and<br />
analysis tools. In addition, this lab will cover analysis of memory images infected with malware. Attendees<br />
will develop an understanding of what evidence can be retrieved from a memory image and how to identify<br />
forensic evidence related to the malware.<br />
Attendees will learn how to analyze:<br />
• Process lists<br />
• Network connections<br />
• Registry keys used for persistence<br />
• Files used by malware<br />
• Process injected binaries<br />
• Identify confi guration fi les used by malware<br />
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Natasha Lockhart, Vound<br />
Title: The New Field of <strong>Forensic</strong> Search<br />
Abstract not provided.<br />
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenters: Tomas Castrejon, Jeff Dye, & David Nardoni, Lan Hang, and Meghana Reddy, PwC<br />
Title: Log Analysis and Data Visualization<br />
In this hands-on lab, we will cover the basics of reading, processing and visualizing network log data. Attendees<br />
will get a basic introduction to grep and awk to fi lter and parse large data sets. They will take the<br />
data generated though the fi ltering process and learn how to generate reports to help identify several attack<br />
scenarios. These tools can be used against a variety of diff erent data sets and help the attendee look for<br />
diff erent ways to search and extract data rapidly and reduce the volume of data not related to their analysis.<br />
The attendees will be given methods to identify a variety of attacks or scans. These attacks may include port<br />
scanning, SQL injection, and web application exploitation.
Log Analysis and Data Visualization (Cont.)<br />
The attendee will be introduced into some basic data visualization based on the data found during the lab.<br />
Various visualization techniques will be demonstrated by instructors and used by attendees to build intuitive<br />
graphical representations of network activity that can be communicated to executives or non-technical<br />
audiences.<br />
Lab Track C<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Amber Schroader, Paraben Corporation<br />
Title: Physical Imaging of Smart Devices<br />
Smartphones are taking over the world and are becoming one of the most common digital evidence items.<br />
Come and learn some of the latest techniques for physical imaging of these devices using Paraben’s tools.<br />
Learn what data you can get with logical vs. physical images.<br />
Time: Sunday, 10:30 AM – 11:30 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Christopher Currier, Passware & Sumuri<br />
Title: Modern Password Recovery Techniques<br />
One of the major hurdles for modern computer forensic examiners is encryption. Files, volumes and even<br />
entire physical disks can be encrypted with commercial or freely available tools. An examiner or investigator<br />
must be able to properly identify encryption and know the best way to recover the passwords to decrypt<br />
potential items of evidentiary value. Sumuri, the offi cial training partner for Passware, will provide insight on<br />
several types of encryption and show how to defeat them using Passware Kit <strong>Forensic</strong> software.<br />
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Ben Lemere, Berla Corp<br />
Title: Introduction to GPS <strong>Forensic</strong>s<br />
This presentation will discuss the types of information that can be extracted from GPS devices and used as<br />
evidence in a criminal prosecution. This is a technical class, and will leave the attendee with a basic knowledge<br />
of how a GPS device works and the type, amount and manner in which information is stored and<br />
forensically acquired.<br />
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Chad W Davis , Backbone Security<br />
Title: Stega-what? A Beginner’s Guide to Digital Steganography<br />
Throughout the ages, criminals have sought ways to conceal evidence of their activities. Today’s world is no<br />
diff erent—digital steganography is used for the distribution of child pornography, theft of intellectual property,<br />
and as a means for covert communication between conspirators. Digital steganography represents a<br />
particularly signifi cant threat today because of the large number of applications freely available on the internet<br />
that can be used to hide information within seemingly innocuous carrier fi les. Use of these applications,<br />
which are both easy to obtain and simple to use, allows criminals to conceal their activities in cyberspace.<br />
Learn more about the threat and ways to discover what may have been hidden from you in your forensic<br />
investigations.
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: James Eichbaum, MicroSystemation<br />
Title: Android <strong>Forensic</strong>s<br />
With nearly 70% of the worldwide smartphone market share, Android devices are landing in forensic labs<br />
with much more frequency. This hands on lab will provide examiners with the skills necessary to successfully<br />
extract and analyze data from Android devices. Students will learn rooting techniques, how Android stores<br />
geo-location data, and how Apps can be an evidentiary goldmine.<br />
<strong>Innovations</strong> Track<br />
Monday, November 5th, 2012<br />
Time: Monday, 8:00 AM – 9:00 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Nick Cavalancia, Spectorsoft<br />
Title: User Activity Monitoring: How Monitoring Digital Behavior is More and More Important from an<br />
Investigation and <strong>Forensic</strong>s Standpoint<br />
<strong>Forensic</strong>s and security professionals used to focus their attention on the device. Then, increasingly, the network.<br />
After that, the perimeter. And, most recently, the application.<br />
But, change is the constant. Most people now have multiple computing devices. People access systems,<br />
data, and applications from diff erent ingress points. The digital life increasingly consists of a blend of work<br />
and personal time, and work and personal activity. And, cloud based off erings have truly arrived. What does<br />
this add up to? More and more control in the hands of the end-user. So, the ability to see and analyze people’s<br />
digital behavior is now front and center.<br />
Attend this session to learn how User Activity Monitoring provides unique opportunities to solve <strong>Forensic</strong>s,<br />
Investigations, and IT Risk problems more comprehensively, and in more automated, and cost-eff ective ways<br />
than previous, legacy solutions and manual processes ever could. See what activity data can show you- in<br />
contrast to threat data, vulnerability data, or post-factum alert data. See how near real-time alerting around<br />
digital activity enables both defense and remediation. And fi nally, review real-world case studies, the next<br />
phase of maturity for UAM solutions, and the associated innovations and predictions.<br />
Time: Monday, 9:00 AM – 10:00 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Allen Atamer, LTAS Technologies<br />
Title: Exploiting online classifi eds as a source for OSINT<br />
Increase your awareness of the role of online classifi eds in fraud / crime / underground business overview of<br />
free and off -the-shelf tools and tips for investigating suspicious online classifi ed ads understand how criminals<br />
can circumvent investigative searches introduction of our Harmari Report service and its benefi ts in<br />
online investigation.
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Mike Raggo, MobileIron<br />
Title: Wireless Incident Response & <strong>Forensic</strong>s – Latest Techniques<br />
Current attack vectors indicate that wireless attacks are now more focused on wireless clients rather than<br />
wireless infrastructures. As wireless access points, wireless switches, and wireless defense technologies have<br />
improved, wireless end-users have now become the new low-hanging fruit.<br />
Ubiquitous mobility is now center stage and with that comes a plethora of vulnerabilities introduced by mobile<br />
computing devices including Wi-Fi enabled smartphones. This presentation will explore attacks focused<br />
on obtaining end-user data, wireless network credentials, and corporate network infi ltration. Intrusion techniques<br />
as well as extrusion techniques will be reviewed including: Windows Virtual Wi-Fi, AirPlay, and mobile<br />
hotspots.<br />
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Mike Raggo, MobileIron<br />
Title: Wireless Incident Response & <strong>Forensic</strong>s – Latest Techniques<br />
Current attack vectors indicate that wireless attacks are now more focused on wireless clients rather than<br />
wireless infrastructures. As wireless access points, wireless switches, and wireless defense technologies have<br />
improved, wireless end-users have now become the new low-hanging fruit.<br />
Ubiquitous mobility is now center stage and with that comes a plethora of vulnerabilities introduced by mobile<br />
computing devices including Wi-Fi enabled smartphones. This presentation will explore attacks focused<br />
on obtaining end-user data, wireless network credentials, and corporate network infi ltration. Intrusion techniques<br />
as well as extrusion techniques will be reviewed including: Windows Virtual Wi-Fi, AirPlay, and mobile<br />
hotspots.<br />
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: David Cowen, G-C Partners LLC<br />
Title: Anti Anti-<strong>Forensic</strong>s<br />
The NTFS $Logfi le is a gold mine of forensic data that has never been understood well. Tomes from a variety<br />
of authors and open source development groups have attempted to explain its usage and changes for those<br />
use in writing to the NTFS fi le system, but we’ve never seen any research on how to pull apart and read the<br />
$logfi le beyond carving MFT fi le records from it. In this presentation we will show to use the $Logfi le to fi nd<br />
out when: Timestamps have been changed, What the name of a fi le was before it was renamed, Details on<br />
when a fi le was created, Details on when a fi le is deleted, timestamp recovery from $logfi le entries and how<br />
to determine how many diff erent systems have written to external media.<br />
In short you can now; roll back the metadata from a wipe, fi nd more deleted fi les with their metadata, recover<br />
wiped fi les that were resident in the mft, recover fi les that have been timestomped and fi nd fi les hidden<br />
by rootkits and malware or were never committed to disk.
Time: Monday, 2:00 PM – 3:30 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Patrick Stump, Roka Security LLC<br />
Title: How Hackers Move<br />
With the news and threat announcements focusing so much on the latest 0-day and whose getting dos’ed,<br />
other methods in the hacker’s tool box are often overlooked. After all, exploits are a means to an end for<br />
most attackers and are just the beginning of their campaign into the network. This talk will focus on the<br />
methods and tools that allow APT to move through the gooey center of the enterprise network. We will<br />
also dive into redirection or pivoting and how its used to transit data from the computer where it lives to the<br />
patsy computer that will exfi l all the data.<br />
Time: Monday, 4:00 PM – 5:30 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: James Wiebe, CRU DataPort/Wiebe Tech<br />
Title: The very latest on Solid State Drives and <strong>Forensic</strong> Practice<br />
In this presentation, James Wiebe will provide an updated presentation on how Solid State Drives function,<br />
with a specifi c focus on forensic practice. The forensic examiner will understand how to approach the<br />
investigation of a Solid State Drive, in order to ensure highest quality of evidence collection. Covered topics<br />
include wear leveling; internal compression; Logical to Physical address translation, all with a strong forensic<br />
focus.<br />
<strong>Forensic</strong>s Track<br />
Monday, November 5th, 2012<br />
Time: Monday, 8:00 AM – 9:00 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Dyer Bennett, SIRCHIE<br />
Title: Correct Evidence Collection Including Biological and DNA Processing from Digital Items<br />
Digital devices are a wealth of knowledge that can be extracted from data stored inside. What a digital<br />
examiner may not realize is the critical information that may be also present at the surface. A simple cell<br />
phone may reveal fi ngerprints, biological fl uids, and DNA, if it is handled and processed correctly. There are<br />
generally accepted methods for identifying, collecting, and observing this evidence, as well as documented<br />
cases where this evidence has been used to identify the perpetrator in criminal cases. The speaker will review<br />
the types of evidence that can be collected, as well as the proper methods for preserving this evidence.<br />
The speaker will also discuss research and actual case studies involving these types of evidence gathered<br />
from digital devices.<br />
Time: Monday, 9:00 AM – 10:00 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Charles Giglia, Digital Intelligence, Inc.<br />
Title: Digital <strong>Forensic</strong> Hardware Confi guration<br />
This presentation will inform the attendees on the minimum requirements and proper confi guration of<br />
workstations intended for digital forensic examinations. A review of detailed testing on multiple hardware<br />
platforms utilizing several industry standard forensic software packages completed by Digital Intelligence, a<br />
leader in digital forensic hardware development, will be covered. Results from the testing will highlight the<br />
ideal confi gurations and best hardware components to optimize Access Data’s FTK and Lab as well as Guidance<br />
Software’s EnCase and Enterprise products.
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Joshua Gilliland, Esq.<br />
Title: Geeks & Lawyers: You Can’t Handle the Truth<br />
Han Shot First. This is a universal truth. However, was Han legally justifi ed in killing Greedo?<br />
Geeks & Lawyers is for any attorney, judge, or legal profession who watches a movie and thinks, “Wait a<br />
minute…. wouldn’t Captain America get 67 years of back pay adjusted for interest and infl ation?”<br />
Bring your utility belt and get ready to explore the unanswered questions in Sci-Fi and geekdom, including:<br />
Firefl y & Contract Law<br />
Assumption of Risk and being a Red Shirt on Star Trek<br />
Ghostbusters & False Imprisonment<br />
Harry Potter & Potion Liability<br />
Is Being a Super Hero Really a Good Idea?<br />
Questions are strongly encouraged.<br />
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Harlan Carvey, Applied Security, Inc.<br />
Title: Intro to Windows 7 <strong>Forensic</strong> Analysis<br />
Even though Windows 7 has been available for some time, there are a number of artifacts that analysts need<br />
to be aware of, so that they can take full advantage of them. As Windows systems increase in functionality,<br />
so do the available artifacts that analysts can use to eff ectively complete their examinations in a comprehensive<br />
and timely manner. This presentation will also open the door for Windows 8, as well.<br />
Time: Monday, 2:00 PM – 3:30 PM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Jeff Atkinson, General Dynamics<br />
Title: Comprehensive Network <strong>Forensic</strong>s<br />
Monitoring locations: Taps vs. SPANs; Firewall NATs; Proxy Application Protocol Metadata: Protocol metadata<br />
sampling, alerting framework, centralized alerting, session metadata retrieval, metadata trending Extending<br />
Metadata fi les traversing the network.<br />
Time: Monday, 4:00 PM – 5:30 PM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Todd L Gabler, Rudiger Investigations<br />
Title: Electronic Location Evidence<br />
This presentation includes discussion and demonstration of the use of Android freeware to chart cell site<br />
and signal information using CDMA and GSM phones, using target devices in engineering mode, using redundant<br />
GPS and signal receivers for verifi cation of primary testing device, converting Android databases to<br />
KML Google Earth presentations, and court presentation techniques. The discussion will include the analysis<br />
of claims of junk science for single point claims, and contrast this with pattern analysis evaluations. Attendees<br />
will leave the discussion with the capability of creating their own tower signal maps for the identifi cation<br />
of historical location of cell phone calls.
Legal Track<br />
Monday, November 5th, 2012<br />
Time: Monday, 8:00 AM – 9:00 AM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Joshua Gilliland, Esq.<br />
Title: In Review: Eff ectively Reviewing eDiscovery<br />
We live in a world where electronically stored information literally surrounds us in smartphones and social<br />
media. However, many attorneys refuse to use technology to help review discovery. Even worse, there are<br />
lawyers who simply fear electronic discovery.<br />
In Review addresses the fears of conducting electronic discovery. The materials review cases involving the<br />
form of production, metadata requests, initial disclosures and Rule 26(g)(1) and 26(g)(2) obligations. The material<br />
focuses on how to practically review for causes of actions, defenses, discovery responses and preparing<br />
for depositions.<br />
Time: Monday, 9:00 AM – 10:00 AM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Kevin Ripa, Computer Evidence Recovery, Inc.<br />
Title: Computer <strong>Forensic</strong>s in Civil Litigation & Testimony<br />
This presentation will give instruction on how computer forensics can be used in civil litigation. It discusses<br />
the diff erences between civil and criminal matters, as well as addressing dealing with attorneys, courts,<br />
judges, and juries. We will also discuss in detail, the art of testifying in court. This is a very informative lecture<br />
for anyone in the private sector or thinking about branching into this area.<br />
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Brian K Ingram<br />
Title: Digital <strong>Forensic</strong>s: A Defense Perspective<br />
Digital <strong>Forensic</strong>s Examinations are becoming more and more important in our legal system. At no time are<br />
they more important than when someone’s liberty is on the line. IN this class you’ll learn what the defense<br />
expert’s role is and should be in a forensic examination. You’ll also see and hear about common mistakes<br />
being made by examiners that result in erroneous or mistaken conclusions about the digital evidence. This<br />
is what no one wants to talk about….until it’s them being charged. Real examples will be shown.<br />
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: John J. Carney, Esq. Carney <strong>Forensic</strong>s<br />
Title: Social Media Evidence: A Legal Perspective<br />
New technology relentlessly thrusts itself into the lives of our clients and many of them adopt it with gusto.<br />
Do you fi nd yourself ignoring potentially revealing sources of evidence due to the challenges of keeping up<br />
with it? This session will show the value of digital forensic approaches for collecting hard-to-fi nd, but relevant<br />
social media evidence that can make the diff erence for your clients. Come and learn what civil litigators<br />
need to know about social media in 2012.
Time: Monday, 2:00 PM – 3:30 PM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Donald Wochna, Vestige Ltd.<br />
Title: Child Pornography Developments: Is federal law pre-empting state law; are computer forensic expert witnesses<br />
immune from civil suit for accessing contraband images with intent to view in federal or state actions—the<br />
lessons of Dean Boland Case<br />
This seminar focuses upon the personal liability of any computer forensic examiner for violating federal child<br />
pornography laws while conducting an investigation, assisting the defense, or testifying at trial. Current federal<br />
court decisions from the Northern District of Ohio make it clear that any violation of federal law (including<br />
accessing image fi les with the intent to view them) renders the forensic analyst liable for civil penalties in<br />
the amount of $150,000 per image—even where the subject of the image is unaware of its use in trial.<br />
These cases have laid a foundation to challenge any practice in which forensic examiners possess, view,<br />
or otherwise handle contraband images in a state case. Attendees will learn the manner in which federal<br />
courts have held that any state law that contradicts federal child pornography laws has been preempted by<br />
federal law; and the manner in which an analyst (prosecution or defense) can be sued for actions taken in a<br />
state case.<br />
Time: Monday, 4:00 PM – 5:30 PM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Albert Barsocchini Director of Strategic Consulting NightOwl DMS, Inc.<br />
Title: Preparing for Your Next Internal Investigation<br />
Internal investigations are never simple and can be triggered by any number of events. The decision of who<br />
should command the investigation requires careful analysis of corporate governance. The collection, preservation,<br />
and presentation of information and documents can be diffi cult and nuanced.<br />
This seminar will guide you through the process.<br />
Lab Track A<br />
Monday, November 5th, 2012<br />
Time: Monday, 8:00 AM – 9:00 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Rob Schroader, Paraben Corporation<br />
Title: Hard Drive <strong>Forensic</strong> Triage Using P2 Commander<br />
This hands-on lab will use P2 Commander to perform a digital triage on a Windows system. Investigators will<br />
learn how to use the Data Triage feature in P2 Commander to glean important information from a system<br />
almost instantly such as system information, user information, recently used fi les, USB storages, services,<br />
programs installed, e-mail databases, chat databases, internet browser data, and more.<br />
Time: Monday, 9:00 AM – 10:00 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Chris Taylor, Cytech<br />
Title: Examining Virtual Machines<br />
Virtual machine technology is becoming more and more prevalent. Understanding of the way these virtual<br />
machines operate, and specifi cally how they are saved on the host system and what artifacts they present, is<br />
necessary for any case in which a virtual machine is found. In this session we will present a survey of the different<br />
types of virtual machine technologies and some interesting artifacts of note.
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Nicole Bocra, Infi nity Investigative Solutions<br />
Title: Social Media Investigations<br />
With the change in technology, you will learn current research techniques and procedures along with the<br />
scope and capabilities of online systems, the hottest search tools and evidence collection methods.<br />
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Chris Taylor, Cytech<br />
Title: Practical Hard Drive Technology: How It Really Works<br />
Lecture and hands-on lab going over hard drive technology and how fi les are saved on a magnetic disk. We<br />
will be actually dissecting a drive to examine how the parts work together to accomplish the magic that is<br />
saving and reading a fi le. Some of the basic types of drive failures will be explained, along with how to identify<br />
them and how to recover from them.<br />
Time: Monday, 2:00 PM – 3:30 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Don Brister, BlackBag Technologies, Inc.<br />
Title: iOS <strong>Forensic</strong>s and Top Five Artifacts<br />
iPhone, iPad, and iPod Touch device popularity has introduced unique forensics and corporate policy enforcement<br />
challenges. Examiners must understand the attributes and fi le types unique to Mac OS X and<br />
iOS fi le systems. If your casework involves examining geo-location and EXIF camera metadata, evidence of<br />
device wiping, or SMS, contacts, and phone call data marked for deletion in SQLite databases, then this lab is<br />
for you. Attendees will gain valuable insight into the ever-evolving forensics challenges associated with iOS<br />
devices, and learn ways to conduct highly effi cient and eff ective Mac OS X and iOS device investigations.<br />
Time: Monday, 4:00 PM – 5:30 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Zeke Thackray<br />
Title: Data Carving and Making Sense of the Unknown<br />
During this session attendees will be introduced to the fundamental elements of data carving and making<br />
sense of the unknown within cellular technology. Although the automated mobile forensic products identify<br />
large volumes of “low hanging fruit (evidence)” much more is left behind. Attendees will gain hands on<br />
practical experience to identify, recover and decode a variety of information from cellular devices, such as,<br />
image fi les, SMS messages and their associated telephone numbers, date and times. Attendees to this session<br />
will receive a variety of useful software tools and reference material to enhance their cellular investigations.
Lab Track B<br />
Monday, November 5th, 2012<br />
Time: Monday, 8:00 AM – 9:00 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Glenn K. Bard, PATCtech<br />
Title: Shadow <strong>Forensic</strong>s<br />
In this presentation the attendee will be introduced to Shadow Copy forensics. Shadow Copies are point in<br />
time backups of user data and fi les on Windows Vista / 7 computer systems. These Shadow fi les are generated<br />
by the Operating System, many times without the user’s knowledge? The attendee will be instructed on<br />
how to locate the Shadow Copies, how often they are created and what they may contain. The presentation<br />
will also include various software tools that can be used to extract the contents of the Shadow Files.<br />
Time: Monday, 9:00 AM – 10:00 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Tom Eskridge, HTCI<br />
Title: Digital Analysis Reporting Tool (DART)<br />
HTCI will be off ering a class on the use of their latest report analysis tool, DART. The Digital Analysis Reporting<br />
Tool (DART) is a vendor neutral middleware program that is used to perform analysis and reporting on<br />
cell phone extractions from multiple vendors.<br />
Today’s cases have become increasingly complex with the advent of digital media. It is more likely that your<br />
suspect will be in possession of an advanced cellular device, not even owning a traditional personal computer.<br />
It is not uncommon for your cellular software to download thousands of pages of data from an advanced<br />
device.<br />
Perhaps you are assigned to the gang unit or narcotics. Multiple cellular devices are seized at once or over<br />
a period of time from members of the target group. Instead of spending hours penciling out relationships<br />
between the members of the target group, you can transform this data to intelligence in seconds.<br />
You want that data, you need that data. The problem is that the data can often be overwhelming. With this<br />
in mind, HTCI Labs has developed the DART (Data Analysis Reporting Tool) software program that allows you<br />
to take control of the digital media in your cases.<br />
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Christopher Currier, Passware & Sumuri<br />
Title: PALADIN in the Field for Triage and Previews<br />
PALADIN is a free forensic tool provided as a courtesy from Sumuri. PALADIN was designed to utilize the<br />
power of Linux and command-line tools without having to use the Terminal. PALADIN gives forensic examiners<br />
and fi rst responders the ability to image and preview computers and media with ease. This lab will<br />
instruct students on the use of PALADIN and its ability to search for evidence in the fi eld in a forensically<br />
sound manner.<br />
The objectives of this lab are to provide instruction on the features of PALADIN to show how it can benefi t<br />
forensic examiners. Focus will be placed on previewing evidence in the fi eld to fi nd items of evidentiary<br />
value and identify illicit media.
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Ben Lemere, Berla Corp<br />
Title: In-Car Navigation System <strong>Forensic</strong>s<br />
Worldwide sales of vehicles with advanced features, such as in-car navigation systems, are predicted to jump<br />
from 9.5 million to 56 million in the next fi ve years. Vehicles are no longer just a method of transportation<br />
but have become complete entertainment and communications hubs fully integrated into everyday digital<br />
life.<br />
Vehicles collect and store a vast amount of user related data such as recent destinations, favorite locations,<br />
call logs, contact lists, SMS messages, pictures, videos, and a history of everywhere the vehicle has been. This<br />
presentation will cover the diff erent systems user data is located in and focus on how to acquire and analyze<br />
the data.<br />
Time: Monday, 2:00 PM – 3:30 PM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Natasha Lockhart, Vound<br />
Title: The New Field of <strong>Forensic</strong> Search<br />
Abstract not provided.<br />
Time: Monday, 4:00 PM – 5:30 PM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Melia Kelley, First Advantage Litigation Consulting<br />
Title: Digital <strong>Forensic</strong> Report Writing<br />
Report writing is an incredibly important “soft” skill in digital forensics. Unfortunately, it is one that is overlooked<br />
in training. In this lab, we will be going over the foundations of successful report writing, but also will<br />
try out some hands- on work using actual digital artifacts.<br />
Lab Track C<br />
Monday, November 5th, 2012<br />
Time: Monday, 8:00 AM – 9:00 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Jon Hansen, H-11 Digital <strong>Forensic</strong>s<br />
Title: Windows Registry Analysis<br />
This advanced course will provide an overview on how to best fi nd Microsoft Windows artifacts using various<br />
forensic tools. Specifi cally students will more about the Microsoft Registry components and learn how<br />
to use various tools to locate Microsoft artifacts and Metadata evidence. If you need to understand where<br />
evidence can be found and learn more about fi nding artifacts and what Microsoft has left in their programs<br />
or forgotten what they did the last 20-years, then this course is for you. Real life examples and actual cases<br />
will be discussed. Students will be required to perform hands-on tasks and analysis during this presentation.<br />
This session will help you see the need for these tools and when you should use them in your forensic investigations.<br />
Each attendee will receive a CD with various digital forensic tools and be eligible for free training<br />
in a free digital forensics training course from H-11 Digital <strong>Forensic</strong>s.
Time: Monday, 9:00 AM – 10:00 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Amber Schroader, Paraben Corporation<br />
Title: Physical Imaging of Smart Devices<br />
Smartphones are taking over the world and are becoming one of the most common digital evidence items.<br />
Come and learn some of the latest techniques for physical imaging of these devices using Paraben’s tools.<br />
Learn what data you can get with logical vs. physical images.<br />
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Amber Schroader, Paraben Corporation<br />
Title: Start to Finish Mobile Acquisitions Using Paraben Tools<br />
If you have never used Paraben’s tools for mobile forensics this is the perfect lab for you. Come and process a<br />
phone from start to fi nish with both a triage and lab option for capturing data off a mobile device.<br />
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: James Eichbaum, MicroSystemation<br />
Title: Android <strong>Forensic</strong>s<br />
With nearly 70% of the worldwide smartphone market share, Android devices are landing in forensic labs<br />
with much more frequency. This hands on lab will provide examiners with the skills necessary to successfully<br />
extract and analyze data from Android devices. Students will learn rooting techniques, how Android stores<br />
geo-location data, and how Apps can be an evidentiary goldmine.<br />
Time: Monday, 2:00 PM – 3:30 PM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Eric Zimmerman<br />
Title: osTriage<br />
This lab will provide instruction on osTriage, why it was written, how to use it, and what it can do for you. In<br />
short, osTriage will quickly fi nd, extract, and display key information from a computer which will enable you<br />
to get a better fi rst interview, conduct a better search, and more. Some of the information extracted includes<br />
operating system details, registry details, USB device history, browser history for all major browsers, search<br />
engine search terms, cloud storage applications, encryption, P2P and other applications, and passwords.<br />
osTriage displays thumbnails of images and videos and categorizes images/videos against a list of over<br />
500,000 SHAs of interest and 300+ keywords. Any contraband can be copied off the target computer with<br />
just a few clicks.
Time: Monday, 4:00 PM – 5:30 PM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenters: William Matthews & Joan Runs Through, Southwest Regional Computer Crime Institute<br />
Title: Development of Chip-off Procedures for Cellphones<br />
Recognizing the need to forensically exam cell phones that are a challenge for traditional and commercial<br />
processes, the Southwest Regional Computer Crime Institute (SWRCCI) of Dixie State College developed a<br />
“chip off ” examination procedure that achieves a high success rate. This “chip off ” procedure enables a physical<br />
image to be extracted from Tracfones, password protected phones, and damaged phones. The “chip off ”<br />
procedure occurs in two phases: fi rst the removal of the fl ash memory chip from the PCB and the creation of<br />
a binary image, and second the carving of relevant data from the image. Dixie College’s process is currently<br />
being taught by the SWRCCI both domestically and internationally. Participants in this lab will be exposed<br />
to the “chip off ” process which includes the observation of a chip removal, the creation of a binary fi le from<br />
the removed chip, and several binary fi le data parsing techniques.<br />
<strong>Innovations</strong> Track<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 8:00 AM – 9:00 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Harlan Carvey, Applied Security, Inc.<br />
Title: Timeline Analysis<br />
Timeline analysis is an analysis technique that can add an unprecedented level of context and situational<br />
awareness to an exam. This presentation will address a number of the available data sources on Windows<br />
systems that can be used to create a timeline of system activity, almost to the point of allowing the analyst<br />
to see exactly what happened. Due to time constraints, this presentation will necessarily need go very<br />
quickly, but every analyst, regardless of their experience level, will see and hear something new.<br />
Time: Tuesday, 9:00 AM – 10:00 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Kevin Ripa, Computer Evidence Recovery, Inc.<br />
Title: Why The Bad Guys Win<br />
How frustrating is it when another pedophile skates on a possession charge? How many times has your<br />
evidence been successfully challenged? This can make anyone question why they should even bother. This<br />
lecture will look at the three biggest mistakes made by LE and Prosecutors, and how to ensure they are no<br />
longer made. As well we will look at two of the biggest sham defenses used in court, and how to successfully<br />
defeat them! This is a must attend for LE, Prosecutors, Attorneys, and anyone that might end up in a court<br />
room.
<strong>Forensic</strong>s Track<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 8:00 AM – 9:00 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Michael Wilkinson, Champlain College<br />
Title: Automating <strong>Forensic</strong> Pre-Processing Steps using TAPEWORM<br />
Open-source tools are extremely powerful, however there is often a steep learning curve required to successfully<br />
add open source tools into your workfl ow. TAPEWORM (TASC Pre-Processing Exploitation & Workfl<br />
ow Management system) is a Linux VM designed to make a number of open source tools available via a<br />
single GUI interface. TAPEWORM automates the process of running the following tools: log2timeline, bulk_<br />
extractor, regripper, AV scanners, volatility, exiftool as well as a program designed to alert examiners to data<br />
of interest found on a piece of media.<br />
Time: Tuesday, 9:00 AM – 10:00 AM<br />
Track: <strong>Forensic</strong>s Track<br />
Room: Interlaken<br />
Presenter: Zeke Thackray<br />
Title: <strong>Forensic</strong> Triage in a Modern Day TB Era<br />
Abstract not provided.<br />
Legal Track<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 8:00 AM – 9:00 AM<br />
Track: Legal Track<br />
Room: St. Moritz<br />
Presenter: Alec Kaguru Chief Executive Offi cer ARS Digital <strong>Forensic</strong>s (Zimbabwe)<br />
Title: The Future of Digital <strong>Forensic</strong>s in Southern Africa (Non-Legal Topic)<br />
This is a situational analysis of Digital <strong>Forensic</strong>s in Southern Africa and its comparisons with the Developed<br />
World, and other developing countries, India, Brazil, China. It gives an insight about Digital <strong>Forensic</strong>s business<br />
in Governments Law Enforcement Agencies, Corporates, Professional Institutions, Colleges and Universities,<br />
Media, Judiciary, Digital <strong>Forensic</strong>s Solutions Markets, Antiforensics Challenges.<br />
Lab Track A<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 8:00 AM – 9:00 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Rob Schroader, Paraben Corporation<br />
Title: E-mail Evidence: Finding the Needle in the E-mail Haystack<br />
E-mail can be an important source of evidence. This lab will show examiners how to examine several diff erent<br />
types of e-mail databases from local mail stores to network mail stores and in P2 Commander including<br />
mail store structure, attachment sorting, advanced fi ltering and searching, and exporting.
Time: Tuesday, 9:00 AM – 10:00 AM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Michael Wilkinson, Champlain College<br />
Title: Identifying the Artifacts and Behavior of an Unknown Application<br />
This lab will focus on identifying the artifacts and behavior of unknown applications. Many times you will<br />
run across an app you might not have seen before and you want to know what traces it leaves on the system.<br />
What information that is left has meaning and what does not. We will focus on developing results that<br />
are robust enough to stand up in court and more emphasis on decoding fi le structures so you are prepared.<br />
Lab Track B<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 8:00 AM – 9:00 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Glenn K. Bard, PATCtech<br />
Title: iPhone Backup Data Parsing<br />
In this lab the attendee will be introduced to iOS backup analysis. The class will begin with identifying the<br />
locations of iOS backups on various Operating Systems to include Windows XP, Vista and 7 as well as Mac.<br />
Once the backups are located the folder structure will be forensically extracted from the suspect computer.<br />
The students will then be introduced to how the backup fi les store the information on the computer system.<br />
The class will then end with various tools ranging from free and inexpensive to full forensic applications, all<br />
capable of extracting diff erent types of data from the backups and deconstructing various fi les into usable<br />
information.<br />
Time: Tuesday, 9:00 AM – 10:00 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: John Bargiel, NUIX<br />
Title: Managing Evidence in the Era of Big Data<br />
Investigators and forensic examiners are seizing historic levels of evidence while backlogs grow. This<br />
hands-on lab will focus on managing evidence in the era of Big Data seizures - an all too familiar situation<br />
for today\’s investigations. We will take you through investigative examples and demonstrate high speed<br />
indexing and triage strategies that will save you time and valuable resources. Learn about the advantages<br />
of custom scripting to automate forensic triage and other investigative functions and join us discussing real<br />
world scenarios that will help you apply these techniques to rapidly solve your investigations.
Lab Track C<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 8:00 AM – 9:00 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Christopher Currier, Passware & Sumuri<br />
Title: Modern Password Recovery Techniques<br />
One of the major hurdles for modern computer forensic examiners is encryption. Files, volumes and even<br />
entire physical disks can be encrypted with commercial or freely available tools. An examiner or investigator<br />
must be able to properly identify encryption and know the best way to recover the passwords to decrypt<br />
potential items of evidentiary value. Sumuri, the offi cial training partner for Passware, will provide insight on<br />
several types of encryption and show how to defeat them using Passware Kit <strong>Forensic</strong> software.<br />
Time: Tuesday, 9:00 AM – 10:00 AM<br />
Track: Lab Track C<br />
Room: Uri<br />
Presenter: Jon Hansen, H-11 Digital <strong>Forensic</strong>s<br />
Title: Windows Registry Analysis<br />
This advanced course will provide an overview on how to best fi nd Microsoft Windows artifacts using various<br />
forensic tools. Specifi cally students will more about the Microsoft Registry components and learn how<br />
to use various tools to locate Microsoft artifacts and Metadata evidence. If you need to understand where<br />
evidence can be found and learn more about fi nding artifacts and what Microsoft has left in their programs<br />
or forgotten what they did the last 20-years, then this course is for you. Real life examples and actual cases<br />
will be discussed. Students will be required to perform hands-on tasks and analysis during this presentation.<br />
This session will help you see the need for these tools and when you should use them in your forensic investigations.<br />
Each attendee will receive a CD with various digital forensic tools and be eligible for free training<br />
in a free digital forensics training course from H-11 Digital <strong>Forensic</strong>s.<br />
All Tracks<br />
Tuesday, November 6th, 2012<br />
Time: Tuesday, 10:00 AM ~ 11:30 AM<br />
Track: Expert Panel (All Tracks)<br />
Room: Grindelwald<br />
Moderator: Greg Kipper, STG<br />
Panel Members: Patrick Stump, Tomas Castrejon, and Chet Hosmer<br />
Title: Open Discussion on the Latest Issues & <strong>Innovations</strong>
<strong>PFIC</strong> 2012 Speaker Bios<br />
Allen Atamer, LTAS Technologies<br />
Allen graduated from MIT with a Master’s Degree in Aeronautics/Astronautics, and has spent the past 11<br />
years working on software engineering, artifi cial intelligence, and text mining. In his industry experience, he<br />
developed a patented approach to intelligent automated troubleshooting questions that is used in diagnostics<br />
and repair of commercial aircraft. Over the years, he has worked on all aspects of software development,<br />
business analysis, and many self-starter skills. He even captained a team of astronaut wanna-bes in the<br />
NASA-sponsored Space Elevator Games for 2 years!<br />
Allen founded LTAS Technologies to make an impact on how the Internet is regulated and kept safe for everyone.<br />
The Harmari Tools that are developed by LTAS have helped auto dealer regulators, contractor licensing<br />
boards, and law enforcement with online investigations. He lives in Toronto, Ontario, Canada with his<br />
wife and 2 daughters.<br />
Jeff Atkinson, General Dynamics<br />
Jeff Atkinson has over 15 years’ experience in IT and over 10 focused on network intrusion detection. He is<br />
currently the lead engineer for the GD Security Operations Center and has successfully deployed network<br />
monitoring solutions in multiple large scale enterprises. His tools of choice are open source and he has deployed<br />
multiple COTS products. Jeff graduated from George Washington University in Washington DC with<br />
a Masters in Information Systems and Technology.<br />
Glenn Bard, PATC Tech<br />
Glenn Bard is a retired Pennsylvania State Trooper First Class and U.S. Veteran of Operation Desert Storm. In<br />
1999 Glenn began Computer Crime Investigations for the PA State Police and has since investigated crimes<br />
across the United States ranging from Child Pornography to Criminal Homicide. Glenn has also conducted<br />
forensic examinations for city, state and federal Law Enforcement Agencies including the FBI, US Postal Inspectors,<br />
and I.C.E. as well as foreign governments. Due to his training and experience, Glenn has been certifi<br />
ed as an expert in Pennsylvania Court of Common Pleas and the United States Federal Court System in the<br />
areas of Digital <strong>Forensic</strong>s, Cellular Technology and Computer Technology. Glenn has also been certifi ed as an<br />
expert Instructor in the State of Maryland. Prior to retiring, Glenn was selected by the US Attorney’s offi ce in<br />
Pittsburgh and OPDAT to teach computer crime investigations and computer forensics in Tirana, Albania.<br />
John Bargiel, NUIX<br />
John Bargiel has been tinkering with computers his entire life bringing diverse professional experience in IT<br />
troubleshooting, infrastructure, and solutions from varied industries including banking, litigation, and health<br />
care to his current role of Director of Technology at Nuix. Prior to Nuix, John worked with CT Summation/<br />
AccessData group managing the East Coast Client Services team and frequently personally handling onsite,<br />
Enterprise-level technical support emergencies. A true modern renaissance man, John combines a strong<br />
background in IT essentials such as systems administration, database management, and programming with<br />
other pursuits as a winemaker, forklift driver, artist, dry cleaner, and unlicensed private detective. His creativity<br />
and love of problem solving is a boon to Nuix’s quest for innovation.<br />
Albert Barsocchini, NightOwl DMS, Inc.<br />
Delivering strategic thinking and guidance to manage the challenges of high stakes corporate discovery<br />
worldwide. Thought leader and internationally recognized expert in e-discovery, information governance<br />
and international digital investigations. Spent eight years as Director of Professional Services and Associate<br />
General Counsel at Guidance Software. Over ten years as a fi rst-chair trial attorney. Past chair of the California<br />
State Bar Law Practice Management & Technology Section. Electronic Discovery Special Master. Certifi ed<br />
ediscovery specialist (CEDS).
Dyer Bennett, SIRCHIE<br />
Dyer Bennett is currently the Director of Product Development for SIRCHIE. He is a graduate of Philadelphia<br />
University with a degree in Textile Engineering, which surprisingly has many applications to forensic science,<br />
including dyes, stains, and other chemical reagents used at the crime scene as well as in the forensic laboratory.<br />
Dyer regularly works with law enforcement in collaborative product development as well as assisting<br />
with criminal investigations. He is an instructor in SIRCHIE’s Crime Scene Technology training class and is<br />
a member of the International Association of Investigators. He has been involved in digital forensics since<br />
2009, and has a mission to foster collaboration between the crime scene technologist and the forensic digital<br />
examiner.<br />
Nicole Bocra, Infi nity Investigative Solutions & Paraben Corporation<br />
Nicole Bocra is a Certifi ed Fraud Investigator, registered private investigator in Virginia, and a licensed private<br />
detective in New Jersey and Maryland. Ms Bocra has more than 15 years’ experience as an accountant and<br />
securities investigator. Prior to establishing her own private investigative fi rm, Infi nity Investigative Solutions<br />
in 2005, Ms Bocra was an in-house investigator at a law fi rm and lead investigator with FINRA fka NASD.<br />
Infi nity Investigative Solutions is a licensed private investigation fi rm specializing in investigations, consulting,<br />
due diligence, and business strategy. Since inception, customer and revenue numbers have increased<br />
annually by 30-40%. Ms Bocra develops complex cases, provides expert investigative services and conducts<br />
in-depth due diligence using the latest in technology, fi nancial expertise and investigative experience to ensure<br />
the most thorough inquiries. She is involved in many National and Regional investigative organizations<br />
including Intellnet, NALI, PIAVA, PISA, NJLPIA, and Infragard. Ms Bocra was recently appointed to the Virginia<br />
Private Security Services Advisory Board (PSSAB) eff ective July 1, 2011.<br />
Don Brister, BlackBag Technologies, Inc.<br />
During his nearly 30 years in law enforcement, Don Brister served as the lead investigator in several major,<br />
multi-agency investigations. Prior to joining BlackBag Technologies as a digital forensic examiner in 2007, Mr.<br />
Brister served as an instructor for the California Department of Justice, training law enforcement investigators<br />
in the areas of high technology, Internet investigations, and digital evidence recovery. Don has a unique<br />
gift of challenging student groups of varying skill levels, while simultaneously tailoring course material to<br />
accommodate a variety of learning styles.<br />
John J. Carney, Esq. Carney <strong>Forensic</strong>s<br />
Mr. Carney is Chief Technology Offi cer and practicing digital device forensic examiner at Carney <strong>Forensic</strong>s.<br />
He has a thirty-year software engineering and information technology career. He was educated at the Massachusetts<br />
Institute of Technology (MIT) Media Lab where he earned a Bachelor’s of Science degree. He is a<br />
Minnesota attorney licensed in federal and state court with a law fi rm in St. Paul focused on small business<br />
and entrepreneurs. He was educated at Hamline University School of Law where he earned a Juris Doctor<br />
degree and Certifi cate in Dispute Resolution. Mr. Carney is an Advisory Board member for Century College’s<br />
digital forensics program.<br />
Harlan Carvey, Applied Security, Inc<br />
Harlan Carvey is a digital analyst and researcher who has been involved in information security for 23 years.<br />
After leaving the military as a Communications Offi cer with a master’s degree, he began conducting vulnerability<br />
assessments and pen tests as a private sector consultant. About 12 years ago, Harlan switched to the<br />
“other side of the coin” and began performing incident response, digital analysis, and research, focusing on<br />
Windows systems as a primary target. Since then, he’s presented at numerous conferences, and written six<br />
books, several of which have been translated into foreign languages.
Tomas Castrejon, PwC<br />
Tomas is a Director in the PwC Cyber Investigations practice. He is responsible for day-to-day operations,<br />
business development and strategy, and team mentoring. In addition, he has extensive digital forensic<br />
experience gained from his time as a law enforcement offi cer and working for another Big 4 consulting fi rm<br />
where he served as the National Digital <strong>Forensic</strong>s Practice Leader. Tomas has testifi ed in both criminal and<br />
civil cases in California, before the Grand Jury, and as an expert. In addition, he has lectured on forensic tools,<br />
techniques, and trends in digital forensics. Tomas has served as a team lead and digital forensics practitioner<br />
on cases ranging from stock option backdating, theft of intellectual property, data breaches, internal investigations,<br />
and coordinated global resources for several matters. He has also served as an Incident Response<br />
Lead on several data breach investigations. In addition, he has taught courses related to digital and network<br />
forensics at a community college.<br />
Nick Cavalancia, Spectorsoft<br />
Nick Cavalancia, MCSE/MCT/MCNE/MCNI, is SpectorSoft1s VP of Marketing where he leads the evangelism of<br />
SpectorSoft solutions. He has over 18 years of enterprise IT experience and is an accomplished consultant,<br />
trainer, speaker, columnist and author. He has authored, co-authored and contributed to over a dozen books<br />
on Windows, Active Directory, Exchange and other Microsoft technologies.<br />
David Cowen, G-C Partners LLC<br />
David Cowen, CISSP, is a partner at G-C Partners, LLC based in Dallas, Texas. Mr. Cowen is one of the authors<br />
of €˜Hacking Exposed: Computer <strong>Forensic</strong>s fi rst and second editions and the third edition of the ˜Anti-<br />
Hacker Toolkit and the upcoming ‘Computer <strong>Forensic</strong>s, A Beginner’s Guide’ all from McGraw Hill. Mr. Cowen<br />
is also the author of the popular ˜Hacking Exposed Computer <strong>Forensic</strong>s Blog and a graduate of the University<br />
of Texas at Dallas with a B.S. in Computer Science. Mr. Cowen is the captain of the National Collegiate<br />
Cyber Defense Competition’s Red Team. Mr. Cowen has been working doing computer forensics since 1999<br />
and information security since 1996 acting as an expert witness in civil cases around the nation. Working as<br />
a computer forensic expert Mr. Cowen has assisted Human Resources departments in companies across the<br />
United States in dealing with employee issues and employee litigation involving computer usage.<br />
Aaron Crews, Esq., Littler Mendelson<br />
Aaron Crews is one of 5 eDiscovery Counsel at Littler Mendelson. His practice centers on helping clients<br />
manage and mitigate risk by providing focused guidance and expertise on issues related to electronic<br />
discovery, the use of computer forensics in litigation, data breach investigations and incident response, IP<br />
and data theft investigations, and information governance matters. Amongst other things, this includes<br />
providing case and client-specifi c advice about meeting preservation obligations, preparing and advocating<br />
for reasonable discovery plans, addressing initial “meet and confer” obligations, and handling court appearances<br />
that address eDiscovery, Information Governance, and/or computer forensic matters. He also assists<br />
trial teams and their clients by developing strategies for effi cient and eff ective data preservation, collection,<br />
review and production, and implementing cost-shifting/reduction strategies. In addition, he regularly advise<br />
on strategies for dealing with information governance issues, strategies for eff ective data breach and IP or<br />
data theft investigations, and the admissibility and authentication of electronic evidence.<br />
He is a frequent lecturer on eDiscovery, Information Governance, and computer forensics issues, including<br />
topics such as applicable ethics rules, case law and industry standards, the complexities of using search and<br />
retrieval tools, forensic investigation strategies, electronic evidence, data protection, retention, and disposition,<br />
trends in e-Discovery, and electronic evidence.<br />
Prior to becoming a member of the fi rm’s eDiscovery group, he specialized in intellectual property and complex<br />
business litigation, including the prosecution and defense of cases involving trade secrets, unfair competition,<br />
and related claims from the initial pleadings stage through trial. He also prepared non-disclosure<br />
agreements, intellectual property assignment provisions and non-solicitation covenants.
Christopher Currier, Passware & Sumuri<br />
Christopher Currier is an instructor and course developer for Sumuri, LLC. Chris has been a sworn police<br />
offi cer in the State of New Hampshire for over twenty-four years. He continues to work at a police department<br />
holding the rank of Detective since 1998. He is an experienced computer forensics examiner, having<br />
conducted examinations of computer systems, cell phones, and digital evidence for his agency as well as<br />
the New Hampshire Internet Crimes Against Children (ICAC) Task Force, State and Local law enforcement<br />
agencies. He has conducted onsite triage and examinations in cases that include Child Sexual Abuse Images,<br />
Criminal Threatening, Fraud, Homicide, Online Sexual Solicitation of a Minor, and others.<br />
Christopher Currier has instructed courses related to investigating computer/online crime, fraud investigations,<br />
computer and cell phone forensics. He has instructed on Responding to Computer Crime at a National<br />
White Collar Crime Center’s Outreach Seminar in 2004 and is an adjunct instructor at the New Hampshire<br />
Police Standards and Training Council. He has presented Investigating Online Fraud for the New Hampshire<br />
Cyber Crime Initiative. He presented on Ram Dump Tools and Examining Physical Memory Dumps for Evidence<br />
for the High Technology Crime Investigation Association (HTCIA) New England Chapter in 2010.<br />
Chad W. Davis, Backbone Security<br />
Chad W. Davis, CCE is the Technical Director at Backbone Security in Fairmont, West Virginia. Mr. Davis has<br />
been instrumental in establishing the Steganography Analysis & Research Center (SARC) as a center of excellence<br />
focused exclusively on steganography research and the development of advanced steganalysis products<br />
and services. He has been instrumental in developing application specifi c techniques, procedures, and<br />
algorithms for extracting hidden information from carrier fi les. Mr. Davis has authored a number of articles<br />
on steganalysis and has been invited to speak at various computer forensics and security conferences. Mr.<br />
Davis holds a B.S. in Computer Engineering from West Virginia University (WVU) and an M.S. in Electrical<br />
Engineering with a Certifi cate in Computer <strong>Forensic</strong>s also from WVU. He is a member of HTCC, HTCIA, and<br />
ISFCE.<br />
Jeff Dye, PwC<br />
Jeff rey is a Manager in the Advisory-<strong>Forensic</strong>s practice at PwC with 6 years of experience in the fi elds of<br />
forensic investigations, malware capability assessments, cybercrime and information security consulting. He<br />
has led multiple computer forensic investigations dealing with PCI/PII data breaches, intellectual property<br />
theft, insider threats, extortion, and economic espionage. Jeff rey has investigated cases in areas of Payment<br />
Card Processing, Retail, Financial and the Healthcare industries. He has responded to numerous crisis<br />
incidents and helped organizations worldwide. At PwC, Jeff rey advises clients on cyber threats, malware<br />
detection, incident response, and insider threat investigations. His recent investigative engagements include<br />
responding to data breaches targeting Email Service Providers (ESPs), network penetration and email exfi ltration<br />
by a state-sponsor at an Energy corporation targeting information on intellectual property. Prior to<br />
PwC, Jeff rey was a computer forensic lead at General Dynamics Cyber Incident Response Team.<br />
James Eichbaum, MicroSystemation<br />
James Eichbaum is a Product Specialist and Trainer for Micro Systemation (MSAB, Inc.). As a Product Specialist,<br />
James provides customer support for North America on MSAB’s mobile forensic tool, XRY. He is also an<br />
instructor for MSAB’s logical and physical mobile device courses. James has over 16 years of law enforcement<br />
experience including seven years as a detective working high tech crime with the Modesto Police Department<br />
and the Stanislaus County Sheriff ’s Department. He has served over fi ve years with the Sacramento<br />
Valley High Tech Crimes Task Force and is currently a Reserve Offi cer with the Gustine Police Department in<br />
California. James was the co-winner of the 2012 HTCIA International “Case of the Year” award.
Todd L Gabler, Rudiger Investigations<br />
Mr. Gabler began his career in private investigations with the authoring of relational databases for large<br />
scale federal defense investigations. He has worked in hundreds of cases involving computer and cell phone<br />
evidence, including the intense work of capital homicide cases. He has served as an expert consultant and<br />
witness in federal and state courts. Mr. Gabler has worked as an investigator on fi ve continents and in over<br />
fi fty countries. He continues to innovate in the area of historical cell site analysis. Mr. Gabler is a renowned<br />
public speaker, having traveled to hundreds of college forensic functions at over 100 colleges and universities<br />
throughout the United States. He has also served as an instructor at Northwestern University (NHSI) and<br />
Loyola-Marymount University of Los Angeles.<br />
Charles Giglia, Digital Intelligence, Inc.<br />
Charles Giglia has been in the fi eld of computer forensics since 2000 concentrating primarily on the research<br />
and development of computer forensic investigative techniques and training curriculum. Charles has an<br />
undergraduate degree in mathematics from Canisius College and a graduate degree in forensic science<br />
from the University of New Haven. Charles had been deployed nearly 18 months from 2007 to 2009 doing<br />
computer forensic investigations in support of Operation Iraqi Freedom while serving as a U.S. Army Contractor<br />
in Baghdad. Previously he spent six years as Computer Crime Specialist with the NW3C while leading<br />
the development of numerous training classes. His primary concentrations were courses related to Internet<br />
investigations and Internet forensics. Charles has been a guest presenter at the FBI training academy, as well<br />
as several IACIS, FACT, RCFG/GMU, HTCIA international/regional conferences and an adjunct professor at<br />
Fairmont State College. He is a Certifi ed <strong>Forensic</strong> Computer Examiner (CFCE) and a Red Hat Certifi ed Engineer<br />
(RHCE).<br />
Josh Gilliland, Bow Tie Blog<br />
Joshua Gilliland, Esq., author of the ABA Journal Top 100 Blawg Honoree Bow Tie Law. Mr. Gilliland is a California<br />
attorney and nationally recognized thought leader on electronic discovery with his blog “Bow Tie Law.”<br />
Josh has conducted over 300 Continuing Legal Education seminars on e-Discovery all across North America.<br />
Josh has a passion for the impact of technology on the practice of law, has guest lectured at his alumni<br />
McGeorge School of Law, has been published in American Lawyer Magazine and is active in the Santa Clara<br />
County Bar Association. Josh also has a new blog, The Legal Geeks. TLG focuses on all things “geek” and the<br />
law, from legal issues in science fi ction to pop culture. Josh also ties a mean bow tie.<br />
Keith Gray, Gray Matters<br />
Keith Gray, President of Gray Matter Consulting, LLC, has nearly 2 decades of political experience on and off<br />
Capitol Hill. He has devoted his time for 20 years dealing with diffi cult policy issues, especially in agriculture<br />
policy and fi nancial services. Additionally, his extensive work inside grassroots groups has helped to develop<br />
strategies to achieve legislative and regulatory success for his clients. In addition to his extensive lobbying<br />
and government aff airs experience, Gray Matter Consulting also off ers grant-writing development services.<br />
Mr. Gray has worked for over 19 years in developing and writing grant applications as well as grants administration<br />
and is a member of the American Grant Writers Association and Grant Professionals Association.<br />
He also is an Instructor in the USDA Graduate School’s Grants Management Certifi cate program for grants<br />
professionals and has a Certifi cate in Grants Management from the USDA Graduate School.<br />
Lan Hang, PwC<br />
Lan is an Experienced Associate in the Advisory-<strong>Forensic</strong>s practice at PwC with experience in the fi elds of forensic<br />
investigations, cybercrime and information security consulting. She has conducted multiple computer<br />
forensic investigations involving PCI data breaches, intellectual property theft, and advanced persistent<br />
threats. In addition, Lan’s experience includes internal and external penetration testing, and security assessments<br />
and workshops. She has worked on engagements for clients in the automotive, entertainment and<br />
media, fi nancial, and manufacturing industries.
Jon Hansen, H-11 Digital <strong>Forensic</strong>s<br />
Jon R. Hansen is the Vice-President for H-11 Digital <strong>Forensic</strong>s (H-11). Jon is a computer specialist with over<br />
twenty-fi ve years of experience in computer technologies, including, digital computer forensics, large-scale<br />
deployment, and training on various computer hardware and software platforms. Jon has been involved<br />
with defi ning and developing security policies and techniques for safeguarding computer information and<br />
fraud prevention. Jon joined H-11 to be able to provide complete digital forensics solutions. H-11 Digital<br />
<strong>Forensic</strong>s off ers a ‘One-stop-Solution’ for digital forensic software, hardware, professional services, and training.<br />
H-11 has offi ces in Salt Lake City, Utah; Beijing, China; Taipei, Taiwan; and Mexico City, Mexico. Jon has<br />
presented at <strong>Forensic</strong>s, Security and Fraud conferences all over the world. Prior to joining H-11 Digital <strong>Forensic</strong>s,<br />
Jon was the Director of Training and then Vice-President of Sales for AccessData – a leading provider of<br />
digital forensic and eDiscovery software.<br />
Chet Hosmer, Allen Corporation/Wetstone<br />
Chet Hosmer is the Chief Scientist and co-founder of WetStone, now a division of Allen Corporation. Chet<br />
has over 30 years of experience researching and developing high technology solutions. Since 1992, Chet<br />
has focused his research in Cyber Security and has served as the Principal Investigator on over 40 cyber<br />
security, digital forensic and information assurance research programs funded by AFRL, ARL, OSD, DARPA<br />
and NIJ. Chet and his team have produced several award winning cyber security and forensic products and<br />
were awarded the prestigious SBA Tibbetts award for small business innovation. Chet received his degree<br />
in Computer Science from Syracuse University, serves on several editorial boards, and is a visiting professor<br />
at Utica College where he teaches in the Cybersecurity Graduate program. Chet actively gives numerous<br />
Cyber Security relevant keynote, plenary and panel presentations each year on a global basis.<br />
Brian K. Ingram<br />
Brian K. Ingram is a private investigator and a former law enforcement offi cer. Brian investigated and solved<br />
the ONLY confi rmed Cult related kidnapping in U.S. History. During his career as a police offi cer, Brian Ingram<br />
solved several major narcotics cases, burglary rings and other major cases. In that time period, Brian<br />
Ingram never lost a felony case, a record of approximately 235 felony convictions. His criminal defense case<br />
work includes 375 criminal defense cases, mostly felony cases and he has successfully investigated major<br />
international credit card processing fraud. Brian is also an accomplished speaker, instructor and expert witness.<br />
Charlie Kaupp<br />
Charlie Kaupp is an eDiscovery consultant with Digital Strata. He has worked in the litigation support, eDiscovery,<br />
and information retrieval fi elds since 2005. Mr. Kaupp provides eDiscovery guidance to corporate<br />
clients and law fi rms focusing on strategic, defensible, and repeatable search strategies, early case assessment,<br />
culling, and review workfl ows. He is an active participant with the Electronic Discovery Reference<br />
Model (EDRM), and is certifi ed in a number of eDiscovery platforms. Mr. Kaupp holds a B.A. in linguistics from<br />
the University of California at Santa Cruz.
Alec Kaguru, ARS Digital <strong>Forensic</strong>s<br />
Alec Kaguru is the founding partner, and Chief Executive Offi cer of ARS Digital <strong>Forensic</strong>s (20189/03), Zimbabwe.<br />
Alec holds a Bachelor in Accounting Science (B.Compt) degree from University of South Africa, a<br />
Diploma in Accounting and Business Management from College of Professional Management (USA). Alec<br />
did his articled clerk training with Ernst & Young Chartered Accountants (Zimbabwe). Mr. Kaguru has earned<br />
more than nine (9) years of continuous practical experience in Computer forensics, Mobile Phone <strong>Forensic</strong>s,<br />
Network <strong>Forensic</strong>s, E-mail and Internet <strong>Forensic</strong>s ICT Security Audits and Data Recovery. As a leading Digital<br />
<strong>Forensic</strong> Examiner, Alec has been involved in complex digital forensics assignments for several, mainly stock<br />
listed corporates in Mining, Banking, Telecommunications, Construction, Manufacturing, and Agriculture<br />
and has served government institutions in Education, Revenue Collection, Law Enforcement, and Legal fi rms<br />
in Africa. Alec has developed, and taught many courses in Digital forensics over the years.<br />
Melia Kelley, First Advantage Litigation Consulting<br />
Melia Kelley is Senior <strong>Forensic</strong>s Consultant at FALC, where she actively consults with clients on investigative<br />
and litigation hold procedures. Melia’s previous investigations for FALC include malware, fraud, and theft<br />
of intellectual property cases. She has conducted work for FALC in the United States, the United Kingdom,<br />
Japan, and Germany. Prior to her work with FALC, Melia performed Media Exploitation for the U.S. military in<br />
Iraq where she performed intelligence gathering using forensically sound methodologies. Melia has worked<br />
extensively in eDiscovery as well as digital forensics in addition to her work as a Paralegal dealing with large<br />
eDiscovery cases. Melia is a member of the International Society of <strong>Forensic</strong> Computer Examiners and is a<br />
Certifi ed Computer Examiner. Her certifi cations include CCE, EnCE, GCFE, ACE, A+, Network+ and Security+.<br />
She holds an AS from Weber State University.<br />
Publications:<br />
• “Report writing guidelines,” Digital <strong>Forensic</strong> Investigator News, May 2012<br />
• www.girlunallocated.blogspot.com Nominated for <strong>Forensic</strong>4Cast 2012 Digital <strong>Forensic</strong> Blog of the<br />
Year<br />
Greg Kipper, STG<br />
Gregory Kipper is an author, consultant and strategic forecaster in Emerging Technologies. Mr. Kipper specialized<br />
in I.T. Security and information assurance for 17 years with the last 11 years working in the fi eld of<br />
digital forensics and the impacts emerging technologies have on crime and crime fi ghting. Mr. Kipper has<br />
been the keynote speaker at select industry events, a digital forensics instructor as well as a trusted advisor<br />
to both the government and commercial sectors. Mr. Kipper is a published author in the fi eld of digital forensics<br />
and emerging technologies with his works including: “Investigator’s Guide to Steganography”, “Wireless<br />
Crime and <strong>Forensic</strong> Investigation”, “Virtualization and <strong>Forensic</strong>s” and the upcoming “Augmented<br />
Reality”.<br />
Ben Lemere, Berla Corp<br />
Ben is the Director of Digital <strong>Forensic</strong>s at 42Six Solutions and is the Co-Founder of Berla Corporation. He currently<br />
serves as a contractor for the U.S. Government and develops tactical solutions related to digital forensics<br />
and media exploitation, specifi cally in the mobile devices arena. Ben has more than 15 years of military<br />
and federal government service.
William Matthews, Southwest Regional Computer Crime Institute<br />
William Matthews, Ph.D. (ABD) retired with 25 years of service from the Federal Bureau of Investigations in<br />
2010 and accepted the position of Southwest Regional Computer Crime Institute Director at Dixie State<br />
College. While with the FBI, Matthews developed an interest in digital forensics, became CART certifi ed and<br />
assisted in the creation of the Regional Computer <strong>Forensic</strong>s Lab (RCFL) in Salt Lake City, UT. Matthews has<br />
had an interesting and diverse career in investigations ranging from working undercover with the LCN in<br />
Las Vegas to the conducting of digital triage in Iraq on the Saddam Hussen seizures. Besides teaching, Matthews<br />
has spent the majority of his time at Dixie College developing ways to make chip-off forensics aff ordable<br />
and time-effi cient.<br />
Jessica Mederson, Esq., Hansen Reynolds Dickinson Crueger LLC<br />
Jessica Mederson is a trial attorney and partner at Hansen Reynolds Dickinson Crueger LLC. Prior to joining<br />
HRDC, Ms. Mederson was an attorney with Vinson & Elkins LLP in Austin, TX where she focused on a complex<br />
commercial litigation practice in state and federal court. She has litigated a broad range of matters, including<br />
securities litigation, director and offi cer liability, and intellectual property disputes. She has signifi cant<br />
experience in addressing e-discovery and attorney-client privilege issues in litigation nationwide. Hansen<br />
Reynolds Dickinson Crueger LLC is a litigation law fi rm that tries complex, sophisticated cases for individuals<br />
and corporations, plaintiff s and defendants. Four partners left their “Big Law” jobs to forge a new fi rm founded<br />
on a culture of being smart, tough, nimble and effi cient. In forming HRDC, they sought to align their interests<br />
with those of their clients by sharing risk, tailoring fee arrangements to meet their clients’ needs, and<br />
rewarding results and effi ciency. They are a success driven law fi rm equipped to handle any litigation matter.<br />
Michael Menz, HP<br />
Michael has been in the Law Enforcement digital investigation and forensics fi eld for 27 years. He has authored<br />
and taught courses SEARCH, California DOJ, University New Haven, University Nevada Reno, California<br />
District Attorney Association, US District Court Eastern District and the US 9th Court of Appeals are just<br />
a few. He is a past International Secretary and President of HTCIA. He is currently a co-chair of the Digital<br />
Media standard committee for the American Society for Testing and Materials (ASTM) and a member of International<br />
Association of Computer Investigative Specialists (IACIS) and Association Certifi ed Fraud Specialist<br />
ACFS. His certifi cation includes the ICl California POST Computer Crime Investigator and Instructor, CISM,<br />
ACFS, CFCE, EnCE, ProDiscover and DFCB.<br />
David Nardoni, PwC<br />
David Nardoni is a Director in PwC’s <strong>Forensic</strong> Services practice with 14 years of experience in the fi elds of<br />
forensic investigations, malware capability assessments, cybercrime and information security consulting.<br />
Mr. Nardoni has led multiple computer forensic investigations dealing with economic espionage, PCI data<br />
breaches, intellectual property theft, insider threats, acts of terrorism, and economic espionage. He has<br />
responded to numerous crisis incidents and helped organizations worldwide. At PwC, Mr. Nardoni advises<br />
clients on cyber threats, malware detection, incident response, and insider threat investigations. His recent<br />
investigative engagements include responding to data breaches targeting Email Service Providers (ESPs),<br />
network penetration and email exfi ltration by a state at a Law Firm targeting information on their clients.<br />
Prior to PwC, Mr. Nardoni was the computer forensics lab manager in Los Angeles for Deloitte Financial<br />
Advisory Services. Previously, Mr. Nardoni was the President of an information security consulting fi rm that<br />
specialized in computer forensics and security assessments.
Magistrate Judge David Nuff er<br />
Judge David Nuff er was appointed as a United States District Judge in the District of Utah on March 23, 2012.<br />
He previously served as a United States Magistrate Judge. From 1995 - 2003, he was a part time judge, part<br />
time lawyer and was appointed as a full time judge January 17, 2003. He serves on the Federal Judicial Center<br />
Judges IT Training Advisory Committee; the District of Utah Attorney Discipline Committee; and the Utah<br />
State Civil Procedure Rules Advisory Committee. He also teaches alternative dispute resolution at Brigham<br />
Young University’s J. Reuben Clark Law School. He practiced law 25 years in St. George Utah after graduating<br />
from the J. Reuben Clark Law School at Brigham Young University. While in private practice, he was a managing<br />
partner with a law fi rm that grew from 2 lawyers to 25 and formerly taught law offi ce management at<br />
the law school. During his years as a lawyer, he was a member and Chair of the Utah Judicial Conduct Commission<br />
and a commissioner and president of the Utah State Bar. He is a frequent lecturer on technology and<br />
legal issue; for several years taught an automation orientation course to all new federal magistrate judges<br />
two times a year in San Antonio, Texas, and developed national technology related curriculum for magistrate<br />
judges. Judge Nuff er was co-developer of Chambers Online Automation Training, a 40 lesson course<br />
in computer skills for judges and chambers staff . He maintains a web page of court-related technology<br />
resources along with a TechNews for Judges blog on the U S Courts intranet. International activities include<br />
presentations to judges, lawyers and law students in Brazil and Czech Republic, and Rule of Law work in Abu<br />
Dhabi, Bahrain, Sharjah, Egypt, and Ukraine, as well as regularly hosting judge visits from many countries.<br />
He taught lawyers from Iran in Antalya, and Istanbul, Turkey and participated in a legal education seminar in<br />
Izmir Turkey. He teaches with the Leavitt Institute, to law professors and law students in Ukraine and is coeditor<br />
of the Leavitt Institute curriculum Foundations of a Free Society, a course emphasizing ethics, citizenship<br />
and the practice of democracy.<br />
Vickie Rafter, Califorensics<br />
Vickie Rafter is a senior investigator with Califorensics, a top-tier computer forensics and investigative services<br />
fi rm in Roseville, California. Vickie previously served as a Senior Special Agent with the U.S. Department<br />
of Health and Human Services (HHS), Offi ce of Inspector General, and Offi ce of Investigations. As such, she<br />
led investigations of healthcare fraud and child support enforcement. Prior to her tenure with HHS, Vickie<br />
served as a Special Agent with the Air Force Offi ce of Special Investigations where she conducted investigations<br />
of contract fraud, child sexual abuse and theft of government property, among other violations. Vickie<br />
also worked on an FBI national undercover operation involving the sale of unapproved aircraft parts. Vickie<br />
is a graduate of the University of California at Irvine and a member of the Association of Certifi ed Fraud Examiners<br />
as well as the Association of Workplace Investigators.<br />
Mike Raggo, MobileIron<br />
Michael T. Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), MobileIron, Inc. applies over 20 years of security technology<br />
experience and evangelism to the technical delivery of Security Solutions. Mr. Raggo’s technology experience<br />
includes penetration testing, wireless security assessments, compliance assessments, fi rewall and IDS/<br />
IPS deployments, mobile device security, incident response and forensics, security research, and is a former<br />
security trainer. In addition, Mr. Raggo conducts ongoing independent research on various Data Hiding<br />
techniques including steganography, as well as Wireless attack and penetration techniques. His publications<br />
include books for Syngress and McGraw Hill, and multiple magazine and online articles. Mr. Raggo has presented<br />
on various security topics at numerous conferences around the world (BlackHat, DefCon, SANS, DoD<br />
Cyber Crime, OWASP, InfoSec, etc.) and has even briefed the Pentagon on Steganography and Steganalysis<br />
techniques.
Meghana Reddy, PwC<br />
Meghana is an Experienced Associate in the Advisory-<strong>Forensic</strong>s practice at PwC. She interned with the group<br />
in 2010 and started full-time in 2011. Her engagement experience includes the fi elds of computer forensics,<br />
malware deobfuscation and assessment, data analytics and modeling, and data visualization. Over the last<br />
two years, she has specialized in the Utilities, Entertainment Media, and Financial sectors. Prior to joining the<br />
fi rm, Meghana completed stints with NASA, the US intelligence community, UCLA’s Experiential Technology<br />
Center, and the Center for Embedded Networked Sensing. Through these experiences she has gained<br />
a background in system/network monitoring, machine learning, data visualization, geospatial analysis, and<br />
DSP.<br />
Lee Reiber, AccessData<br />
Lee Reiber, Director of Mobile <strong>Forensic</strong>s, AccessData Group Lee Reiber is responsible for bringing a proven<br />
mobile phone training curriculum to AccessData’s current training off erings, directing the development<br />
team for the MPE+ project and the coordination of the mobile forensic training team. Lee also off ers consulting<br />
services to customers specifi cally focusing on the extraction, recovery, methodology and security<br />
of mobile devices. Prior to AccessData, Lee was the CEO of one of the most prominent mobile phone training<br />
companies in the United States, Mobile <strong>Forensic</strong>s Inc. Due to the high level of training, knowledge and<br />
skill of MFI’s trainers Mobile <strong>Forensic</strong>s Inc was selected to be the single mobile phone training company for<br />
AccessData in 2009. Today, all mobile phone training under AccessData is still following MFI’s proven curriculum.<br />
Lee frequently contributes to Law Offi cer Magazine as a writer specifi cally dealing with electronic data<br />
discovery from mobile devices and cellular phone carriers and presents at conferences around the world<br />
speaking on cellular forensics. Lee is also an active member of IACIS, HTCC and HTCIA and has retired from<br />
the Boise Police Department after 15 years of service where his duties included the examination of digital<br />
evidence on computers and cellular phones.<br />
Kevin Ripa, Computer Evidence Recovery, Inc.<br />
Kevin J. Ripa, is a former member, in various capacities, of the Department of National Defense serving in<br />
both foreign and domestic postings. He is now providing superior service to various levels of law enforcement<br />
and Fortune 500 companies, and has assisted in many sensitive investigations around the world. Mr.<br />
Ripa is a respected and sought after individual within the investigative industry for his expertise in Information<br />
Technology Investigations, and has been called upon to testify as an expert witness on numerous occasions.<br />
He has been involved in many complex cyber-forensics investigations. Mr. Ripa can be contacted via<br />
e-mail at kevin@computerpi.com.<br />
Jeff Ross, FBI<br />
Mr. Ross an FBI Special Agent assigned to the Salt Lake City Field Offi ce. Mr. Ross is assigned to the Utah Internet<br />
Crimes Against Children Task Force and has worked several hundred cases involving the sexual exploitation<br />
of minors via the Internet. Prior to joining the FBI, Mr. Ross worked as a therapist with victims of sexual<br />
abuse and juvenile sex off enders.<br />
Joan Runs Through, Southwest Regional Computer Crime Institute<br />
Joan Runs Through, B.A./B.S.E is currently completing a Master’s Degree in Education and Technology. She<br />
has 15 years of experience in education and 10 years of experience in the IT fi eld. She currently works for the<br />
Southwest Regional Computer Crime Institute (SWRCCI) as a trainer and a curriculum developer. In January,<br />
she begins instructing the newly developed Digital <strong>Forensic</strong> online courses for Dixie State College. While at<br />
the SWRCCI, Runs Through was tasked with writing the curriculum for Dixie’s chip-off forensics training and<br />
had the opportunity to assist with this training during the SWRCCI’s recent trip to Thailand.
Amber Schroader, Paraben Corporation<br />
Throughout the past two decades Ms Schroader has been a driving force for innovation in digital forensics.<br />
As CEO of Paraben Corporation, Ms. Schroader has developed over two-dozen software programs designed<br />
for the purposes of recovering digital data from hand-held devices such as cellular phones and PDAs, computer<br />
hard drives, and large-scale computer networks capable of storing data from several thousand computers.<br />
With an aggressive development schedule, Ms. Schroader continues to bring forth new and exciting<br />
technology to the computer forensic community worldwide. Ms. Schroader coined the concept of the<br />
“360-degree approach to digital forensics”, pushing for a big-picture consideration of the digital evidence<br />
acquisition process. An accomplished curriculum developer and instructor; Ms. Schroader has written and<br />
taught numerous classes for this specialized fi eld. Ms Schroader continues support through book contributions<br />
and other industry speaking engagements.<br />
Rob Schroader, Paraben Corporation<br />
Rob Schroader has been active in the fi eld of technology for many years working through the dot com era<br />
with success with multiple startup companies. Mr. Schroader graduated from Utah Valley State College in<br />
2000 with a degree in Business Management and an emphasis in accounting. As a founding member of Paraben<br />
Corporation, Mr. Schroader serves as the President and Chief Marketing Offi cer for the company managing<br />
its multiple locations and its global expansion. Beyond operations, Mr. Schroader is a fundamental force<br />
in the continued success of the company pushing it further in its penetration into new market spaces.<br />
Judge Matthew Sciarrino, Jr, Esq.<br />
Matthew Sciarrino graduated magna cum laude from St. John’s University in 1990. He received a St. Thomas<br />
More scholarship to St. John’s University School of Law and he graduated in 1993. He is admitted to the<br />
courts of New York, New Jersey, Pennsylvania, the United States Court of Appeals for the Armed Forces and<br />
the U.S. Supreme Court. Before becoming a Judge, he served as the Principal Law Clerk to Justice Joseph<br />
Maltese in the Criminal Courts of Staten Island and Brooklyn handling felonies and misdemeanors and in<br />
the Civil Part of the Richmond County Supreme Court handling medical malpractice and other actions. On<br />
January 3, 2005, Michael R. Bloomberg appointed Matthew Sciarrino, Jr. as an Interim New York City Civil<br />
Court Judge and in 2006 Michael R. Bloomberg appointed Judge Sciarrino to a full term in the New York City<br />
Criminal Court. He has sat in Kings, Richmond and New York Counties.<br />
He currently presides primarily over a Jury Part in NY County. He is the Presiding Judge in a Special Part of<br />
the Occupy Wall Street defendants. He is also the current editor of the Richmond County Bar Association<br />
Journal and has numerous published decisions and articles; his most recent article “iPad Apps for Lawyers”<br />
(Spring 2011 Issue<br />
of the RCBA Journal) is regularly updated on the web page TheRCBA.com.<br />
Stephanie Sparks, Esq., Hoge Fenton Jones & Appel<br />
Stephanie O. Sparks is a shareholder of Hoge Fenton Jones & Appel, Inc., with offi ces in San Jose and<br />
Pleasanton, California, and chairs the fi rm’s Intellectual Property and Privacy and Data Security Teams. She<br />
counsels her clients about, and litigates complex business disputes concerning trade secrets, trademarks,<br />
copyright, and other intellectual property issues. She leads the fi rm’s Electronic Discovery Team, given her<br />
specialized knowledge in computer forensics, records management, and electronically stored information.<br />
She also counsels businesses on HIPAA compliance and other privacy law and data security issues. When the<br />
inevitable data breach occurs, she manages the response team, which handles the aftermath of such data<br />
breach crises on behalf of fi rm clients. She represents internet service providers in dealing with subpoenas,<br />
search warrants, National Security Letters and other government requests for information.<br />
Stephanie was named a “Northern California Super Lawyer” in 2009, 2010, 2011, and 2012 as chosen by her<br />
peers and through the independent research of Law & Politics and San Francisco Magazine.
Stephanie is a member of the International Trademark Association and facilitates monthly INTA Roundtables<br />
in San Jose. She is also a member of the International Association of Privacy Professionals; the Association of<br />
Business Trial Lawyers of Northern California; and the William A. Ingram Inn of the American Inns of Court.<br />
Stephanie routinely presents seminars on intellectual property, electronic discovery, and privacy and data<br />
security issues to accounting fi rms, bar associations, and other professional associations. She has taught<br />
classes at Santa Clara University on these topics. She recently participated in San Jose State University’s<br />
Symposium on Cyber Security. Later in November 2012, she will be presenting seminars on the intersection<br />
between records management, data security and electronic discovery to the Authority on Managing records<br />
& Information (ARMA) and the San Francisco chapter of Women in eDiscovery.<br />
Patrick Stump, Roka Security LLC<br />
Patrick Stump is the President and founder of Roka Security, a computer security company located in<br />
Northern Virginia. In his career, Mr Stump has worked for various entities in the security industry, including<br />
Lockheed Martin, Northrop Grumman, and highly specialized security companies including Vulnerability<br />
Research Labs. Mr Stump has been a key player in both red-teaming and security operations with multiple<br />
branches and agencies of the United States Government (USG), the military, and commercial industry. Mr<br />
Stump’s software development ranges from embedded low level assembly to high level application development<br />
in various software languages. Mr Stump’s experience in Operations with the USG, as a Network<br />
Engineer and as an accomplished network attack simulator or penetration tester has allowed him to develop<br />
a keen understanding of how advanced threats attack government and corporate networks, and how to<br />
defend against them.<br />
Christopher Taylor, CyTech Services, Inc.<br />
Christopher Taylor is the Director of <strong>Forensic</strong>s for CyTech Services, a technical services fi rm in Northern Virginia<br />
that provides analytical and engineering support to federal governments and commercial clients. Mr.<br />
Taylor has 15 years of IT experience, with the last 10 years focusing on digital forensics, incident response,<br />
and data recovery. He got his start in forensics supporting investigations within the Intelligence Community<br />
and Federal Law Enforcement, and now brings that experience to commercial clients in the form of incident<br />
response, litigation support, eDiscovery, and data recovery. He has taught scores of classes preparing students<br />
to receive certifi cations such as the CISSP, CCE, EnCE, as well as many other IT security and computer<br />
forensics related topics.<br />
Zeke Thackary, Thackray <strong>Forensic</strong>s Limited<br />
John (Zeke) Thackray is a the Principle Director of Thackray <strong>Forensic</strong>s Ltd, a New Zealand based company<br />
that provides professional computer and cell phone forensic investigative solutions and training around<br />
the world. Zeke, as he is more commonly known throughout the industry, is a former British Police Detective<br />
who specialized in high tech crime from the early 1990’s. He was responsible for the establishment and<br />
development of the New Zealand Police Electronic Crime Unit based in Auckland. He has also been responsible<br />
for the establishment of corporate computer forensic facilities such as Ernst and Young in Australia and<br />
IBM Global IT Security Incident Response Group. Zeke has been involved in many high-tech, high profi le<br />
investigations around the world and has delivered computer and cell phone forensics training globally for<br />
many years. Zeke considers himself an investigator fi rst and an educator second. Hands-on investigating is<br />
a primary key to be able to train investigators how to deal with real solutions.
Don Vilfer, Califorensics<br />
Don Vilfer is President of Califorensics, a Top-tier Computer <strong>Forensic</strong>s and Investigative Services fi rm in<br />
Roseville, California. His company provides Computer <strong>Forensic</strong>s and eDiscovery services to several Fortune<br />
500 companies, law fi rms, government agencies and small businesses. Don previously served in the FBI as<br />
the Special Agent in charge of the White Collar Crime and Computer Crime Unit in Sacramento. As such, he<br />
led investigations of Federal White Collar Crime and Computer Crime violations, including an international<br />
computer intrusion and extortion investigation. During his FBI career he was also assigned to the Washington<br />
D.C. Field Offi ce and later at FBI Headquarters in Washington D.C. where he led a major case management<br />
team. After his tenure in the FBI, he held the position of Senior Director of Litigation Support and<br />
Investigative Services for a large accounting fi rm before forming Califorensics. He is an avid photographer, a<br />
graduate of the Ohio State University College of Law and a member of the Ohio Bar.<br />
Ryan Washington, AR-<strong>Forensic</strong>s<br />
Mr. Washington served in the US Marines as a Special Intelligence Operator for fi ve years before moving into<br />
the private sector to move into computer and network security. After working as a UNIX system administrator,<br />
Mr. Washington moved into the emerging fi eld of computer forensics and helped develop and grow<br />
many of the forensic programs for the FBI and other organizations while working on critical cases in the<br />
counter-terrorism, counter-intelligence and criminal areas. While managing a career and growing family, Mr.<br />
Washington graduated from National Louis University with a Bachelor’s in Science in Management and went<br />
on to later attain a Master of Business Administration from Kelley School of Management at Indiana University.<br />
He has also testifi ed as an Expert Witness on behalf of the U.S. Government and is an accomplished<br />
speaker and part-time computer forensics instructor. Mr. Washington also holds several industry certifi cations<br />
to include Certifi ed Information Systems Security Professional (CISSP), EnCase Certifi ed Examiner Certifi<br />
cation (EnCE), and Certifi ed Computer Examiner (CCE).<br />
James Wiebe, CRU-DataPort<br />
James Wiebe, Vice President of Research and Development In January 2008, James Wiebe sold WiebeTech<br />
to CRU-DataPort where he currently presides as the Vice President of Research and Development and continues<br />
WiebeTech as a unique brand. In July 2000, James Wiebe recognized an opportunity after 25 years of<br />
computer industry expertise and founded WiebeTech. Previously, James Wiebe founded and was the President<br />
and CEO of Newer Technology. James led the company to annual sales over $60 million and attained<br />
a leading position as provider of computer upgrades. James is an experienced pilot who loves to fl y his<br />
Cessna 206 on business and pleasure. The most exciting fl ights are to the Idaho back country where he and<br />
his buddies enjoy fl y fi shing, another one of his passions. James received his degree in Mathematics with<br />
emphasis in Computer Science from Tabor College in Hillsboro, KS.<br />
Michael Wilkinson, Champlain College<br />
Michael Wilkinson is the Program Director of both the M.S. Digital <strong>Forensic</strong> Management and M.S. Digital <strong>Forensic</strong><br />
Science Programs at Champlain College. He teaches both undergraduate and graduate courses and is<br />
a Co-Director of the Senator Leahy Center for Digital Investigation which provides investigative and research<br />
services to Law Enforcement, Government agencies and the general public. Prior to joining Champlain<br />
College Michael was a coordinator of the New South Wales Police Force, State Electronic Evidence Branch, ,<br />
responsible for the management and oversight of all forensic analysis work performed by the Branch. In his<br />
time with the NSW Police Force Michael has conducted hundreds of examinations and regularly presented<br />
evidence in court. Michael has been actively involved in the development of the Digital <strong>Forensic</strong>s profession<br />
through his involvement with the National Institute of <strong>Forensic</strong> Science. Where he was involved in the creation<br />
of national competency and validation standards. He is also a technical assessor with NATA the Australian<br />
national body for ISO17025 forensic laboratory accreditation.
Donald Wochna, Vestige Ltd.<br />
Author of “E-Discovery: Making Computers Your Best Witness”, Donald Wochna has been practicing law<br />
for 30 years, testifying as an electronic evidence forensic expert in federal and state cases since 1999, and<br />
founder and general counsel of Vestige Digital Investigations. He is a well-recognized author concerning<br />
issues related to electronic evidence; and speaks at venues across the nation to lawyers and forensic professionals.<br />
In 2012, Don has focused his <strong>PFIC</strong> sessions upon emerging new areas challenging computer forensic<br />
experts, including privacy and “Big Data” issues in Social media; authentication and discovery challenges in<br />
Electronic Medical Records, and civil liability of computer forensic experts handling contraband child pornography<br />
evidence in federal and state child pornography cases.<br />
Eric Zimmerman, FBI Cyber Crimes Squad<br />
Eric Zimmerman is a special agent assigned to the Cyber Crimes Squad of the Salt Lake City FBI fi eld offi ce<br />
where he has been investigating child pornography and computer intrusions for the past four years. He is<br />
a member of the Utah ICAC and has provided training and assistance to dozens of local, state, federal and<br />
international law enforcement agencies. Eric has a degree in Computer Science and has developed several<br />
computer programs to aid in the investigation and prosecution of child exploitation matters. In May 2012,<br />
SA Zimmerman won the NCMEC Law Enforcement Excellence Award for his work related to his work in relation<br />
to combating child sexual exploitation.<br />
Speaker Biographies not available:<br />
• Natasha Lockhart, Vound