Download - PFIC - Paraben's Forensic Innovations Conference

Basel 

Innovations Track 

8:00 AM - 12:00 PM (Noon) 

MPE+ Bootcamp 

Presenter: Lee Reiber, 

AccessData 

1:00 PM - 5:00 PM 

ROOM CLOSED 

Saturday, November 3rd, 2012 

Interlaken 

Forensics Track 

8:00 AM - 12:00 PM (Noon) 

Social Media & 

Internet Investigations 

Presenter: Nicole Bocra, 

Infi nity Investigative Solutions 

Lunch Break 12:00 PM - 1:00 PM (On Your Own) 

1:00 PM - 5:00 PM 

Cell Phone Tower Analysis 

Presenter: Glenn K. Bard, 

PATCtech 

Opening Social 7:00 PM - 10:00 PM 

(Casino Night) Sponsored by: Paraben Corporation 

St. Moritz 

Legal Track 

8:00 AM - 12:00 PM (Noon) 

eDiscovery Challenges for 

Civil & Criminal Cases 

Presenters: Josh Gilliland, 

Jessica Mederson, Aaron 

Crews, Magistrate 

Judge David Nuffer, Judge 

Matthew Sciarrino, & John 

Bargiel 

1:00 PM - 5:00 PM 

Deposition Bootcamp 

Presenters: Joshua Gilliland, 

Jessica Mederson, & 

Stephanie Sparks

Neuchatel 

Lab A Track 

8:00 AM - 12:00 PM (Noon) 

Apple Forensics Bootcamp 

(Morning Session) 

Presenter: Don Brister, 

BlackBag Technologies, Inc. 

1:00 PM - 5:00 PM 

Apple Forensics Bootcamp 

(Afternoon Session) 


BlackBag Technologies, Inc. 


Geneve 

Lab B Track 

8:00 AM - 12:00 PM (Noon) 

Mobile Forensics Basics 

Presenter: Amber Schroader, 

Paraben Corporation 

Lunch Break 12:00 PM - 1:00 PM (On Your Own) 

1:00 PM - 5:00 PM 

Data Exploitation Forensics 

(Mobile to Machine) 

Presenter: Ryan Washington 

AR-Forensics 

Uri 

Lab C Track 

8:00 AM - 12:00 PM (Noon) 

In-Depth Steganography: 

Examination, Detection, and 

Hidden Information 

Extraction 

Presenter: Chad Davis, 

BackBone Security 

1:00 PM - 5:00 PM 

In-Car Navigation System 

Exploitation Class 

Presenter: Ben Lemere, 

Berla Corp 

Opening Social 7:00 PM - 10:00 PM 

(Casino Night) Sponsored by: Paraben Corporation

Davos 


Sunday, November 4th, 2012 

8:00 AM - 9:00 AM 

Keynote Presentation: Cyber Forensics in the Future | Room: Grindelwald 

Keynote Speaker: Greg Kipper, STG 

9:00 AM - 10:00 AM 

Forensic Analysis of Digital 

Photos 

Presenters: Vickie Rafter & 

Don Vilfer, Califorensics 

10:30 AM - 11:30 AM 

How to Get a Grant for Your 

Organization 

Presenter: Keith Gray, 

Gray Matters 

Breakfast with Sponsors 7:30 AM - 8:00 AM 

9:00 AM - 10:00 AM 

The Art to the Science-Quick 

Forensics 

Presenter: Ryan Washington, 

AR-Forensics 

Sponsor Break 10:00 AM - 10:30 PM 

10:30 AM - 11:30 AM 

Case Study: Antonio 

Cardenas -Distributor and 

Manufacturer of Child 

Pornography 

Presenter: Jeff Ross, FBI 

9:00 AM - 10:00 AM 

Discovery & Admissibility of 

Social Media 

Presenters: Stephanie Sparks, 

Judge Matthew Sciarrino 

10:00 AM - 11:30 AM 

Communication Protocols 

in eDiscovery and Internal 

Investigations 

Presenter: Albert Barsocchini 

Director of Strategic Consulting 

NightOwl DMS, Inc. 

Lunch Break 11:30 AM - 12:30 PM (Provided in Bernese Event Center) 

12:30 PM - 2:00 PM 

Exploiting mobile devices 

for profi t (iOS and Android) 

Presenter: Chet Hosmer, Allen 

Corporation/Wetstone 

2:00 PM - 3:30 PM 

Hiding Information on Hard 

Drives, in Ways your 

Standard Forensic Software 

will Never Find 

Presenter: James Wiebe, 

CRU DataPort 

4:00 PM - 5:30 PM 

Data Hiding and Steganography 

– An update on the 

latest innovations 2012 

Presenters: Chet Hosmer & 

Mike Raggo, Authors of Data 

Hiding 

Interlaken 


12:30 PM - 2:00 PM 

Tips and Tricks For Forensics 

and Investigations 

Presenter: Mike Menz, HP 

2:00 PM - 3:30 PM 

Visualization of Digital 

Forensics Data 

Presenter: John J. Carney, 

Esq. Carney Forensics 

Sponsor Break 3:30 PM - 4:00 PM 

4:00 PM - 5:30 PM 

Automating Forensic 

Correlation via Open-Source 

Tools 

Presenter: Harlan Carvey, 

Applied Security, Inc 

St. Moritz 

Legal Track 

12:30 PM - 2:00 PM 

Social Media Challenges: 

Navigating Privacy “Beliefs” 

in a “Shared Communication” 

Environment 

Presenter: Donald Wochna, 

Vestige Ltd. 

2:00 PM - 3:30 PM 

Issuing Litigation Holds 

Presenter: Aaron Crews, Esq. 

4:00 PM - 5:30 PM 

Forensics meets Records 

Management, Medical Device 

Manufacturers, and Lawyers: The 

Electronic Medical Record and the 

Need for Forensic Understanding 

of Health IT Systems 

Presenter: Donald Wochna, 

Vestige Ltd. 

Sponsor Social 6:00 PM - 7:30 PM (In Grand Matterhorn Ballroom)

Neuchatel 

Lab A Track 

9:00 AM - 10:00 AM 

Social Media Investigations 


Infi nity Investigative Solutions 

10:30 AM - 11:30 AM 

E-mail Evidence: Finding the 

Needle in the E-mail Haystack 

Presenter: Rob Schroader, 


12:30 PM - 2:00 PM 

Data carving and making 

sense of the unknown 

Presenter: Zeke Thackary, 

Forensics Limited 

2:00 PM - 3:30 PM 

Identifying the Artifacts and 

Behavior of an Unknown 

Application 

Presenter: Michael Wilkinson, 

Champlain College 

4:00 PM - 5:30 PM 

iOS Forensics & Top Five 

Artifacts 

Presenters: Don Brister, 

BlackBag Technologies 


Geneve 

Lab B Track 


9:00 AM - 10:00 AM 

iPhone Backup Data Parsing 


PATCtech 


10:30 AM - 11:30 AM 

Managing evidence in the 

Era of Big Data 

Presenter: John Bargiel, NUIX 

12:30 PM - 2:00 PM 

Memory Analysis & Malware 

Triage 

Presenter: Tomas Castrejon, 

Jeff Dye, & David Nardoni 

PWC 

2:00 PM - 3:30 PM 

The New Field of Forensic 

Search 

Presenter: Natasha Lockhart, 

Vound 

Sponsor Break 3:30 PM - 4:00 PM 

Uri 

Lab C Track 

8:00 AM - 9:00 AM 

Keynote Presentation: Cyber Forensics in the Future | Room: Grindelwald 

Keynote Speaker: Greg Kipper, STG 

9:00 AM - 10:00 AM 

Physical Imaging of Smart 

Devices 



10:00 AM - 11:30 AM 

Modern Password Recovery 

Techniques 

Presenter: Christopher Currier, 

Passware & Sumuri 


4:00 PM - 5:30 PM 

Log Analysis and 

Data Visualization 

Presenter: Tomas Castrejon, 

Jeff Dye, & David Nardoni 

PWC 

12:30 PM - 2:00 PM 

Introduction to 

GPS Forensics 


Berla Corp 

2:00 PM - 3:30 PM 

Stega-what? A Beginner’s 

Guide to Digital 

Steganography 

Presenter: Chad W Davis, 

BackBone Security 

4:00 PM - 5:30 PM 

Android Forensics 

Presenter: James Eichbaum, 

MicroSystemation 

Sponsor Social 6:00 PM - 7:30 PM (In Grand Matterhorn Ballroom)

Davos 


8:00 AM - 9:00 AM 

User Activity Monitoring- how 

monitoring digital behavior is more 

and more important from a Investigation 

and Forensics standpoint 

Nick Cavalancia, Spectorsoft 

9:00 AM - 10:00 AM 

Exploiting online classifi eds 

as a source for OSINT 

Presenter: Allen Atamer, 

LTAS Technologies 

10:30 AM - 11:30 AM 

Wireless Incident Response 

& Forensics – Latest Techniques 

Presenter: Mike Raggo, 

MobileIron 

2:00 PM - 3:30 PM 

How Hackers Move 

Presenter: Patrick Stump, 

Roka Security LLC 

4:00 PM - 5:30 PM 

The very latest on Solid State 

Drives and forensic practice 

Presenter: James Wiebe, 

CRU DataPort 

Monday, November 5th, 2012 


8:00 AM - 9:00 AM 

Correct Evidence Collection, 

inc: Biological & DNA Processing 

from Digital Items 

Presenter: Dyer Bennett, 

SIRCHIE 

Interlaken 


9:00 AM - 10:00 AM 

Digital Forensic Hardware 

Confi guration 

Presenter: Charles Giglia, 

Digital Intelligence, Inc. 


10:30 AM - 11:30 AM 

Geeks & Lawyers: You Can’t 

Handle the Truth 

Presenter: Joshua Gilliland, 

Esq. 

12:30 PM - 2:00 PM 

Intro to Windows 7 Forensic 

Analysis 



2:00 PM - 3:30 PM 

Comprehensive Network 


Presenter: Jeff Atkinson, 

General Dynamics 

4:00 PM - 5:30 PM 

Electronic Location 

Evidence 

Presenter: Todd L Gabler, 

Rudiger Investigations 

PFIC After Dark 7:30 PM - 11:59 PM 

St. Moritz 

Legal Track 

8:00 AM - 9:00 AM 

In Review: Effectively 

Reviewing eDiscovery 

Presenter: Joshua Gilliland, 

Esq. 

9:00 AM - 10:00 AM 

Computer Forensics in Civil 

Litigation & Testimony 

Presenter: Kevin Ripa, 

Computer Evidence Recovery, 

Inc. 

10:30 AM - 11:30 AM 

Digital Forensics: 

A Defense Perspective 

Presenter: Brian K Ingram 


12:30 PM - 2:00 PM 

Anti Anti-Forensics 

Presenter: David Cowen, 

G-C Partners LLC 

Final Sponsor Break 3:30 PM - 4:00 PM 

12:30 PM - 2:00 PM 

Social media evidence a 

legal perspective 

Presenters: John J. Carney, 

Esq., Carney Forensics 

2:00 PM - 3:30 PM 

Child Pornography Developments: 

Is federal law preempting 

state law; are computer 

forensic expert witnesses immune 

from civil suit for accessing contraband 

images with intent to view 

in federal or state actions—the 

lessons of Dean Boland Case 

Donald Wochna, Vestige Ltd. 

4:00 PM - 5:30 PM 

Preparing for Your Next Internal 

Investigation 

Presenter: Albert Barsocchini 

Director of Strategic Consulting 

NightOwl DMS, Inc.

Neuchatel 

Lab A Track 

8:00 AM - 9:00 AM 

Hard Drive Forensic Triage 

Using P2 Commander 



9:00 AM - 10:00 AM 

Examinations on Virtual 

Machines 

Presenter: Chris Taylor, 

Cytech 

10:30 AM - 11:30 AM 

Social Media Investigations 


Infi nity Investigative Solutions & 


12:30 PM - 2:00 PM 

Practical Hard Drive Technology: 

How it really works 

Presenter: Christ Taylor, 

Cytech 

2:00 PM - 3:30 PM 

iOS Forensics & Top Five 

Artifacts 


BlackBag Technologies 

4:00 PM - 5:30 PM 

Data carving and making 

sense of the unknown 

Presenter: Zeke Thackary, 

Forensics Limited 


Geneve 

Lab B Track 


8:00 AM - 9:00 AM 

Shadow Forensics 


PATCtech 

9:00 AM - 10:00 AM 

Digital Analysis Reporting 

Tool (DART) 

Presenter: Tom Eskridge, 

HTCI 


10:30 AM - 11:30 AM 

PALADIN in the fi eld for triage 

and previews 



12:30 PM - 2:00 PM 

In-Car Navigation System 



Berla Corp 

2:00 PM - 3:30 PM 

The New Field of Forensic 

Search 

Presenter: Natasha Lockhart, 

Vound 

Final Sponsor Break 3:30 PM - 4:00 PM 

4:00 PM - 5:30 PM 

Digital Forensic Report 

Writing 

Presenter: Melia Kelley, 

First Advantage Litigation 

Consulting 

PFIC After Dark 7:30 PM - 11:59 PM 

Uri 

Lab C Track 

8:00 AM - 9:00 AM 

Windows Registry Analysis 

Presenters: Jon Hansen, 

H-11 Digital Forensics 

9:00 AM - 10:00 AM 

Physical Imaging of Smart 

Devices 



10:30 AM - 11:30 AM 

Start to Finish Mobile Acquisitions 

Using Paraben Tools 

Presenters: Amber Schroader, 



12:30 PM - 2:00 PM 

Android Forensics 

Presenter: James Eichbaum, 

MicroSystemation 

2:00 PM - 3:30 PM 

osTriage 

Presenter: Eric Zimmerman 

4:00 PM - 5:30 PM 

Development of Chip-off 

Procedures for Cellphones 

Presenter: William Matthews 

& Joan Runs Through, Southwest 

Regional Computer 

Crime Institute (SWRCCI)

Davos 


8:00 AM - 9:00 AM 

Timeline Analysis 



9:00 AM - 10:00 AM 

Why The Bad Guys Win 

Presenter: Kevin Ripa, 

Computer Evidence Recovery, 

Inc. 

Tuesday, November 6th, 2012 

Interlaken 


Breakfast (Served in Monterosa) 

8:00 AM - 9:00 AM 

Automating Forensic Pre-Processing 

Steps Using 

TAPEWORM 

Presenters: Michael Wilkinson, 


9:00 AM - 10:00 AM 

Forensic Triage in a Modern 

Day TB Era 

Presenter: Zeke Thackary 

St. Moritz 

Legal Track 

8:00 AM - 9:00 AM 

The future of Digital Forensics 

in Southern Africa 

Presenter: Alec Kaguru 

Chief Executive Offi cer 

ARS Digital Forensics 

(Zimbabwe) 

9:00 AM - 10:00 AM 

Track Closed 

10:00 AM ~ 11:30 AM 

Panel of Experts: Open Discussion on the latest Issues & Innovations 

Moderator: Greg Kipper, STG 

Panel Members: Patrick Stump, Tomas Castrejon, Chet Hosmer 

Conference End - 11:30 AM

Neuchatel 

Lab A Track 

8:00 AM - 9:00 AM 

E-mail Evidence: Finding the 

Needle in the E-mail Stack 



9:00 AM - 10:00 AM 

Identifying the Artifacts and 

Behavior of an Unknown 

Application 

Presenters: Michael Wilkinson, 



Geneve 

Lab B Track 

Breakfast (Served in Monterosa) 

8:00 AM - 9:00 AM 

iPhone Backup Data Parsing 


PATCtech 

9:00 AM - 10:00 AM 

Managing Evidence in the 

Era of Big Data 

Presenter: James Kent, 

NUIX 

Uri 

Lab C Track 

8:00 AM - 9:00 AM 

Modern Password Recovery 

Techniques 



9:00 AM - 10:00 AM 

Windows Registry Analysis 

Presenter: Jon Hansen, 

H-11 Digital Forensics 

10:00 AM ~ 11:30 AM 

Panel of Experts: Open Discussion on the latest Issues & Innovations 


Panel Members: Patrick Stump, Tomas Castrejon, Chet Hosmer 

Conference End - 11:30 AM

Morning Bootcamp Abstracts 


Time: Saturday, 8:00 AM – 12:00 PM 

Track: Bootcamp 

Room: Basel 

Presenter: Lee Reiber, AccessData 

Title: MPE+ Bootcamp 

MPE+ is a stand-alone mobile forensics software solution that is also available on a preconfi gured touchscreen 

tablet for on-scene mobile forensics triage. Mobile Phone Examiner Plus® integrates seamlessly with 

Forensic Toolkit® (FTK®) computer forensics software, allowing you correlate evidence from multiple mobile 

devices with evidence from multiple computers within a single interface. This bootcamp will go through the 

operation of this innovative mobile phone solution. 



Room: Interlaken 

Presenter: Nicole Bocra, Infi nity Investigative Solutions & Paraben Corporation 

Title: Social Media & Internet Investigations 

Valuable information is lurking throughout the web and fi nding the information can save you and your 

organization. Participants will be introduced to a wide variety of public records and social media websites to 

obtain information on individuals and the basic understanding they need to conduct cyber-based investigations. 

Special interest will be paid to the latest in social media sites and the information they hold. 



Room: St. Moritz 

Presenters: Josh Gilliland, Jessica Mederson, Charlie Kaupp, Aaron Crews, Magistrate Judge David Nuff er, 

Judge Matthew Sciarrino, & John Bargiel 

Title: eDiscovery Challenges for Civil & Criminal Cases 

eDiscovery Challenges is a four part series with eDiscovery attorneys, experts and Federal and State Court 

Judges. The fi rst session addresses the core elements of eDiscovery, focuses on the key terms, basic rules, 

case law overview and examples of discovery requests. The second session focuses on the technology used 

to search and review ESI. The third session is with eDiscovery attorneys putting the technology into practice. 

The fourth session is a panel with three judges, one Federal Magistrate Judge, one New York State Judge and 

one California State Court Judge, who will address the ESI issue they face from the bench. 



Room: Neuchatel 

Presenter: Don Brister, BlackBag Technologies, Inc. 

Title: Apple Forensics Bootcamp (Morning Session) 

The apple has not fallen far from the tree with all the new innovations coming out of Apple and these devices 

are now becoming a regular occurrence in your investigation. This course will take you through a variety 

of iOS based devices and what you should do and the analysis process you should be following.



Room: Geneve 

Presenter: Amber Schroader, Paraben Corporation 

Title: Mobile Forensics Basics 

This is an introductory course for beginners in the fi eld of mobile forensics. You will learn everything from 

seizure rules through practical examinations. The tools used in this course will help you gather both logical 

and physical images of common mobiles. This is a hands-on and lecture bootcamp. 



Room: Uri 

Presenter: Chad W. Davis , Backbone Security 

Title: In-Depth Steganography: Examination, Detection, and Hidden Information Extraction 

Digital steganography is an eff ective anti-forensics tool because steganalysis is not performed as a routine 

aspect of computer forensic examinations. Investigators and forensics examiners must be aware that criminals 

can easily use steganography to conceal their digital foot prints. This boot camp will provide information 

on methods used by criminals to conceal evidence of criminal activity in seemingly innocuous fi les as 

well as techniques to detect and extract the hidden evidence. 

Afternoon Bootcamp Abstracts 


Time: Saturday, 1:00 PM – 5:00 PM 



Presenter: Glenn K. Bard, PATCtech 

Title: Cell Phone Tower Analysis Bootcamp 

In this bootcamp the attendee will be introduced to cellular records analysis and mapping. The discussion 

will include what is available from the Wireless service providers, such as Call / SMS / Data usage and tower 

locations for each, and much more. Then the group will discuss how to prepare the legal process required 

to obtain the information and how to understand the documents once they are received by investigators. 

The students will then be shown responses from various Wireless service providers including AT&T, Verizon 

Wireless and Sprint. Attendees will be shown how each WSP is diff erent and how their results may vary from 

other WSP’s. The class will end with a mapping demonstration of various actual cases, as well as tips and 

tricks on mapping. 




Presenters: Joshua Gilliland, Jessica Mederson, Stephanie Sparks 

Title: Deposition Bootcamp 

The Deposition Bootcamp is a hands-on exercise where attendees will the essential requirements for deposing 

expert witnesses. After the short presentation, there will be a brief mock deposition for the attendees. 

The attorney attendees will be divided into small groups with an attorney coach. They will be given a mock 

expert report and develop questions for their Deponent. Each attorney will be able to conduct a short deposition 

and also defend a deposition.




Presenters: Don Brister, BlackBag Technologies, Inc. 

Title: Apple Forensics Bootcamp (Afternoon Session) 

Please Note: This is a repeat class of the morning session. 

The apple has not fallen far from the tree with all the new innovations coming out of Apple and these devices 

are now becoming a regular occurrence in your investigation. This course will take you through a variety 

of iOS based devices and what you should do and the analysis process you should be following. 



Room: Uri 

Presenters: Ben Lemere, Berla Corp 

Title: In-Car Navigation System Exploitation Class 

Worldwide sales of vehicles with advanced features, such as in-car navigation systems, are predicted to jump 

from 9.5 million to 56 million in the next fi ve years. Vehicles are no longer just a method of transportation 

but have become complete entertainment and communications hubs fully integrated into everyday digital 

life. 

Vehicles collect and store a vast amount of user related data such as recent destinations, favorite locations, 

call logs, contact lists, SMS messages, pictures, videos, and a history of everywhere the vehicle has been. This 

presentation will cover the diff erent in-car systems where user data is located, and focus on how to acquire 

and analyze the data. 

Keynote Address 


Time: Sunday, 8:00 AM – 9:00 AM 

Track: Keynote 

Room: Grindelwald 

Presenter: Greg Kipper, STG 

Title: Cyber Forensics in the Future 

In barely more than a decade, digital forensics has evolved from a niche market to a highly diverse and specialized 

industry that touches almost every corner of information technology. As our digital technology continues 

to become indispensable infrastructure we as practitioners fi nd ourselves facing new challenges with 

new types of devices and storage, social networks, big data as well as all the regular challenges we continually 

face with fi le systems, mobiles and eDiscovery. But while we cannot predict the future, there are patterns 

we can follow...if we know where to look. These patterns are technological, social, political and economic 

-- and they off er valuable clues. This keynote will outline these patterns and highlight the current trends of 

today and show you what they mean, where we’re going, and how to best use them in your life and career.

Abstracts 




Track: Innovations Track 

Room: Davos 

Presenters: Vickie Rafter & Don Vilfer, Califorensics 

Title: Forensic Analysis of Digital Photos 

This class addresses the needs for forensic analysis of digital photos, such as to de-authenticate a photo; the 

types of photos that one might need to examine, such as crime scene photos or scientifi c research and alternative 

sources of digital photos. The class includes an introduction to using various tools and techniques 

to examine digital photos, such as Access Data’s Forensic Took Kit (FTK), Adobe Photoshop and newly developed 

specialized digital photo analysis software. This presentation will cover the use of fuzzy hashing in 

FTK to determine if two photo fi les are identical, use of basic observation techniques and specifi c processes 

or actions in Adobe Photoshop to analyze photos for manipulation and the use of the newly developed 

software that uses signature analysis to determine if a .jpeg is an untouched, original from a digital camera. 

Photoshop actions will be made available for download and a vendor discount will be provided for one of 

the software tools. 



Room: Davos 

Presenter: Keith Gray, Gray Matters 

Title: How to Get a Grant for Your Organization 

Utilizing grants and federal contracts to grow your business is a great way to leverage public funding opportunities. 

However, the several thousand grant and federal contracting programs can be confusing and 

overwhelming. Keith Gray, President of Gray Matter Consulting, has 20 years’ experience in working with 

federal contractors and grants for small businesses and municipalities. Many ask the following: 

How do I apply for a grant? 

How do I fi nd a grant or federal contract for my business? 

Am I eligible for grants or loans or federal contracts? 

What is a NAICS code? 

How do I know my idea will be funded? 

These are some of the questions that will be answered during the informative session. 

Time: Sunday, 12:30 PM – 2:00 PM 


Room: Davos 

Presenter: Chet Hosmer, Allen Corporation/WetStone 

Title: Exploiting Mobile Devices for Profi t (iOS and Android) 

This lecture/demonstration will take an in depth look at specifi c Android and iOS exploits, the damage they 

have caused and the fi nancial gain that has resulted. During Q1 2012, over 7,000 new malware threats have 

been identifi ed for Android OS alone. These threats exploit vulnerabilities inherent to the operating systems 

of these mobile platforms. We will also discuss preemptive measures that can be used to identify quarantine 

and mitigate such threats now and in the future. Finally, we will take a close look at what Google, Apple 

and the development community at large is actively pursuing to reduce and mitigate these threats.



Room: Davos 

Presenter: James Weibe, CRU DataPort/Weibe Tech 

Title: Hiding Information on Hard Drives in Ways Your Standard Forensic Software will Never Find 

In this presentation, James Wiebe will present some new thoughts on how data may be hidden on hard 

drives. Covering old concepts fi rst, (such as Host Protected Areas), James will also present alternative methods 

for hiding information on hard drives, such as in supervisory areas. These areas are never visible through 

standard drive commands, and are also are not visible to any operating system. Also discussed will be hypothetical 

examples of how drives may be ‘tampered’ by sophisticated bad guys in order to provide facade 

characteristics to a forensic investigator. 



Room: Davos 

Presenters: Chet Hosmer & Mike Raggo, Authors of Data Hiding 

Title: Data Hiding & Steganography - An Update on the Latest Innovations in 2012 

If the newswire is any indication, corporate espionage, covert communications, and evidence concealment 

continue to plague corporations, investigators, and the military. Use of steganographic techniques by Russian 

Spies for covert communications is the latest in a series of incidents involving data hiding. 

This presentation will highlight some of the latest research of the 21st century involving data hiding techniques 

over the network and with data-at-rest. The highlights will demonstrate new techniques for hiding 

data on mobile devices, VOIP, virtualimages, social networks, and other dominating technologies in today’s 

world. 

Having demonstrated the latest data hiding techniques, we will propose detailed analytical methods for 

discovering hidden data, as well as jamming methods for disrupting data hiding operations. These examples 

of warfare include image, multimedia, and network protocol jamming. 

We will then consider emerging technologies and attack methods, including cloud considerations, parallel 

processing attack methods, privacy protection, and derivative datahiding and detection theories.




Track: Forensics Track 


Presenter: Ryan Washington, AR-Forensics 

Title: The Art to the Science - Quick Forensics 

This presentation (originally titled “Nintendo Forensics Saves Lives”) will go over methodologies, case scenarios, 

and pros and cons of using commercial software and freeware. It will cover some aspects of utilizing 

digital profi ling to correctly assess the target and their digital equipment. 




Presenter: Jeff Ross, FBI 

Title: Case Study: Antonio Cardenas - Distributor and Manufacturer of Child Pornography 

Come and review a case study on a pedophile arrested and prosecuted in Salt Lake City. We will review the 

investigation of Antonio Cardenas. He was an individual responsible for manufacturing and distributing one 

of the most prolifi c series of child pornography today. The presentation will discuss the investigation, apprehension 

and prosecution of Cardenas. 




Presenter: Mike Menz, HP 

Title: Tips and Tricks for Forensics and Investigations 

This class is a montage of techniques and tools to solve current problems in investigations, eDiscovery and 

forensics cases. A CD will be provided with most of the items talked about in the class. The attendee will 

learn of new and current solutions to a variety of problems faced day to day by an investigator in the investigations, 

eDiscovery and forensics fi elds. Resources on the web will be shown and how their unique use, can 

solve investigative problems. Everything from researching suspects to cracking hard drive passwords will be 

discussed and shown. Mike has taught this class at almost every HTCIA conference since 1997. It has always 

been standing room only and has been rated as one of the top information and tools class given. 




Presenter: John J Carney, Esq., Carney Forensics 

Title: Visualization of Digital Forensic Data 

Digital evidence is usually presented today as narrative and numbers accompanied by a stream of bits and 

bytes in computer forensic reports that are at best sorted into buckets of similar items. For example, mobile 

phone evidence is presented such that call logs appear in one section split into inbound, outbound, and 

missed calls. Text messages appear elsewhere split into inbound and outbound messages. And the phone’s 

address book appears yet somewhere else. This primitive and fragmented approach at production hides or 

makes opaque the evidence story that attorneys desperately need to develop a theory of the case for presentation 

to juries to win at trial. Technically, forensics data is made available to attorneys and their clients, 

but often this evidence is so diffi cult to interpret and understand that they derive little, if any, value from it. 

Why? Because many digital forensic examiners report their fi ndings one-dimensionally and out of context. 

Unfortunately, legal professionals, who are not technologists, cannot relate to it. They miss the substance 

and the import of the evidence’s meaning and its ability to tell the story of the case.

Visualization of Digital Forensic Data (Cont.) 

This presentation will show how digital forensic examiners can put meaningful evidence to use with attorneys, 

opposing counsel, judges, juries, and their own legal teams. The focus is on how meaning can be 

mined from forensics data cost eff ectively using software automation. It will include technical information 

on software bridges that span leading mobile forensic examination tools and popular timeline, mapping, 

and investigative software packages used by attorneys and investigators today. Evidence visualizations created 

by this technology will be briefl y demonstrated for the audience. 




Presenter: Harlan Carvey, Applied Security, Inc. 

Title: Automating Forensic Correlation via Open-Source Tools 

The title of this course is a fancy way of saying, “you should use the Forensic Scanner”. Most of the tools 

currently available for digital analysts provide a framework that they can use to view the collected data. The 

Forensic Scanner is RegRipper’s big brother, which provides a means for applying a good deal of automation 

and intelligence to many of the tedious tasks that occupy the initial stages of analysis. 

Legal Track 



Track: Legal Track 


Presenters: Stephanie Sparks & Judge Matthew Sciarrino 

Title: Discovery & Admissibility of Social Media 

This session focuses on the issues of privacy and admissibility around social media. We will address third-party 

requests to service providers and the impact of the Stored Communication Act. The material will explore 

the challenges created for the authentication and admissibility of the many forms of social media and their 

impact on litigation today. 




Presenter: Albert Barsocchini, Director of Strategic Consulting NightOwl DMS, Inc. 

Title: Communication Protocols in eDiscovery and Internal Investigations 

One of the biggest challenges of discovery is communicating eff ectively in order to get the job done right, 

on budget and on time. Using the right tools to communicate the right message at the right time can make 

the diff erence between success and failure. This seminar will explore communication protocols for all types 

of investigations, what to say, when to put it in writing and when to use the phone. 




Presenter: Donald Wochna, Vestige Ltd. 

Title: Social Media Challenges: Navigating Privacy “Beliefs” in a “Shared Communication” Environment 

This seminar will explore the manner in which computer forensic professionals can navigate the area of 

Social Media, recognizing the confl ict between citizens’ expectations of privacy and federal and state laws 

Attendees will learn a “way of thinking” about privacy that will allow them to diff erentiate between expectations 

of privacy that are simply beliefs held by citizens and need not be accommodated in an investigation, 

and expectations of privacy that must be accommodated in order to satisfy federal or state laws.




Presenter: Aaron Crews, Esq. 

Title: Issuing Litigation Holds 

The transition from information management to litigation holds is one of the greatest malpractice risks for 

attorneys. Join us to learn about the duty to preserve, triggering events and how to properly issue and 

manage a litigation hold. 





Title: Forensics meets Records Management, Medical Device Manufacturers, and Lawyers: The Electronic Medical 

Record and the Need for Forensic Understanding of Health IT Systems 

The emergence of the Electronic Medical Record pursuant to the guidelines and mandates of the Department 

of Health and Human Services has presented forensic professionals with a model of a standardized 

electronic record that leverages metadata and forensic artifacts for purposes of authentication. This seminar 

describes the capabilities of such medical record systems, and presents attendees with a method of 

determining the capabilities of a system before conducting any forensic investigation. We will discuss the 

“audit log” features of these systems and review the certifi cation requirements for compliant IT health record 

systems. 

Lab Track A 



Track: Lab Track A 


Presenter: Nicole Bocra, Infi nity Investigative Solutions 

Title: Social Media Investigations 

With the change in technology, you will learn current research techniques and procedures along with the 

scope and capabilities of online systems, the hottest search tools and evidence collection methods. 




Presenter: Rob Schroader, Paraben Corporation 

Title: E-mail Evidence: Finding the Needle in the E-mail Haystack 

E-mail can be an important source of evidence. This lab will show examiners how to examine several diff erent 

types of e-mail databases from local mail stores to network mail stores and in P2 Commander including 

mail store structure, attachment sorting, advanced fi ltering and searching, and exporting.




Presenter: Zeke Thackray 

Title: Data Carving and Making Sense of the Unknown 

During this session attendees will be introduced to the fundamental elements of data carving and making 

sense of the unknown within cellular technology. Although the automated mobile forensic products identify 

large volumes of “low hanging fruit (evidence)” much more is left behind. Attendees will gain hands on 

practical experience to identify, recover and decode a variety of information from cellular devices, such as, 

image fi les, SMS messages and their associated telephone numbers, date and times. Attendees to this session 

will receive a variety of useful software tools and reference material to enhance their cellular 

investigations. 




Presenter: Michael Wilkinson, Champlain College 

Title: Identifying the Artifacts and Behavior of an Unknown Application 

This lab will focus on identifying the artifacts and behavior of unknown applications. Many times you will 

run across an app you might not have seen before and you want to know what traces it leaves on the system. 

What information that is left has meaning and what does not. We will focus on developing results that 

are robust enough to stand up in court and more emphasis on decoding fi le structures so you are prepared. 





Title: iOS Forensics and Top Five Artifacts 

iPhone, iPad, and iPod Touch device popularity has introduced unique forensics and corporate policy enforcement 

challenges. Examiners must understand the attributes and fi le types unique to Mac OS X and 

iOS fi le systems. If your casework involves examining geo-location and EXIF camera metadata, evidence of 

device wiping, or SMS, contacts, and phone call data marked for deletion in SQLite databases, then this lab is 

for you. Attendees will gain valuable insight into the ever-evolving forensics challenges associated with iOS 

devices, and learn ways to conduct highly effi cient and eff ective Mac OS X and iOS device investigations. 

Lab Track B 



Track: Lab Track B 

Room: Geneve 

Presenter: Glenn K Bard, PATCtech 

Title: iPhone Backup Data Parsing 

In this lab the attendee will be introduced to iOS backup analysis. The class will begin with identifying the 

locations of iOS backups on various Operating Systems to include Windows XP, Vista and 7 as well as Mac. 

Once the backups are located the folder structure will be forensically extracted from the suspect computer. 

The students will then be introduced to how the backup fi les store the information on the computer system. 

The class will then end with various tools ranging from free and inexpensive to full forensic applications, all 

capable of extracting diff erent types of data from the backups and deconstructing various fi les into usable 

information.



Room: Geneve 


Title: Managing Evidence in the Era of Big Data 

Investigators and forensic examiners are seizing historic levels of evidence while backlogs grow. This handson 

lab will focus on managing evidence in the era of Big Data seizures - an all too familiar situation for today’s 

investigations. We will take you through investigative examples and demonstrate high speed indexing 

and triage strategies that will save you time and valuable resources. Learn about the advantages of custom 

scripting to automate forensic triage and other investigative functions and join us discussing real world scenarios 

that will help you apply these techniques to rapidly solve your investigations. 



Room: Geneve 

Presenters: Tomas Castrejon, Jeff Dye, & David Nardoni, PwC 

Title: Memory Analysis & Malware Triage 

In this hands-on lab, we will cover the basics of live memory analysis and its importance during an investigation, 

especially involving malware. Attendees will explore the diff erences between memory collection and 

analysis tools. In addition, this lab will cover analysis of memory images infected with malware. Attendees 

will develop an understanding of what evidence can be retrieved from a memory image and how to identify 

forensic evidence related to the malware. 

Attendees will learn how to analyze: 

• Process lists 

• Network connections 

• Registry keys used for persistence 

• Files used by malware 

• Process injected binaries 

• Identify confi guration fi les used by malware 



Room: Geneve 

Presenter: Natasha Lockhart, Vound 

Title: The New Field of Forensic Search 

Abstract not provided. 



Room: Geneve 

Presenters: Tomas Castrejon, Jeff Dye, & David Nardoni, Lan Hang, and Meghana Reddy, PwC 

Title: Log Analysis and Data Visualization 

In this hands-on lab, we will cover the basics of reading, processing and visualizing network log data. Attendees 

will get a basic introduction to grep and awk to fi lter and parse large data sets. They will take the 

data generated though the fi ltering process and learn how to generate reports to help identify several attack 

scenarios. These tools can be used against a variety of diff erent data sets and help the attendee look for 

diff erent ways to search and extract data rapidly and reduce the volume of data not related to their analysis. 

The attendees will be given methods to identify a variety of attacks or scans. These attacks may include port 

scanning, SQL injection, and web application exploitation.

Log Analysis and Data Visualization (Cont.) 

The attendee will be introduced into some basic data visualization based on the data found during the lab. 

Various visualization techniques will be demonstrated by instructors and used by attendees to build intuitive 

graphical representations of network activity that can be communicated to executives or non-technical 

audiences. 

Lab Track C 



Track: Lab Track C 

Room: Uri 


Title: Physical Imaging of Smart Devices 

Smartphones are taking over the world and are becoming one of the most common digital evidence items. 

Come and learn some of the latest techniques for physical imaging of these devices using Paraben’s tools. 

Learn what data you can get with logical vs. physical images. 



Room: Uri 

Presenter: Christopher Currier, Passware & Sumuri 

Title: Modern Password Recovery Techniques 

One of the major hurdles for modern computer forensic examiners is encryption. Files, volumes and even 

entire physical disks can be encrypted with commercial or freely available tools. An examiner or investigator 

must be able to properly identify encryption and know the best way to recover the passwords to decrypt 

potential items of evidentiary value. Sumuri, the offi cial training partner for Passware, will provide insight on 

several types of encryption and show how to defeat them using Passware Kit Forensic software. 



Room: Uri 

Presenter: Ben Lemere, Berla Corp 

Title: Introduction to GPS Forensics 

This presentation will discuss the types of information that can be extracted from GPS devices and used as 

evidence in a criminal prosecution. This is a technical class, and will leave the attendee with a basic knowledge 

of how a GPS device works and the type, amount and manner in which information is stored and 

forensically acquired. 



Room: Uri 

Presenter: Chad W Davis , Backbone Security 

Title: Stega-what? A Beginner’s Guide to Digital Steganography 

Throughout the ages, criminals have sought ways to conceal evidence of their activities. Today’s world is no 

diff erent—digital steganography is used for the distribution of child pornography, theft of intellectual property, 

and as a means for covert communication between conspirators. Digital steganography represents a 

particularly signifi cant threat today because of the large number of applications freely available on the internet 

that can be used to hide information within seemingly innocuous carrier fi les. Use of these applications, 

which are both easy to obtain and simple to use, allows criminals to conceal their activities in cyberspace. 

Learn more about the threat and ways to discover what may have been hidden from you in your forensic 

investigations.



Room: Uri 

Presenter: James Eichbaum, MicroSystemation 

Title: Android Forensics 

With nearly 70% of the worldwide smartphone market share, Android devices are landing in forensic labs 

with much more frequency. This hands on lab will provide examiners with the skills necessary to successfully 

extract and analyze data from Android devices. Students will learn rooting techniques, how Android stores 

geo-location data, and how Apps can be an evidentiary goldmine. 



Time: Monday, 8:00 AM – 9:00 AM 


Room: Davos 

Presenter: Nick Cavalancia, Spectorsoft 

Title: User Activity Monitoring: How Monitoring Digital Behavior is More and More Important from an 

Investigation and Forensics Standpoint 

Forensics and security professionals used to focus their attention on the device. Then, increasingly, the network. 

After that, the perimeter. And, most recently, the application. 

But, change is the constant. Most people now have multiple computing devices. People access systems, 

data, and applications from diff erent ingress points. The digital life increasingly consists of a blend of work 

and personal time, and work and personal activity. And, cloud based off erings have truly arrived. What does 

this add up to? More and more control in the hands of the end-user. So, the ability to see and analyze people’s 

digital behavior is now front and center. 

Attend this session to learn how User Activity Monitoring provides unique opportunities to solve Forensics, 

Investigations, and IT Risk problems more comprehensively, and in more automated, and cost-eff ective ways 

than previous, legacy solutions and manual processes ever could. See what activity data can show you- in 

contrast to threat data, vulnerability data, or post-factum alert data. See how near real-time alerting around 

digital activity enables both defense and remediation. And fi nally, review real-world case studies, the next 

phase of maturity for UAM solutions, and the associated innovations and predictions. 



Room: Davos 

Presenter: Allen Atamer, LTAS Technologies 

Title: Exploiting online classifi eds as a source for OSINT 

Increase your awareness of the role of online classifi eds in fraud / crime / underground business overview of 

free and off -the-shelf tools and tips for investigating suspicious online classifi ed ads understand how criminals 

can circumvent investigative searches introduction of our Harmari Report service and its benefi ts in 

online investigation.



Room: Davos 

Presenter: Mike Raggo, MobileIron 

Title: Wireless Incident Response & Forensics – Latest Techniques 

Current attack vectors indicate that wireless attacks are now more focused on wireless clients rather than 

wireless infrastructures. As wireless access points, wireless switches, and wireless defense technologies have 

improved, wireless end-users have now become the new low-hanging fruit. 

Ubiquitous mobility is now center stage and with that comes a plethora of vulnerabilities introduced by mobile 

computing devices including Wi-Fi enabled smartphones. This presentation will explore attacks focused 

on obtaining end-user data, wireless network credentials, and corporate network infi ltration. Intrusion techniques 

as well as extrusion techniques will be reviewed including: Windows Virtual Wi-Fi, AirPlay, and mobile 

hotspots. 



Room: Davos 

Presenter: Mike Raggo, MobileIron 

Title: Wireless Incident Response & Forensics – Latest Techniques 

Current attack vectors indicate that wireless attacks are now more focused on wireless clients rather than 

wireless infrastructures. As wireless access points, wireless switches, and wireless defense technologies have 

improved, wireless end-users have now become the new low-hanging fruit. 

Ubiquitous mobility is now center stage and with that comes a plethora of vulnerabilities introduced by mobile 

computing devices including Wi-Fi enabled smartphones. This presentation will explore attacks focused 

on obtaining end-user data, wireless network credentials, and corporate network infi ltration. Intrusion techniques 

as well as extrusion techniques will be reviewed including: Windows Virtual Wi-Fi, AirPlay, and mobile 

hotspots. 

Time: Monday, 12:30 PM – 2:00 PM 


Room: Davos 

Presenter: David Cowen, G-C Partners LLC 

Title: Anti Anti-Forensics 

The NTFS $Logfi le is a gold mine of forensic data that has never been understood well. Tomes from a variety 

of authors and open source development groups have attempted to explain its usage and changes for those 

use in writing to the NTFS fi le system, but we’ve never seen any research on how to pull apart and read the 

$logfi le beyond carving MFT fi le records from it. In this presentation we will show to use the $Logfi le to fi nd 

out when: Timestamps have been changed, What the name of a fi le was before it was renamed, Details on 

when a fi le was created, Details on when a fi le is deleted, timestamp recovery from $logfi le entries and how 

to determine how many diff erent systems have written to external media. 

In short you can now; roll back the metadata from a wipe, fi nd more deleted fi les with their metadata, recover 

wiped fi les that were resident in the mft, recover fi les that have been timestomped and fi nd fi les hidden 

by rootkits and malware or were never committed to disk.



Room: Davos 

Presenter: Patrick Stump, Roka Security LLC 

Title: How Hackers Move 

With the news and threat announcements focusing so much on the latest 0-day and whose getting dos’ed, 

other methods in the hacker’s tool box are often overlooked. After all, exploits are a means to an end for 

most attackers and are just the beginning of their campaign into the network. This talk will focus on the 

methods and tools that allow APT to move through the gooey center of the enterprise network. We will 

also dive into redirection or pivoting and how its used to transit data from the computer where it lives to the 

patsy computer that will exfi l all the data. 



Room: Davos 

Presenter: James Wiebe, CRU DataPort/Wiebe Tech 

Title: The very latest on Solid State Drives and Forensic Practice 

In this presentation, James Wiebe will provide an updated presentation on how Solid State Drives function, 

with a specifi c focus on forensic practice. The forensic examiner will understand how to approach the 

investigation of a Solid State Drive, in order to ensure highest quality of evidence collection. Covered topics 

include wear leveling; internal compression; Logical to Physical address translation, all with a strong forensic 

focus. 






Presenter: Dyer Bennett, SIRCHIE 

Title: Correct Evidence Collection Including Biological and DNA Processing from Digital Items 

Digital devices are a wealth of knowledge that can be extracted from data stored inside. What a digital 

examiner may not realize is the critical information that may be also present at the surface. A simple cell 

phone may reveal fi ngerprints, biological fl uids, and DNA, if it is handled and processed correctly. There are 

generally accepted methods for identifying, collecting, and observing this evidence, as well as documented 

cases where this evidence has been used to identify the perpetrator in criminal cases. The speaker will review 

the types of evidence that can be collected, as well as the proper methods for preserving this evidence. 

The speaker will also discuss research and actual case studies involving these types of evidence gathered 

from digital devices. 




Presenter: Charles Giglia, Digital Intelligence, Inc. 

Title: Digital Forensic Hardware Confi guration 

This presentation will inform the attendees on the minimum requirements and proper confi guration of 

workstations intended for digital forensic examinations. A review of detailed testing on multiple hardware 

platforms utilizing several industry standard forensic software packages completed by Digital Intelligence, a 

leader in digital forensic hardware development, will be covered. Results from the testing will highlight the 

ideal confi gurations and best hardware components to optimize Access Data’s FTK and Lab as well as Guidance 

Software’s EnCase and Enterprise products.




Presenter: Joshua Gilliland, Esq. 

Title: Geeks & Lawyers: You Can’t Handle the Truth 

Han Shot First. This is a universal truth. However, was Han legally justifi ed in killing Greedo? 

Geeks & Lawyers is for any attorney, judge, or legal profession who watches a movie and thinks, “Wait a 

minute…. wouldn’t Captain America get 67 years of back pay adjusted for interest and infl ation?” 

Bring your utility belt and get ready to explore the unanswered questions in Sci-Fi and geekdom, including: 

Firefl y & Contract Law 

Assumption of Risk and being a Red Shirt on Star Trek 

Ghostbusters & False Imprisonment 

Harry Potter & Potion Liability 

Is Being a Super Hero Really a Good Idea? 

Questions are strongly encouraged. 





Title: Intro to Windows 7 Forensic Analysis 

Even though Windows 7 has been available for some time, there are a number of artifacts that analysts need 

to be aware of, so that they can take full advantage of them. As Windows systems increase in functionality, 

so do the available artifacts that analysts can use to eff ectively complete their examinations in a comprehensive 

and timely manner. This presentation will also open the door for Windows 8, as well. 




Presenter: Jeff Atkinson, General Dynamics 

Title: Comprehensive Network Forensics 

Monitoring locations: Taps vs. SPANs; Firewall NATs; Proxy Application Protocol Metadata: Protocol metadata 

sampling, alerting framework, centralized alerting, session metadata retrieval, metadata trending Extending 

Metadata fi les traversing the network. 




Presenter: Todd L Gabler, Rudiger Investigations 

Title: Electronic Location Evidence 

This presentation includes discussion and demonstration of the use of Android freeware to chart cell site 

and signal information using CDMA and GSM phones, using target devices in engineering mode, using redundant 

GPS and signal receivers for verifi cation of primary testing device, converting Android databases to 

KML Google Earth presentations, and court presentation techniques. The discussion will include the analysis 

of claims of junk science for single point claims, and contrast this with pattern analysis evaluations. Attendees 

will leave the discussion with the capability of creating their own tower signal maps for the identifi cation 

of historical location of cell phone calls.

Legal Track 





Presenter: Joshua Gilliland, Esq. 

Title: In Review: Eff ectively Reviewing eDiscovery 

We live in a world where electronically stored information literally surrounds us in smartphones and social 

media. However, many attorneys refuse to use technology to help review discovery. Even worse, there are 

lawyers who simply fear electronic discovery. 

In Review addresses the fears of conducting electronic discovery. The materials review cases involving the 

form of production, metadata requests, initial disclosures and Rule 26(g)(1) and 26(g)(2) obligations. The material 

focuses on how to practically review for causes of actions, defenses, discovery responses and preparing 

for depositions. 




Presenter: Kevin Ripa, Computer Evidence Recovery, Inc. 

Title: Computer Forensics in Civil Litigation & Testimony 

This presentation will give instruction on how computer forensics can be used in civil litigation. It discusses 

the diff erences between civil and criminal matters, as well as addressing dealing with attorneys, courts, 

judges, and juries. We will also discuss in detail, the art of testifying in court. This is a very informative lecture 

for anyone in the private sector or thinking about branching into this area. 




Presenter: Brian K Ingram 

Title: Digital Forensics: A Defense Perspective 

Digital Forensics Examinations are becoming more and more important in our legal system. At no time are 

they more important than when someone’s liberty is on the line. IN this class you’ll learn what the defense 

expert’s role is and should be in a forensic examination. You’ll also see and hear about common mistakes 

being made by examiners that result in erroneous or mistaken conclusions about the digital evidence. This 

is what no one wants to talk about….until it’s them being charged. Real examples will be shown. 




Presenter: John J. Carney, Esq. Carney Forensics 

Title: Social Media Evidence: A Legal Perspective 

New technology relentlessly thrusts itself into the lives of our clients and many of them adopt it with gusto. 

Do you fi nd yourself ignoring potentially revealing sources of evidence due to the challenges of keeping up 

with it? This session will show the value of digital forensic approaches for collecting hard-to-fi nd, but relevant 

social media evidence that can make the diff erence for your clients. Come and learn what civil litigators 

need to know about social media in 2012.





Title: Child Pornography Developments: Is federal law pre-empting state law; are computer forensic expert witnesses 

immune from civil suit for accessing contraband images with intent to view in federal or state actions—the 

lessons of Dean Boland Case 

This seminar focuses upon the personal liability of any computer forensic examiner for violating federal child 

pornography laws while conducting an investigation, assisting the defense, or testifying at trial. Current federal 

court decisions from the Northern District of Ohio make it clear that any violation of federal law (including 

accessing image fi les with the intent to view them) renders the forensic analyst liable for civil penalties in 

the amount of $150,000 per image—even where the subject of the image is unaware of its use in trial. 

These cases have laid a foundation to challenge any practice in which forensic examiners possess, view, 

or otherwise handle contraband images in a state case. Attendees will learn the manner in which federal 

courts have held that any state law that contradicts federal child pornography laws has been preempted by 

federal law; and the manner in which an analyst (prosecution or defense) can be sued for actions taken in a 

state case. 




Presenter: Albert Barsocchini Director of Strategic Consulting NightOwl DMS, Inc. 

Title: Preparing for Your Next Internal Investigation 

Internal investigations are never simple and can be triggered by any number of events. The decision of who 

should command the investigation requires careful analysis of corporate governance. The collection, preservation, 

and presentation of information and documents can be diffi cult and nuanced. 

This seminar will guide you through the process. 

Lab Track A 






Title: Hard Drive Forensic Triage Using P2 Commander 

This hands-on lab will use P2 Commander to perform a digital triage on a Windows system. Investigators will 

learn how to use the Data Triage feature in P2 Commander to glean important information from a system 

almost instantly such as system information, user information, recently used fi les, USB storages, services, 

programs installed, e-mail databases, chat databases, internet browser data, and more. 




Presenter: Chris Taylor, Cytech 

Title: Examining Virtual Machines 

Virtual machine technology is becoming more and more prevalent. Understanding of the way these virtual 

machines operate, and specifi cally how they are saved on the host system and what artifacts they present, is 

necessary for any case in which a virtual machine is found. In this session we will present a survey of the different 

types of virtual machine technologies and some interesting artifacts of note.




Presenter: Nicole Bocra, Infi nity Investigative Solutions 

Title: Social Media Investigations 

With the change in technology, you will learn current research techniques and procedures along with the 

scope and capabilities of online systems, the hottest search tools and evidence collection methods. 




Presenter: Chris Taylor, Cytech 

Title: Practical Hard Drive Technology: How It Really Works 

Lecture and hands-on lab going over hard drive technology and how fi les are saved on a magnetic disk. We 

will be actually dissecting a drive to examine how the parts work together to accomplish the magic that is 

saving and reading a fi le. Some of the basic types of drive failures will be explained, along with how to identify 

them and how to recover from them. 





Title: iOS Forensics and Top Five Artifacts 

iPhone, iPad, and iPod Touch device popularity has introduced unique forensics and corporate policy enforcement 

challenges. Examiners must understand the attributes and fi le types unique to Mac OS X and 

iOS fi le systems. If your casework involves examining geo-location and EXIF camera metadata, evidence of 

device wiping, or SMS, contacts, and phone call data marked for deletion in SQLite databases, then this lab is 

for you. Attendees will gain valuable insight into the ever-evolving forensics challenges associated with iOS 

devices, and learn ways to conduct highly effi cient and eff ective Mac OS X and iOS device investigations. 





Title: Data Carving and Making Sense of the Unknown 

During this session attendees will be introduced to the fundamental elements of data carving and making 

sense of the unknown within cellular technology. Although the automated mobile forensic products identify 

large volumes of “low hanging fruit (evidence)” much more is left behind. Attendees will gain hands on 

practical experience to identify, recover and decode a variety of information from cellular devices, such as, 

image fi les, SMS messages and their associated telephone numbers, date and times. Attendees to this session 

will receive a variety of useful software tools and reference material to enhance their cellular investigations.

Lab Track B 




Room: Geneve 


Title: Shadow Forensics 

In this presentation the attendee will be introduced to Shadow Copy forensics. Shadow Copies are point in 

time backups of user data and fi les on Windows Vista / 7 computer systems. These Shadow fi les are generated 

by the Operating System, many times without the user’s knowledge? The attendee will be instructed on 

how to locate the Shadow Copies, how often they are created and what they may contain. The presentation 

will also include various software tools that can be used to extract the contents of the Shadow Files. 



Room: Geneve 

Presenter: Tom Eskridge, HTCI 

Title: Digital Analysis Reporting Tool (DART) 

HTCI will be off ering a class on the use of their latest report analysis tool, DART. The Digital Analysis Reporting 

Tool (DART) is a vendor neutral middleware program that is used to perform analysis and reporting on 

cell phone extractions from multiple vendors. 

Today’s cases have become increasingly complex with the advent of digital media. It is more likely that your 

suspect will be in possession of an advanced cellular device, not even owning a traditional personal computer. 

It is not uncommon for your cellular software to download thousands of pages of data from an advanced 

device. 

Perhaps you are assigned to the gang unit or narcotics. Multiple cellular devices are seized at once or over 

a period of time from members of the target group. Instead of spending hours penciling out relationships 

between the members of the target group, you can transform this data to intelligence in seconds. 

You want that data, you need that data. The problem is that the data can often be overwhelming. With this 

in mind, HTCI Labs has developed the DART (Data Analysis Reporting Tool) software program that allows you 

to take control of the digital media in your cases. 



Room: Geneve 


Title: PALADIN in the Field for Triage and Previews 

PALADIN is a free forensic tool provided as a courtesy from Sumuri. PALADIN was designed to utilize the 

power of Linux and command-line tools without having to use the Terminal. PALADIN gives forensic examiners 

and fi rst responders the ability to image and preview computers and media with ease. This lab will 

instruct students on the use of PALADIN and its ability to search for evidence in the fi eld in a forensically 

sound manner. 

The objectives of this lab are to provide instruction on the features of PALADIN to show how it can benefi t 

forensic examiners. Focus will be placed on previewing evidence in the fi eld to fi nd items of evidentiary 

value and identify illicit media.



Room: Geneve 

Presenter: Ben Lemere, Berla Corp 

Title: In-Car Navigation System Forensics 

Worldwide sales of vehicles with advanced features, such as in-car navigation systems, are predicted to jump 

from 9.5 million to 56 million in the next fi ve years. Vehicles are no longer just a method of transportation 

but have become complete entertainment and communications hubs fully integrated into everyday digital 

life. 

Vehicles collect and store a vast amount of user related data such as recent destinations, favorite locations, 

call logs, contact lists, SMS messages, pictures, videos, and a history of everywhere the vehicle has been. This 

presentation will cover the diff erent systems user data is located in and focus on how to acquire and analyze 

the data. 



Room: Geneve 

Presenter: Natasha Lockhart, Vound 

Title: The New Field of Forensic Search 




Room: Geneve 

Presenter: Melia Kelley, First Advantage Litigation Consulting 

Title: Digital Forensic Report Writing 

Report writing is an incredibly important “soft” skill in digital forensics. Unfortunately, it is one that is overlooked 

in training. In this lab, we will be going over the foundations of successful report writing, but also will 

try out some hands- on work using actual digital artifacts. 

Lab Track C 




Room: Uri 

Presenter: Jon Hansen, H-11 Digital Forensics 

Title: Windows Registry Analysis 

This advanced course will provide an overview on how to best fi nd Microsoft Windows artifacts using various 

forensic tools. Specifi cally students will more about the Microsoft Registry components and learn how 

to use various tools to locate Microsoft artifacts and Metadata evidence. If you need to understand where 

evidence can be found and learn more about fi nding artifacts and what Microsoft has left in their programs 

or forgotten what they did the last 20-years, then this course is for you. Real life examples and actual cases 

will be discussed. Students will be required to perform hands-on tasks and analysis during this presentation. 

This session will help you see the need for these tools and when you should use them in your forensic investigations. 

Each attendee will receive a CD with various digital forensic tools and be eligible for free training 

in a free digital forensics training course from H-11 Digital Forensics.



Room: Uri 


Title: Physical Imaging of Smart Devices 

Smartphones are taking over the world and are becoming one of the most common digital evidence items. 

Come and learn some of the latest techniques for physical imaging of these devices using Paraben’s tools. 

Learn what data you can get with logical vs. physical images. 



Room: Uri 


Title: Start to Finish Mobile Acquisitions Using Paraben Tools 

If you have never used Paraben’s tools for mobile forensics this is the perfect lab for you. Come and process a 

phone from start to fi nish with both a triage and lab option for capturing data off a mobile device. 



Room: Uri 

Presenter: James Eichbaum, MicroSystemation 

Title: Android Forensics 

With nearly 70% of the worldwide smartphone market share, Android devices are landing in forensic labs 

with much more frequency. This hands on lab will provide examiners with the skills necessary to successfully 

extract and analyze data from Android devices. Students will learn rooting techniques, how Android stores 

geo-location data, and how Apps can be an evidentiary goldmine. 



Room: Uri 

Presenter: Eric Zimmerman 

Title: osTriage 

This lab will provide instruction on osTriage, why it was written, how to use it, and what it can do for you. In 

short, osTriage will quickly fi nd, extract, and display key information from a computer which will enable you 

to get a better fi rst interview, conduct a better search, and more. Some of the information extracted includes 

operating system details, registry details, USB device history, browser history for all major browsers, search 

engine search terms, cloud storage applications, encryption, P2P and other applications, and passwords. 

osTriage displays thumbnails of images and videos and categorizes images/videos against a list of over 

500,000 SHAs of interest and 300+ keywords. Any contraband can be copied off the target computer with 

just a few clicks.



Room: Uri 

Presenters: William Matthews & Joan Runs Through, Southwest Regional Computer Crime Institute 

Title: Development of Chip-off Procedures for Cellphones 

Recognizing the need to forensically exam cell phones that are a challenge for traditional and commercial 

processes, the Southwest Regional Computer Crime Institute (SWRCCI) of Dixie State College developed a 

“chip off ” examination procedure that achieves a high success rate. This “chip off ” procedure enables a physical 

image to be extracted from Tracfones, password protected phones, and damaged phones. The “chip off ” 

procedure occurs in two phases: fi rst the removal of the fl ash memory chip from the PCB and the creation of 

a binary image, and second the carving of relevant data from the image. Dixie College’s process is currently 

being taught by the SWRCCI both domestically and internationally. Participants in this lab will be exposed 

to the “chip off ” process which includes the observation of a chip removal, the creation of a binary fi le from 

the removed chip, and several binary fi le data parsing techniques. 



Time: Tuesday, 8:00 AM – 9:00 AM 


Room: Davos 


Title: Timeline Analysis 

Timeline analysis is an analysis technique that can add an unprecedented level of context and situational 

awareness to an exam. This presentation will address a number of the available data sources on Windows 

systems that can be used to create a timeline of system activity, almost to the point of allowing the analyst 

to see exactly what happened. Due to time constraints, this presentation will necessarily need go very 

quickly, but every analyst, regardless of their experience level, will see and hear something new. 



Room: Davos 

Presenter: Kevin Ripa, Computer Evidence Recovery, Inc. 

Title: Why The Bad Guys Win 

How frustrating is it when another pedophile skates on a possession charge? How many times has your 

evidence been successfully challenged? This can make anyone question why they should even bother. This 

lecture will look at the three biggest mistakes made by LE and Prosecutors, and how to ensure they are no 

longer made. As well we will look at two of the biggest sham defenses used in court, and how to successfully 

defeat them! This is a must attend for LE, Prosecutors, Attorneys, and anyone that might end up in a court 

room.







Title: Automating Forensic Pre-Processing Steps using TAPEWORM 

Open-source tools are extremely powerful, however there is often a steep learning curve required to successfully 

add open source tools into your workfl ow. TAPEWORM (TASC Pre-Processing Exploitation & Workfl 

ow Management system) is a Linux VM designed to make a number of open source tools available via a 

single GUI interface. TAPEWORM automates the process of running the following tools: log2timeline, bulk_ 

extractor, regripper, AV scanners, volatility, exiftool as well as a program designed to alert examiners to data 

of interest found on a piece of media. 





Title: Forensic Triage in a Modern Day TB Era 


Legal Track 





Presenter: Alec Kaguru Chief Executive Offi cer ARS Digital Forensics (Zimbabwe) 

Title: The Future of Digital Forensics in Southern Africa (Non-Legal Topic) 

This is a situational analysis of Digital Forensics in Southern Africa and its comparisons with the Developed 

World, and other developing countries, India, Brazil, China. It gives an insight about Digital Forensics business 

in Governments Law Enforcement Agencies, Corporates, Professional Institutions, Colleges and Universities, 

Media, Judiciary, Digital Forensics Solutions Markets, Antiforensics Challenges. 

Lab Track A 






Title: E-mail Evidence: Finding the Needle in the E-mail Haystack 

E-mail can be an important source of evidence. This lab will show examiners how to examine several diff erent 

types of e-mail databases from local mail stores to network mail stores and in P2 Commander including 

mail store structure, attachment sorting, advanced fi ltering and searching, and exporting.





Title: Identifying the Artifacts and Behavior of an Unknown Application 

This lab will focus on identifying the artifacts and behavior of unknown applications. Many times you will 

run across an app you might not have seen before and you want to know what traces it leaves on the system. 

What information that is left has meaning and what does not. We will focus on developing results that 

are robust enough to stand up in court and more emphasis on decoding fi le structures so you are prepared. 

Lab Track B 




Room: Geneve 


Title: iPhone Backup Data Parsing 

In this lab the attendee will be introduced to iOS backup analysis. The class will begin with identifying the 

locations of iOS backups on various Operating Systems to include Windows XP, Vista and 7 as well as Mac. 

Once the backups are located the folder structure will be forensically extracted from the suspect computer. 

The students will then be introduced to how the backup fi les store the information on the computer system. 

The class will then end with various tools ranging from free and inexpensive to full forensic applications, all 

capable of extracting diff erent types of data from the backups and deconstructing various fi les into usable 

information. 



Room: Geneve 


Title: Managing Evidence in the Era of Big Data 

Investigators and forensic examiners are seizing historic levels of evidence while backlogs grow. This 

hands-on lab will focus on managing evidence in the era of Big Data seizures - an all too familiar situation 

for today\’s investigations. We will take you through investigative examples and demonstrate high speed 

indexing and triage strategies that will save you time and valuable resources. Learn about the advantages 

of custom scripting to automate forensic triage and other investigative functions and join us discussing real 

world scenarios that will help you apply these techniques to rapidly solve your investigations.

Lab Track C 




Room: Uri 


Title: Modern Password Recovery Techniques 

One of the major hurdles for modern computer forensic examiners is encryption. Files, volumes and even 

entire physical disks can be encrypted with commercial or freely available tools. An examiner or investigator 

must be able to properly identify encryption and know the best way to recover the passwords to decrypt 

potential items of evidentiary value. Sumuri, the offi cial training partner for Passware, will provide insight on 

several types of encryption and show how to defeat them using Passware Kit Forensic software. 



Room: Uri 

Presenter: Jon Hansen, H-11 Digital Forensics 

Title: Windows Registry Analysis 

This advanced course will provide an overview on how to best fi nd Microsoft Windows artifacts using various 

forensic tools. Specifi cally students will more about the Microsoft Registry components and learn how 

to use various tools to locate Microsoft artifacts and Metadata evidence. If you need to understand where 

evidence can be found and learn more about fi nding artifacts and what Microsoft has left in their programs 

or forgotten what they did the last 20-years, then this course is for you. Real life examples and actual cases 

will be discussed. Students will be required to perform hands-on tasks and analysis during this presentation. 

This session will help you see the need for these tools and when you should use them in your forensic investigations. 

Each attendee will receive a CD with various digital forensic tools and be eligible for free training 

in a free digital forensics training course from H-11 Digital Forensics. 

All Tracks 


Time: Tuesday, 10:00 AM ~ 11:30 AM 

Track: Expert Panel (All Tracks) 

Room: Grindelwald 


Panel Members: Patrick Stump, Tomas Castrejon, and Chet Hosmer 

Title: Open Discussion on the Latest Issues & Innovations

PFIC 2012 Speaker Bios 

Allen Atamer, LTAS Technologies 

Allen graduated from MIT with a Master’s Degree in Aeronautics/Astronautics, and has spent the past 11 

years working on software engineering, artifi cial intelligence, and text mining. In his industry experience, he 

developed a patented approach to intelligent automated troubleshooting questions that is used in diagnostics 

and repair of commercial aircraft. Over the years, he has worked on all aspects of software development, 

business analysis, and many self-starter skills. He even captained a team of astronaut wanna-bes in the 

NASA-sponsored Space Elevator Games for 2 years! 

Allen founded LTAS Technologies to make an impact on how the Internet is regulated and kept safe for everyone. 

The Harmari Tools that are developed by LTAS have helped auto dealer regulators, contractor licensing 

boards, and law enforcement with online investigations. He lives in Toronto, Ontario, Canada with his 

wife and 2 daughters. 

Jeff Atkinson, General Dynamics 

Jeff Atkinson has over 15 years’ experience in IT and over 10 focused on network intrusion detection. He is 

currently the lead engineer for the GD Security Operations Center and has successfully deployed network 

monitoring solutions in multiple large scale enterprises. His tools of choice are open source and he has deployed 

multiple COTS products. Jeff graduated from George Washington University in Washington DC with 

a Masters in Information Systems and Technology. 

Glenn Bard, PATC Tech 

Glenn Bard is a retired Pennsylvania State Trooper First Class and U.S. Veteran of Operation Desert Storm. In 

1999 Glenn began Computer Crime Investigations for the PA State Police and has since investigated crimes 

across the United States ranging from Child Pornography to Criminal Homicide. Glenn has also conducted 

forensic examinations for city, state and federal Law Enforcement Agencies including the FBI, US Postal Inspectors, 

and I.C.E. as well as foreign governments. Due to his training and experience, Glenn has been certifi 

ed as an expert in Pennsylvania Court of Common Pleas and the United States Federal Court System in the 

areas of Digital Forensics, Cellular Technology and Computer Technology. Glenn has also been certifi ed as an 

expert Instructor in the State of Maryland. Prior to retiring, Glenn was selected by the US Attorney’s offi ce in 

Pittsburgh and OPDAT to teach computer crime investigations and computer forensics in Tirana, Albania. 

John Bargiel, NUIX 

John Bargiel has been tinkering with computers his entire life bringing diverse professional experience in IT 

troubleshooting, infrastructure, and solutions from varied industries including banking, litigation, and health 

care to his current role of Director of Technology at Nuix. Prior to Nuix, John worked with CT Summation/ 

AccessData group managing the East Coast Client Services team and frequently personally handling onsite, 

Enterprise-level technical support emergencies. A true modern renaissance man, John combines a strong 

background in IT essentials such as systems administration, database management, and programming with 

other pursuits as a winemaker, forklift driver, artist, dry cleaner, and unlicensed private detective. His creativity 

and love of problem solving is a boon to Nuix’s quest for innovation. 

Albert Barsocchini, NightOwl DMS, Inc. 

Delivering strategic thinking and guidance to manage the challenges of high stakes corporate discovery 

worldwide. Thought leader and internationally recognized expert in e-discovery, information governance 

and international digital investigations. Spent eight years as Director of Professional Services and Associate 

General Counsel at Guidance Software. Over ten years as a fi rst-chair trial attorney. Past chair of the California 

State Bar Law Practice Management & Technology Section. Electronic Discovery Special Master. Certifi ed 

ediscovery specialist (CEDS).

Dyer Bennett, SIRCHIE 

Dyer Bennett is currently the Director of Product Development for SIRCHIE. He is a graduate of Philadelphia 

University with a degree in Textile Engineering, which surprisingly has many applications to forensic science, 

including dyes, stains, and other chemical reagents used at the crime scene as well as in the forensic laboratory. 

Dyer regularly works with law enforcement in collaborative product development as well as assisting 

with criminal investigations. He is an instructor in SIRCHIE’s Crime Scene Technology training class and is 

a member of the International Association of Investigators. He has been involved in digital forensics since 

2009, and has a mission to foster collaboration between the crime scene technologist and the forensic digital 

examiner. 

Nicole Bocra, Infi nity Investigative Solutions & Paraben Corporation 

Nicole Bocra is a Certifi ed Fraud Investigator, registered private investigator in Virginia, and a licensed private 

detective in New Jersey and Maryland. Ms Bocra has more than 15 years’ experience as an accountant and 

securities investigator. Prior to establishing her own private investigative fi rm, Infi nity Investigative Solutions 

in 2005, Ms Bocra was an in-house investigator at a law fi rm and lead investigator with FINRA fka NASD. 

Infi nity Investigative Solutions is a licensed private investigation fi rm specializing in investigations, consulting, 

due diligence, and business strategy. Since inception, customer and revenue numbers have increased 

annually by 30-40%. Ms Bocra develops complex cases, provides expert investigative services and conducts 

in-depth due diligence using the latest in technology, fi nancial expertise and investigative experience to ensure 

the most thorough inquiries. She is involved in many National and Regional investigative organizations 

including Intellnet, NALI, PIAVA, PISA, NJLPIA, and Infragard. Ms Bocra was recently appointed to the Virginia 

Private Security Services Advisory Board (PSSAB) eff ective July 1, 2011. 

Don Brister, BlackBag Technologies, Inc. 

During his nearly 30 years in law enforcement, Don Brister served as the lead investigator in several major, 

multi-agency investigations. Prior to joining BlackBag Technologies as a digital forensic examiner in 2007, Mr. 

Brister served as an instructor for the California Department of Justice, training law enforcement investigators 

in the areas of high technology, Internet investigations, and digital evidence recovery. Don has a unique 

gift of challenging student groups of varying skill levels, while simultaneously tailoring course material to 

accommodate a variety of learning styles. 

John J. Carney, Esq. Carney Forensics 

Mr. Carney is Chief Technology Offi cer and practicing digital device forensic examiner at Carney Forensics. 

He has a thirty-year software engineering and information technology career. He was educated at the Massachusetts 

Institute of Technology (MIT) Media Lab where he earned a Bachelor’s of Science degree. He is a 

Minnesota attorney licensed in federal and state court with a law fi rm in St. Paul focused on small business 

and entrepreneurs. He was educated at Hamline University School of Law where he earned a Juris Doctor 

degree and Certifi cate in Dispute Resolution. Mr. Carney is an Advisory Board member for Century College’s 

digital forensics program. 

Harlan Carvey, Applied Security, Inc 

Harlan Carvey is a digital analyst and researcher who has been involved in information security for 23 years. 

After leaving the military as a Communications Offi cer with a master’s degree, he began conducting vulnerability 

assessments and pen tests as a private sector consultant. About 12 years ago, Harlan switched to the 

“other side of the coin” and began performing incident response, digital analysis, and research, focusing on 

Windows systems as a primary target. Since then, he’s presented at numerous conferences, and written six 

books, several of which have been translated into foreign languages.

Tomas Castrejon, PwC 

Tomas is a Director in the PwC Cyber Investigations practice. He is responsible for day-to-day operations, 

business development and strategy, and team mentoring. In addition, he has extensive digital forensic 

experience gained from his time as a law enforcement offi cer and working for another Big 4 consulting fi rm 

where he served as the National Digital Forensics Practice Leader. Tomas has testifi ed in both criminal and 

civil cases in California, before the Grand Jury, and as an expert. In addition, he has lectured on forensic tools, 

techniques, and trends in digital forensics. Tomas has served as a team lead and digital forensics practitioner 

on cases ranging from stock option backdating, theft of intellectual property, data breaches, internal investigations, 

and coordinated global resources for several matters. He has also served as an Incident Response 

Lead on several data breach investigations. In addition, he has taught courses related to digital and network 

forensics at a community college. 

Nick Cavalancia, Spectorsoft 

Nick Cavalancia, MCSE/MCT/MCNE/MCNI, is SpectorSoft1s VP of Marketing where he leads the evangelism of 

SpectorSoft solutions. He has over 18 years of enterprise IT experience and is an accomplished consultant, 

trainer, speaker, columnist and author. He has authored, co-authored and contributed to over a dozen books 

on Windows, Active Directory, Exchange and other Microsoft technologies. 

David Cowen, G-C Partners LLC 

David Cowen, CISSP, is a partner at G-C Partners, LLC based in Dallas, Texas. Mr. Cowen is one of the authors 

of €˜Hacking Exposed: Computer Forensics fi rst and second editions and the third edition of the ˜Anti- 

Hacker Toolkit and the upcoming ‘Computer Forensics, A Beginner’s Guide’ all from McGraw Hill. Mr. Cowen 

is also the author of the popular ˜Hacking Exposed Computer Forensics Blog and a graduate of the University 

of Texas at Dallas with a B.S. in Computer Science. Mr. Cowen is the captain of the National Collegiate 

Cyber Defense Competition’s Red Team. Mr. Cowen has been working doing computer forensics since 1999 

and information security since 1996 acting as an expert witness in civil cases around the nation. Working as 

a computer forensic expert Mr. Cowen has assisted Human Resources departments in companies across the 

United States in dealing with employee issues and employee litigation involving computer usage. 

Aaron Crews, Esq., Littler Mendelson 

Aaron Crews is one of 5 eDiscovery Counsel at Littler Mendelson. His practice centers on helping clients 

manage and mitigate risk by providing focused guidance and expertise on issues related to electronic 

discovery, the use of computer forensics in litigation, data breach investigations and incident response, IP 

and data theft investigations, and information governance matters. Amongst other things, this includes 

providing case and client-specifi c advice about meeting preservation obligations, preparing and advocating 

for reasonable discovery plans, addressing initial “meet and confer” obligations, and handling court appearances 

that address eDiscovery, Information Governance, and/or computer forensic matters. He also assists 

trial teams and their clients by developing strategies for effi cient and eff ective data preservation, collection, 

review and production, and implementing cost-shifting/reduction strategies. In addition, he regularly advise 

on strategies for dealing with information governance issues, strategies for eff ective data breach and IP or 

data theft investigations, and the admissibility and authentication of electronic evidence. 

He is a frequent lecturer on eDiscovery, Information Governance, and computer forensics issues, including 

topics such as applicable ethics rules, case law and industry standards, the complexities of using search and 

retrieval tools, forensic investigation strategies, electronic evidence, data protection, retention, and disposition, 

trends in e-Discovery, and electronic evidence. 

Prior to becoming a member of the fi rm’s eDiscovery group, he specialized in intellectual property and complex 

business litigation, including the prosecution and defense of cases involving trade secrets, unfair competition, 

and related claims from the initial pleadings stage through trial. He also prepared non-disclosure 

agreements, intellectual property assignment provisions and non-solicitation covenants.

Christopher Currier, Passware & Sumuri 

Christopher Currier is an instructor and course developer for Sumuri, LLC. Chris has been a sworn police 

offi cer in the State of New Hampshire for over twenty-four years. He continues to work at a police department 

holding the rank of Detective since 1998. He is an experienced computer forensics examiner, having 

conducted examinations of computer systems, cell phones, and digital evidence for his agency as well as 

the New Hampshire Internet Crimes Against Children (ICAC) Task Force, State and Local law enforcement 

agencies. He has conducted onsite triage and examinations in cases that include Child Sexual Abuse Images, 

Criminal Threatening, Fraud, Homicide, Online Sexual Solicitation of a Minor, and others. 

Christopher Currier has instructed courses related to investigating computer/online crime, fraud investigations, 

computer and cell phone forensics. He has instructed on Responding to Computer Crime at a National 

White Collar Crime Center’s Outreach Seminar in 2004 and is an adjunct instructor at the New Hampshire 

Police Standards and Training Council. He has presented Investigating Online Fraud for the New Hampshire 

Cyber Crime Initiative. He presented on Ram Dump Tools and Examining Physical Memory Dumps for Evidence 

for the High Technology Crime Investigation Association (HTCIA) New England Chapter in 2010. 

Chad W. Davis, Backbone Security 

Chad W. Davis, CCE is the Technical Director at Backbone Security in Fairmont, West Virginia. Mr. Davis has 

been instrumental in establishing the Steganography Analysis & Research Center (SARC) as a center of excellence 

focused exclusively on steganography research and the development of advanced steganalysis products 

and services. He has been instrumental in developing application specifi c techniques, procedures, and 

algorithms for extracting hidden information from carrier fi les. Mr. Davis has authored a number of articles 

on steganalysis and has been invited to speak at various computer forensics and security conferences. Mr. 

Davis holds a B.S. in Computer Engineering from West Virginia University (WVU) and an M.S. in Electrical 

Engineering with a Certifi cate in Computer Forensics also from WVU. He is a member of HTCC, HTCIA, and 

ISFCE. 

Jeff Dye, PwC 

Jeff rey is a Manager in the Advisory-Forensics practice at PwC with 6 years of experience in the fi elds of 

forensic investigations, malware capability assessments, cybercrime and information security consulting. He 

has led multiple computer forensic investigations dealing with PCI/PII data breaches, intellectual property 

theft, insider threats, extortion, and economic espionage. Jeff rey has investigated cases in areas of Payment 

Card Processing, Retail, Financial and the Healthcare industries. He has responded to numerous crisis 

incidents and helped organizations worldwide. At PwC, Jeff rey advises clients on cyber threats, malware 

detection, incident response, and insider threat investigations. His recent investigative engagements include 

responding to data breaches targeting Email Service Providers (ESPs), network penetration and email exfi ltration 

by a state-sponsor at an Energy corporation targeting information on intellectual property. Prior to 

PwC, Jeff rey was a computer forensic lead at General Dynamics Cyber Incident Response Team. 

James Eichbaum, MicroSystemation 

James Eichbaum is a Product Specialist and Trainer for Micro Systemation (MSAB, Inc.). As a Product Specialist, 

James provides customer support for North America on MSAB’s mobile forensic tool, XRY. He is also an 

instructor for MSAB’s logical and physical mobile device courses. James has over 16 years of law enforcement 

experience including seven years as a detective working high tech crime with the Modesto Police Department 

and the Stanislaus County Sheriff ’s Department. He has served over fi ve years with the Sacramento 

Valley High Tech Crimes Task Force and is currently a Reserve Offi cer with the Gustine Police Department in 

California. James was the co-winner of the 2012 HTCIA International “Case of the Year” award.

Todd L Gabler, Rudiger Investigations 

Mr. Gabler began his career in private investigations with the authoring of relational databases for large 

scale federal defense investigations. He has worked in hundreds of cases involving computer and cell phone 

evidence, including the intense work of capital homicide cases. He has served as an expert consultant and 

witness in federal and state courts. Mr. Gabler has worked as an investigator on fi ve continents and in over 

fi fty countries. He continues to innovate in the area of historical cell site analysis. Mr. Gabler is a renowned 

public speaker, having traveled to hundreds of college forensic functions at over 100 colleges and universities 

throughout the United States. He has also served as an instructor at Northwestern University (NHSI) and 

Loyola-Marymount University of Los Angeles. 

Charles Giglia, Digital Intelligence, Inc. 

Charles Giglia has been in the fi eld of computer forensics since 2000 concentrating primarily on the research 

and development of computer forensic investigative techniques and training curriculum. Charles has an 

undergraduate degree in mathematics from Canisius College and a graduate degree in forensic science 

from the University of New Haven. Charles had been deployed nearly 18 months from 2007 to 2009 doing 

computer forensic investigations in support of Operation Iraqi Freedom while serving as a U.S. Army Contractor 

in Baghdad. Previously he spent six years as Computer Crime Specialist with the NW3C while leading 

the development of numerous training classes. His primary concentrations were courses related to Internet 

investigations and Internet forensics. Charles has been a guest presenter at the FBI training academy, as well 

as several IACIS, FACT, RCFG/GMU, HTCIA international/regional conferences and an adjunct professor at 

Fairmont State College. He is a Certifi ed Forensic Computer Examiner (CFCE) and a Red Hat Certifi ed Engineer 

(RHCE). 

Josh Gilliland, Bow Tie Blog 

Joshua Gilliland, Esq., author of the ABA Journal Top 100 Blawg Honoree Bow Tie Law. Mr. Gilliland is a California 

attorney and nationally recognized thought leader on electronic discovery with his blog “Bow Tie Law.” 

Josh has conducted over 300 Continuing Legal Education seminars on e-Discovery all across North America. 

Josh has a passion for the impact of technology on the practice of law, has guest lectured at his alumni 

McGeorge School of Law, has been published in American Lawyer Magazine and is active in the Santa Clara 

County Bar Association. Josh also has a new blog, The Legal Geeks. TLG focuses on all things “geek” and the 

law, from legal issues in science fi ction to pop culture. Josh also ties a mean bow tie. 

Keith Gray, Gray Matters 

Keith Gray, President of Gray Matter Consulting, LLC, has nearly 2 decades of political experience on and off 

Capitol Hill. He has devoted his time for 20 years dealing with diffi cult policy issues, especially in agriculture 

policy and fi nancial services. Additionally, his extensive work inside grassroots groups has helped to develop 

strategies to achieve legislative and regulatory success for his clients. In addition to his extensive lobbying 

and government aff airs experience, Gray Matter Consulting also off ers grant-writing development services. 

Mr. Gray has worked for over 19 years in developing and writing grant applications as well as grants administration 

and is a member of the American Grant Writers Association and Grant Professionals Association. 

He also is an Instructor in the USDA Graduate School’s Grants Management Certifi cate program for grants 

professionals and has a Certifi cate in Grants Management from the USDA Graduate School. 

Lan Hang, PwC 

Lan is an Experienced Associate in the Advisory-Forensics practice at PwC with experience in the fi elds of forensic 

investigations, cybercrime and information security consulting. She has conducted multiple computer 

forensic investigations involving PCI data breaches, intellectual property theft, and advanced persistent 

threats. In addition, Lan’s experience includes internal and external penetration testing, and security assessments 

and workshops. She has worked on engagements for clients in the automotive, entertainment and 

media, fi nancial, and manufacturing industries.

Jon Hansen, H-11 Digital Forensics 

Jon R. Hansen is the Vice-President for H-11 Digital Forensics (H-11). Jon is a computer specialist with over 

twenty-fi ve years of experience in computer technologies, including, digital computer forensics, large-scale 

deployment, and training on various computer hardware and software platforms. Jon has been involved 

with defi ning and developing security policies and techniques for safeguarding computer information and 

fraud prevention. Jon joined H-11 to be able to provide complete digital forensics solutions. H-11 Digital 

Forensics off ers a ‘One-stop-Solution’ for digital forensic software, hardware, professional services, and training. 

H-11 has offi ces in Salt Lake City, Utah; Beijing, China; Taipei, Taiwan; and Mexico City, Mexico. Jon has 

presented at Forensics, Security and Fraud conferences all over the world. Prior to joining H-11 Digital Forensics, 

Jon was the Director of Training and then Vice-President of Sales for AccessData – a leading provider of 

digital forensic and eDiscovery software. 

Chet Hosmer, Allen Corporation/Wetstone 

Chet Hosmer is the Chief Scientist and co-founder of WetStone, now a division of Allen Corporation. Chet 

has over 30 years of experience researching and developing high technology solutions. Since 1992, Chet 

has focused his research in Cyber Security and has served as the Principal Investigator on over 40 cyber 

security, digital forensic and information assurance research programs funded by AFRL, ARL, OSD, DARPA 

and NIJ. Chet and his team have produced several award winning cyber security and forensic products and 

were awarded the prestigious SBA Tibbetts award for small business innovation. Chet received his degree 

in Computer Science from Syracuse University, serves on several editorial boards, and is a visiting professor 

at Utica College where he teaches in the Cybersecurity Graduate program. Chet actively gives numerous 

Cyber Security relevant keynote, plenary and panel presentations each year on a global basis. 

Brian K. Ingram 

Brian K. Ingram is a private investigator and a former law enforcement offi cer. Brian investigated and solved 

the ONLY confi rmed Cult related kidnapping in U.S. History. During his career as a police offi cer, Brian Ingram 

solved several major narcotics cases, burglary rings and other major cases. In that time period, Brian 

Ingram never lost a felony case, a record of approximately 235 felony convictions. His criminal defense case 

work includes 375 criminal defense cases, mostly felony cases and he has successfully investigated major 

international credit card processing fraud. Brian is also an accomplished speaker, instructor and expert witness. 

Charlie Kaupp 

Charlie Kaupp is an eDiscovery consultant with Digital Strata. He has worked in the litigation support, eDiscovery, 

and information retrieval fi elds since 2005. Mr. Kaupp provides eDiscovery guidance to corporate 

clients and law fi rms focusing on strategic, defensible, and repeatable search strategies, early case assessment, 

culling, and review workfl ows. He is an active participant with the Electronic Discovery Reference 

Model (EDRM), and is certifi ed in a number of eDiscovery platforms. Mr. Kaupp holds a B.A. in linguistics from 

the University of California at Santa Cruz.

Alec Kaguru, ARS Digital Forensics 

Alec Kaguru is the founding partner, and Chief Executive Offi cer of ARS Digital Forensics (20189/03), Zimbabwe. 

Alec holds a Bachelor in Accounting Science (B.Compt) degree from University of South Africa, a 

Diploma in Accounting and Business Management from College of Professional Management (USA). Alec 

did his articled clerk training with Ernst & Young Chartered Accountants (Zimbabwe). Mr. Kaguru has earned 

more than nine (9) years of continuous practical experience in Computer forensics, Mobile Phone Forensics, 

Network Forensics, E-mail and Internet Forensics ICT Security Audits and Data Recovery. As a leading Digital 

Forensic Examiner, Alec has been involved in complex digital forensics assignments for several, mainly stock 

listed corporates in Mining, Banking, Telecommunications, Construction, Manufacturing, and Agriculture 

and has served government institutions in Education, Revenue Collection, Law Enforcement, and Legal fi rms 

in Africa. Alec has developed, and taught many courses in Digital forensics over the years. 

Melia Kelley, First Advantage Litigation Consulting 

Melia Kelley is Senior Forensics Consultant at FALC, where she actively consults with clients on investigative 

and litigation hold procedures. Melia’s previous investigations for FALC include malware, fraud, and theft 

of intellectual property cases. She has conducted work for FALC in the United States, the United Kingdom, 

Japan, and Germany. Prior to her work with FALC, Melia performed Media Exploitation for the U.S. military in 

Iraq where she performed intelligence gathering using forensically sound methodologies. Melia has worked 

extensively in eDiscovery as well as digital forensics in addition to her work as a Paralegal dealing with large 

eDiscovery cases. Melia is a member of the International Society of Forensic Computer Examiners and is a 

Certifi ed Computer Examiner. Her certifi cations include CCE, EnCE, GCFE, ACE, A+, Network+ and Security+. 

She holds an AS from Weber State University. 

Publications: 

• “Report writing guidelines,” Digital Forensic Investigator News, May 2012 

• www.girlunallocated.blogspot.com Nominated for Forensic4Cast 2012 Digital Forensic Blog of the 

Year 

Greg Kipper, STG 

Gregory Kipper is an author, consultant and strategic forecaster in Emerging Technologies. Mr. Kipper specialized 

in I.T. Security and information assurance for 17 years with the last 11 years working in the fi eld of 

digital forensics and the impacts emerging technologies have on crime and crime fi ghting. Mr. Kipper has 

been the keynote speaker at select industry events, a digital forensics instructor as well as a trusted advisor 

to both the government and commercial sectors. Mr. Kipper is a published author in the fi eld of digital forensics 

and emerging technologies with his works including: “Investigator’s Guide to Steganography”, “Wireless 

Crime and Forensic Investigation”, “Virtualization and Forensics” and the upcoming “Augmented 

Reality”. 

Ben Lemere, Berla Corp 

Ben is the Director of Digital Forensics at 42Six Solutions and is the Co-Founder of Berla Corporation. He currently 

serves as a contractor for the U.S. Government and develops tactical solutions related to digital forensics 

and media exploitation, specifi cally in the mobile devices arena. Ben has more than 15 years of military 

and federal government service.

William Matthews, Southwest Regional Computer Crime Institute 

William Matthews, Ph.D. (ABD) retired with 25 years of service from the Federal Bureau of Investigations in 

2010 and accepted the position of Southwest Regional Computer Crime Institute Director at Dixie State 

College. While with the FBI, Matthews developed an interest in digital forensics, became CART certifi ed and 

assisted in the creation of the Regional Computer Forensics Lab (RCFL) in Salt Lake City, UT. Matthews has 

had an interesting and diverse career in investigations ranging from working undercover with the LCN in 

Las Vegas to the conducting of digital triage in Iraq on the Saddam Hussen seizures. Besides teaching, Matthews 

has spent the majority of his time at Dixie College developing ways to make chip-off forensics aff ordable 

and time-effi cient. 

Jessica Mederson, Esq., Hansen Reynolds Dickinson Crueger LLC 

Jessica Mederson is a trial attorney and partner at Hansen Reynolds Dickinson Crueger LLC. Prior to joining 

HRDC, Ms. Mederson was an attorney with Vinson & Elkins LLP in Austin, TX where she focused on a complex 

commercial litigation practice in state and federal court. She has litigated a broad range of matters, including 

securities litigation, director and offi cer liability, and intellectual property disputes. She has signifi cant 

experience in addressing e-discovery and attorney-client privilege issues in litigation nationwide. Hansen 

Reynolds Dickinson Crueger LLC is a litigation law fi rm that tries complex, sophisticated cases for individuals 

and corporations, plaintiff s and defendants. Four partners left their “Big Law” jobs to forge a new fi rm founded 

on a culture of being smart, tough, nimble and effi cient. In forming HRDC, they sought to align their interests 

with those of their clients by sharing risk, tailoring fee arrangements to meet their clients’ needs, and 

rewarding results and effi ciency. They are a success driven law fi rm equipped to handle any litigation matter. 

Michael Menz, HP 

Michael has been in the Law Enforcement digital investigation and forensics fi eld for 27 years. He has authored 

and taught courses SEARCH, California DOJ, University New Haven, University Nevada Reno, California 

District Attorney Association, US District Court Eastern District and the US 9th Court of Appeals are just 

a few. He is a past International Secretary and President of HTCIA. He is currently a co-chair of the Digital 

Media standard committee for the American Society for Testing and Materials (ASTM) and a member of International 

Association of Computer Investigative Specialists (IACIS) and Association Certifi ed Fraud Specialist 

ACFS. His certifi cation includes the ICl California POST Computer Crime Investigator and Instructor, CISM, 

ACFS, CFCE, EnCE, ProDiscover and DFCB. 

David Nardoni, PwC 

David Nardoni is a Director in PwC’s Forensic Services practice with 14 years of experience in the fi elds of 

forensic investigations, malware capability assessments, cybercrime and information security consulting. 

Mr. Nardoni has led multiple computer forensic investigations dealing with economic espionage, PCI data 

breaches, intellectual property theft, insider threats, acts of terrorism, and economic espionage. He has 

responded to numerous crisis incidents and helped organizations worldwide. At PwC, Mr. Nardoni advises 

clients on cyber threats, malware detection, incident response, and insider threat investigations. His recent 

investigative engagements include responding to data breaches targeting Email Service Providers (ESPs), 

network penetration and email exfi ltration by a state at a Law Firm targeting information on their clients. 

Prior to PwC, Mr. Nardoni was the computer forensics lab manager in Los Angeles for Deloitte Financial 

Advisory Services. Previously, Mr. Nardoni was the President of an information security consulting fi rm that 

specialized in computer forensics and security assessments.

Magistrate Judge David Nuff er 

Judge David Nuff er was appointed as a United States District Judge in the District of Utah on March 23, 2012. 

He previously served as a United States Magistrate Judge. From 1995 - 2003, he was a part time judge, part 

time lawyer and was appointed as a full time judge January 17, 2003. He serves on the Federal Judicial Center 

Judges IT Training Advisory Committee; the District of Utah Attorney Discipline Committee; and the Utah 

State Civil Procedure Rules Advisory Committee. He also teaches alternative dispute resolution at Brigham 

Young University’s J. Reuben Clark Law School. He practiced law 25 years in St. George Utah after graduating 

from the J. Reuben Clark Law School at Brigham Young University. While in private practice, he was a managing 

partner with a law fi rm that grew from 2 lawyers to 25 and formerly taught law offi ce management at 

the law school. During his years as a lawyer, he was a member and Chair of the Utah Judicial Conduct Commission 

and a commissioner and president of the Utah State Bar. He is a frequent lecturer on technology and 

legal issue; for several years taught an automation orientation course to all new federal magistrate judges 

two times a year in San Antonio, Texas, and developed national technology related curriculum for magistrate 

judges. Judge Nuff er was co-developer of Chambers Online Automation Training, a 40 lesson course 

in computer skills for judges and chambers staff . He maintains a web page of court-related technology 

resources along with a TechNews for Judges blog on the U S Courts intranet. International activities include 

presentations to judges, lawyers and law students in Brazil and Czech Republic, and Rule of Law work in Abu 

Dhabi, Bahrain, Sharjah, Egypt, and Ukraine, as well as regularly hosting judge visits from many countries. 

He taught lawyers from Iran in Antalya, and Istanbul, Turkey and participated in a legal education seminar in 

Izmir Turkey. He teaches with the Leavitt Institute, to law professors and law students in Ukraine and is coeditor 

of the Leavitt Institute curriculum Foundations of a Free Society, a course emphasizing ethics, citizenship 

and the practice of democracy. 

Vickie Rafter, Califorensics 

Vickie Rafter is a senior investigator with Califorensics, a top-tier computer forensics and investigative services 

fi rm in Roseville, California. Vickie previously served as a Senior Special Agent with the U.S. Department 

of Health and Human Services (HHS), Offi ce of Inspector General, and Offi ce of Investigations. As such, she 

led investigations of healthcare fraud and child support enforcement. Prior to her tenure with HHS, Vickie 

served as a Special Agent with the Air Force Offi ce of Special Investigations where she conducted investigations 

of contract fraud, child sexual abuse and theft of government property, among other violations. Vickie 

also worked on an FBI national undercover operation involving the sale of unapproved aircraft parts. Vickie 

is a graduate of the University of California at Irvine and a member of the Association of Certifi ed Fraud Examiners 

as well as the Association of Workplace Investigators. 

Mike Raggo, MobileIron 

Michael T. Raggo (CISSP, NSA-IAM, CCSI, ACE, CSI), MobileIron, Inc. applies over 20 years of security technology 

experience and evangelism to the technical delivery of Security Solutions. Mr. Raggo’s technology experience 

includes penetration testing, wireless security assessments, compliance assessments, fi rewall and IDS/ 

IPS deployments, mobile device security, incident response and forensics, security research, and is a former 

security trainer. In addition, Mr. Raggo conducts ongoing independent research on various Data Hiding 

techniques including steganography, as well as Wireless attack and penetration techniques. His publications 

include books for Syngress and McGraw Hill, and multiple magazine and online articles. Mr. Raggo has presented 

on various security topics at numerous conferences around the world (BlackHat, DefCon, SANS, DoD 

Cyber Crime, OWASP, InfoSec, etc.) and has even briefed the Pentagon on Steganography and Steganalysis 

techniques.

Meghana Reddy, PwC 

Meghana is an Experienced Associate in the Advisory-Forensics practice at PwC. She interned with the group 

in 2010 and started full-time in 2011. Her engagement experience includes the fi elds of computer forensics, 

malware deobfuscation and assessment, data analytics and modeling, and data visualization. Over the last 

two years, she has specialized in the Utilities, Entertainment Media, and Financial sectors. Prior to joining the 

fi rm, Meghana completed stints with NASA, the US intelligence community, UCLA’s Experiential Technology 

Center, and the Center for Embedded Networked Sensing. Through these experiences she has gained 

a background in system/network monitoring, machine learning, data visualization, geospatial analysis, and 

DSP. 

Lee Reiber, AccessData 

Lee Reiber, Director of Mobile Forensics, AccessData Group Lee Reiber is responsible for bringing a proven 

mobile phone training curriculum to AccessData’s current training off erings, directing the development 

team for the MPE+ project and the coordination of the mobile forensic training team. Lee also off ers consulting 

services to customers specifi cally focusing on the extraction, recovery, methodology and security 

of mobile devices. Prior to AccessData, Lee was the CEO of one of the most prominent mobile phone training 

companies in the United States, Mobile Forensics Inc. Due to the high level of training, knowledge and 

skill of MFI’s trainers Mobile Forensics Inc was selected to be the single mobile phone training company for 

AccessData in 2009. Today, all mobile phone training under AccessData is still following MFI’s proven curriculum. 

Lee frequently contributes to Law Offi cer Magazine as a writer specifi cally dealing with electronic data 

discovery from mobile devices and cellular phone carriers and presents at conferences around the world 

speaking on cellular forensics. Lee is also an active member of IACIS, HTCC and HTCIA and has retired from 

the Boise Police Department after 15 years of service where his duties included the examination of digital 

evidence on computers and cellular phones. 

Kevin Ripa, Computer Evidence Recovery, Inc. 

Kevin J. Ripa, is a former member, in various capacities, of the Department of National Defense serving in 

both foreign and domestic postings. He is now providing superior service to various levels of law enforcement 

and Fortune 500 companies, and has assisted in many sensitive investigations around the world. Mr. 

Ripa is a respected and sought after individual within the investigative industry for his expertise in Information 

Technology Investigations, and has been called upon to testify as an expert witness on numerous occasions. 

He has been involved in many complex cyber-forensics investigations. Mr. Ripa can be contacted via 

e-mail at kevin@computerpi.com. 

Jeff Ross, FBI 

Mr. Ross an FBI Special Agent assigned to the Salt Lake City Field Offi ce. Mr. Ross is assigned to the Utah Internet 

Crimes Against Children Task Force and has worked several hundred cases involving the sexual exploitation 

of minors via the Internet. Prior to joining the FBI, Mr. Ross worked as a therapist with victims of sexual 

abuse and juvenile sex off enders. 

Joan Runs Through, Southwest Regional Computer Crime Institute 

Joan Runs Through, B.A./B.S.E is currently completing a Master’s Degree in Education and Technology. She 

has 15 years of experience in education and 10 years of experience in the IT fi eld. She currently works for the 

Southwest Regional Computer Crime Institute (SWRCCI) as a trainer and a curriculum developer. In January, 

she begins instructing the newly developed Digital Forensic online courses for Dixie State College. While at 

the SWRCCI, Runs Through was tasked with writing the curriculum for Dixie’s chip-off forensics training and 

had the opportunity to assist with this training during the SWRCCI’s recent trip to Thailand.

Amber Schroader, Paraben Corporation 

Throughout the past two decades Ms Schroader has been a driving force for innovation in digital forensics. 

As CEO of Paraben Corporation, Ms. Schroader has developed over two-dozen software programs designed 

for the purposes of recovering digital data from hand-held devices such as cellular phones and PDAs, computer 

hard drives, and large-scale computer networks capable of storing data from several thousand computers. 

With an aggressive development schedule, Ms. Schroader continues to bring forth new and exciting 

technology to the computer forensic community worldwide. Ms. Schroader coined the concept of the 

“360-degree approach to digital forensics”, pushing for a big-picture consideration of the digital evidence 

acquisition process. An accomplished curriculum developer and instructor; Ms. Schroader has written and 

taught numerous classes for this specialized fi eld. Ms Schroader continues support through book contributions 

and other industry speaking engagements. 

Rob Schroader, Paraben Corporation 

Rob Schroader has been active in the fi eld of technology for many years working through the dot com era 

with success with multiple startup companies. Mr. Schroader graduated from Utah Valley State College in 

2000 with a degree in Business Management and an emphasis in accounting. As a founding member of Paraben 

Corporation, Mr. Schroader serves as the President and Chief Marketing Offi cer for the company managing 

its multiple locations and its global expansion. Beyond operations, Mr. Schroader is a fundamental force 

in the continued success of the company pushing it further in its penetration into new market spaces. 

Judge Matthew Sciarrino, Jr, Esq. 

Matthew Sciarrino graduated magna cum laude from St. John’s University in 1990. He received a St. Thomas 

More scholarship to St. John’s University School of Law and he graduated in 1993. He is admitted to the 

courts of New York, New Jersey, Pennsylvania, the United States Court of Appeals for the Armed Forces and 

the U.S. Supreme Court. Before becoming a Judge, he served as the Principal Law Clerk to Justice Joseph 

Maltese in the Criminal Courts of Staten Island and Brooklyn handling felonies and misdemeanors and in 

the Civil Part of the Richmond County Supreme Court handling medical malpractice and other actions. On 

January 3, 2005, Michael R. Bloomberg appointed Matthew Sciarrino, Jr. as an Interim New York City Civil 

Court Judge and in 2006 Michael R. Bloomberg appointed Judge Sciarrino to a full term in the New York City 

Criminal Court. He has sat in Kings, Richmond and New York Counties. 

He currently presides primarily over a Jury Part in NY County. He is the Presiding Judge in a Special Part of 

the Occupy Wall Street defendants. He is also the current editor of the Richmond County Bar Association 

Journal and has numerous published decisions and articles; his most recent article “iPad Apps for Lawyers” 

(Spring 2011 Issue 

of the RCBA Journal) is regularly updated on the web page TheRCBA.com. 

Stephanie Sparks, Esq., Hoge Fenton Jones & Appel 

Stephanie O. Sparks is a shareholder of Hoge Fenton Jones & Appel, Inc., with offi ces in San Jose and 

Pleasanton, California, and chairs the fi rm’s Intellectual Property and Privacy and Data Security Teams. She 

counsels her clients about, and litigates complex business disputes concerning trade secrets, trademarks, 

copyright, and other intellectual property issues. She leads the fi rm’s Electronic Discovery Team, given her 

specialized knowledge in computer forensics, records management, and electronically stored information. 

She also counsels businesses on HIPAA compliance and other privacy law and data security issues. When the 

inevitable data breach occurs, she manages the response team, which handles the aftermath of such data 

breach crises on behalf of fi rm clients. She represents internet service providers in dealing with subpoenas, 

search warrants, National Security Letters and other government requests for information. 

Stephanie was named a “Northern California Super Lawyer” in 2009, 2010, 2011, and 2012 as chosen by her 

peers and through the independent research of Law & Politics and San Francisco Magazine.

Stephanie is a member of the International Trademark Association and facilitates monthly INTA Roundtables 

in San Jose. She is also a member of the International Association of Privacy Professionals; the Association of 

Business Trial Lawyers of Northern California; and the William A. Ingram Inn of the American Inns of Court. 

Stephanie routinely presents seminars on intellectual property, electronic discovery, and privacy and data 

security issues to accounting fi rms, bar associations, and other professional associations. She has taught 

classes at Santa Clara University on these topics. She recently participated in San Jose State University’s 

Symposium on Cyber Security. Later in November 2012, she will be presenting seminars on the intersection 

between records management, data security and electronic discovery to the Authority on Managing records 

& Information (ARMA) and the San Francisco chapter of Women in eDiscovery. 

Patrick Stump, Roka Security LLC 

Patrick Stump is the President and founder of Roka Security, a computer security company located in 

Northern Virginia. In his career, Mr Stump has worked for various entities in the security industry, including 

Lockheed Martin, Northrop Grumman, and highly specialized security companies including Vulnerability 

Research Labs. Mr Stump has been a key player in both red-teaming and security operations with multiple 

branches and agencies of the United States Government (USG), the military, and commercial industry. Mr 

Stump’s software development ranges from embedded low level assembly to high level application development 

in various software languages. Mr Stump’s experience in Operations with the USG, as a Network 

Engineer and as an accomplished network attack simulator or penetration tester has allowed him to develop 

a keen understanding of how advanced threats attack government and corporate networks, and how to 

defend against them. 

Christopher Taylor, CyTech Services, Inc. 

Christopher Taylor is the Director of Forensics for CyTech Services, a technical services fi rm in Northern Virginia 

that provides analytical and engineering support to federal governments and commercial clients. Mr. 

Taylor has 15 years of IT experience, with the last 10 years focusing on digital forensics, incident response, 

and data recovery. He got his start in forensics supporting investigations within the Intelligence Community 

and Federal Law Enforcement, and now brings that experience to commercial clients in the form of incident 

response, litigation support, eDiscovery, and data recovery. He has taught scores of classes preparing students 

to receive certifi cations such as the CISSP, CCE, EnCE, as well as many other IT security and computer 

forensics related topics. 

Zeke Thackary, Thackray Forensics Limited 

John (Zeke) Thackray is a the Principle Director of Thackray Forensics Ltd, a New Zealand based company 

that provides professional computer and cell phone forensic investigative solutions and training around 

the world. Zeke, as he is more commonly known throughout the industry, is a former British Police Detective 

who specialized in high tech crime from the early 1990’s. He was responsible for the establishment and 

development of the New Zealand Police Electronic Crime Unit based in Auckland. He has also been responsible 

for the establishment of corporate computer forensic facilities such as Ernst and Young in Australia and 

IBM Global IT Security Incident Response Group. Zeke has been involved in many high-tech, high profi le 

investigations around the world and has delivered computer and cell phone forensics training globally for 

many years. Zeke considers himself an investigator fi rst and an educator second. Hands-on investigating is 

a primary key to be able to train investigators how to deal with real solutions.

Don Vilfer, Califorensics 

Don Vilfer is President of Califorensics, a Top-tier Computer Forensics and Investigative Services fi rm in 

Roseville, California. His company provides Computer Forensics and eDiscovery services to several Fortune 

500 companies, law fi rms, government agencies and small businesses. Don previously served in the FBI as 

the Special Agent in charge of the White Collar Crime and Computer Crime Unit in Sacramento. As such, he 

led investigations of Federal White Collar Crime and Computer Crime violations, including an international 

computer intrusion and extortion investigation. During his FBI career he was also assigned to the Washington 

D.C. Field Offi ce and later at FBI Headquarters in Washington D.C. where he led a major case management 

team. After his tenure in the FBI, he held the position of Senior Director of Litigation Support and 

Investigative Services for a large accounting fi rm before forming Califorensics. He is an avid photographer, a 

graduate of the Ohio State University College of Law and a member of the Ohio Bar. 

Ryan Washington, AR-Forensics 

Mr. Washington served in the US Marines as a Special Intelligence Operator for fi ve years before moving into 

the private sector to move into computer and network security. After working as a UNIX system administrator, 

Mr. Washington moved into the emerging fi eld of computer forensics and helped develop and grow 

many of the forensic programs for the FBI and other organizations while working on critical cases in the 

counter-terrorism, counter-intelligence and criminal areas. While managing a career and growing family, Mr. 

Washington graduated from National Louis University with a Bachelor’s in Science in Management and went 

on to later attain a Master of Business Administration from Kelley School of Management at Indiana University. 

He has also testifi ed as an Expert Witness on behalf of the U.S. Government and is an accomplished 

speaker and part-time computer forensics instructor. Mr. Washington also holds several industry certifi cations 

to include Certifi ed Information Systems Security Professional (CISSP), EnCase Certifi ed Examiner Certifi 

cation (EnCE), and Certifi ed Computer Examiner (CCE). 

James Wiebe, CRU-DataPort 

James Wiebe, Vice President of Research and Development In January 2008, James Wiebe sold WiebeTech 

to CRU-DataPort where he currently presides as the Vice President of Research and Development and continues 

WiebeTech as a unique brand. In July 2000, James Wiebe recognized an opportunity after 25 years of 

computer industry expertise and founded WiebeTech. Previously, James Wiebe founded and was the President 

and CEO of Newer Technology. James led the company to annual sales over $60 million and attained 

a leading position as provider of computer upgrades. James is an experienced pilot who loves to fl y his 

Cessna 206 on business and pleasure. The most exciting fl ights are to the Idaho back country where he and 

his buddies enjoy fl y fi shing, another one of his passions. James received his degree in Mathematics with 

emphasis in Computer Science from Tabor College in Hillsboro, KS. 

Michael Wilkinson, Champlain College 

Michael Wilkinson is the Program Director of both the M.S. Digital Forensic Management and M.S. Digital Forensic 

Science Programs at Champlain College. He teaches both undergraduate and graduate courses and is 

a Co-Director of the Senator Leahy Center for Digital Investigation which provides investigative and research 

services to Law Enforcement, Government agencies and the general public. Prior to joining Champlain 

College Michael was a coordinator of the New South Wales Police Force, State Electronic Evidence Branch, , 

responsible for the management and oversight of all forensic analysis work performed by the Branch. In his 

time with the NSW Police Force Michael has conducted hundreds of examinations and regularly presented 

evidence in court. Michael has been actively involved in the development of the Digital Forensics profession 

through his involvement with the National Institute of Forensic Science. Where he was involved in the creation 

of national competency and validation standards. He is also a technical assessor with NATA the Australian 

national body for ISO17025 forensic laboratory accreditation.

Donald Wochna, Vestige Ltd. 

Author of “E-Discovery: Making Computers Your Best Witness”, Donald Wochna has been practicing law 

for 30 years, testifying as an electronic evidence forensic expert in federal and state cases since 1999, and 

founder and general counsel of Vestige Digital Investigations. He is a well-recognized author concerning 

issues related to electronic evidence; and speaks at venues across the nation to lawyers and forensic professionals. 

In 2012, Don has focused his PFIC sessions upon emerging new areas challenging computer forensic 

experts, including privacy and “Big Data” issues in Social media; authentication and discovery challenges in 

Electronic Medical Records, and civil liability of computer forensic experts handling contraband child pornography 

evidence in federal and state child pornography cases. 

Eric Zimmerman, FBI Cyber Crimes Squad 

Eric Zimmerman is a special agent assigned to the Cyber Crimes Squad of the Salt Lake City FBI fi eld offi ce 

where he has been investigating child pornography and computer intrusions for the past four years. He is 

a member of the Utah ICAC and has provided training and assistance to dozens of local, state, federal and 

international law enforcement agencies. Eric has a degree in Computer Science and has developed several 

computer programs to aid in the investigation and prosecution of child exploitation matters. In May 2012, 

SA Zimmerman won the NCMEC Law Enforcement Excellence Award for his work related to his work in relation 

to combating child sexual exploitation. 

Speaker Biographies not available: 

• Natasha Lockhart, Vound

Download - PFIC - Paraben's Forensic Innovations Conference

Create successful ePaper yourself

Delete template?

Save as template?