Download - PFIC - Paraben's Forensic Innovations Conference
Download - PFIC - Paraben's Forensic Innovations Conference
Download - PFIC - Paraben's Forensic Innovations Conference
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Time: Sunday, 12:30 PM – 2:00 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Zeke Thackray<br />
Title: Data Carving and Making Sense of the Unknown<br />
During this session attendees will be introduced to the fundamental elements of data carving and making<br />
sense of the unknown within cellular technology. Although the automated mobile forensic products identify<br />
large volumes of “low hanging fruit (evidence)” much more is left behind. Attendees will gain hands on<br />
practical experience to identify, recover and decode a variety of information from cellular devices, such as,<br />
image fi les, SMS messages and their associated telephone numbers, date and times. Attendees to this session<br />
will receive a variety of useful software tools and reference material to enhance their cellular<br />
investigations.<br />
Time: Sunday, 2:00 PM – 3:30 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Michael Wilkinson, Champlain College<br />
Title: Identifying the Artifacts and Behavior of an Unknown Application<br />
This lab will focus on identifying the artifacts and behavior of unknown applications. Many times you will<br />
run across an app you might not have seen before and you want to know what traces it leaves on the system.<br />
What information that is left has meaning and what does not. We will focus on developing results that<br />
are robust enough to stand up in court and more emphasis on decoding fi le structures so you are prepared.<br />
Time: Sunday, 4:00 PM – 5:30 PM<br />
Track: Lab Track A<br />
Room: Neuchatel<br />
Presenter: Don Brister, BlackBag Technologies, Inc.<br />
Title: iOS <strong>Forensic</strong>s and Top Five Artifacts<br />
iPhone, iPad, and iPod Touch device popularity has introduced unique forensics and corporate policy enforcement<br />
challenges. Examiners must understand the attributes and fi le types unique to Mac OS X and<br />
iOS fi le systems. If your casework involves examining geo-location and EXIF camera metadata, evidence of<br />
device wiping, or SMS, contacts, and phone call data marked for deletion in SQLite databases, then this lab is<br />
for you. Attendees will gain valuable insight into the ever-evolving forensics challenges associated with iOS<br />
devices, and learn ways to conduct highly effi cient and eff ective Mac OS X and iOS device investigations.<br />
Lab Track B<br />
Sunday, November 4th, 2012<br />
Time: Sunday, 9:00 AM – 10:00 AM<br />
Track: Lab Track B<br />
Room: Geneve<br />
Presenter: Glenn K Bard, PATCtech<br />
Title: iPhone Backup Data Parsing<br />
In this lab the attendee will be introduced to iOS backup analysis. The class will begin with identifying the<br />
locations of iOS backups on various Operating Systems to include Windows XP, Vista and 7 as well as Mac.<br />
Once the backups are located the folder structure will be forensically extracted from the suspect computer.<br />
The students will then be introduced to how the backup fi les store the information on the computer system.<br />
The class will then end with various tools ranging from free and inexpensive to full forensic applications, all<br />
capable of extracting diff erent types of data from the backups and deconstructing various fi les into usable<br />
information.