Skip to content

CANCELLED: 2023 Canada Cyber Investigation Summit

This event has been cancelled.


The HTCIA Canada Cyber Investigation Summit delivers invaluable content, compelling keynotes, leading-edge insights and extensive opportunities to exchange ideas. Our attendees demand the most current and up-to-date information to help them succeed at work and continue to grow in their careers. Sponsoring and exhibiting at the conference provides your company with the opportunity to engage with high tech crime investigators at all levels who are actively learning and evaluating the best that the industry has to offer. Don’t miss your chance to talk to and influence this qualified audience!

We look forward to welcoming you to the 5th Annual HTCIA Canada Cyber Investigation Summit.

Training venue: University of Ottawa, 100 Louis-Pasteur Private, [Building: Learning Crossroads (CRX)], Ottawa, Ontario, K1N 9N3, Canada
TRACKS 1) Digital Forensics (Technical Level)
  2) Open Source & Intelligence
  3) eDiscovery/Legal /Ethics/Privacy
  4) Misc: Cloud Investigations / AI / ML / Threat Hunting & Mapping / Crypto Investigations


8:00 -
High Technology Crime Investigation Association (HTCIA)
REGISTRATIONS / Coffee & Tea     * Interact with Sponsors * 
8:40 - 9:00 [Rm C140] Opening Session & Introductions
9:00 - 9:50 [Rm C140] KEYNOTE: William Callahan

Dir of Gov't & Strategic Affairs - Blockchain Intelligence Group

Confronting National Security & Public Safety Threats in a Borderless Digital Asset World
Discover the hidden world of cryptocurrency crime‑fighting and the battle against money laundering and terrorist financing.
Uncover the techniques and tools used by investigators to track and identify cyber criminals and confront the future of
transnational criminal organizations with the rise of AI in digital asset money laundering investigations. Get ahead of the
game and learn what tomorrow's financial crime fighters need to know.

9:50 - 10:00 Networking (Everyone)  * Interact with Sponsors * 
10:00 - 10:50 [Rm C - Forward Looking]
Trevor Stevado, Loudmouth Security
Description to follow
(This is the team that will offer
'Capture‑the‑Flag [CTF]' during our Summit)
[Rm C - Legal/Privacy]
Matin Fazelpour, Legal considerations during cyber crime investigations
In Canada, cybersecurity and
data protection are governed
by a complex legal and
regulatory framework. This presentation provides an
overview of the evolving Canadian landscape governing
data protection and cybersecurity that apply to
investigators.  We will explore
the statutory framework of
Canadian privacy and data protection laws relevant to
cybersecurity, the regulatory
and governance framework for
certain regulated organizations
and institutions, and the
current state of the common law.
[Rm  - Coud Investigations]
Brad Ellis,  Accelerating Incident
Response Investigations with Cloud Automation

The threat landscape of
cybersecurity is constantly evolving, and organizations
must be prepared to respond
quickly and effectively to
incidents. However, incident response procedures can be
time‑consuming, complex, and
prone to inconsistencies due to
misconfigurations.  This presentation introduces an
automatically provisioned cloud‑based cybersecurity
incident response environment
to address these challenges.
Using automation provides a consistent approach to
provisioning an incident response environment and resources, reducing the time
and complexity involved in the process.
[Rm C - Crypto Investigations]
Eric Rowe: Truckers, Freedom,
and Bitcoins: combining OSINT
with blockchain information

An overview of the Adopt-a-
Trucker and HonkHonkHodl fundraising campaigns, and
how the extensive open source
and blockchain information which was available might be
used to inform an investigation
as well as a search and seizure.
Using OSINT and blockchain information to discover:
(1) donation, donor and recipient bitcoin addresses,
(2) motivations of donors,
(3) types of wallets used by the
organizers and the truckers,
(4) sources of KYC/identity information, (5) the use of seed
word lists, and (6) the number
of donation fund controllers.
10:50 - 11:00 Networking (Everyone)  * Interact with Sponsors * 
11:00 - 11:50 [Rm  - Forensics]
Paul Lorentz, Samsung Rubin,
is it the Keychain of Android?

Is your FFS really a FFS. Are you
getting everything you need to
parse Samsung Rubin?
[Rm Cx - Case Study]
Panel Discussion:
‑‑Neumann Lim
‑‑Neil Ning
‑‑Ravi Hans
Managed Chaos: Navigating
ransomware attacks with the
art of incident response

We will take you through a real
ransomware case involving
BlackBasta and provide a step
by step guide to managing the
many tasks dealing with the
cyber incident. By following
these steps, organizations can
minimize the impact of a
ransomware attack and ensure business continuity. 
[Rm  - OSInt]
Alex Bruce, 
Effective Open Source Information Collection (OSIC)

Over the last five years, I have
noticed that while the OSIC/
OSINT practitioner community has developed excellent
resources and tradecraft, many commonly lack a critical
governance model needed to
ensure long term operations
success. This presentation will
explore the key governance and framework components
that should be embedded
within any individual or group
protocols when conducting OSIC. The presentation is
geared towards all OSINT
practitioners, investigators and program managers/team-leads.
Classroom Closed ‑ Please
enjoy one of the other 3
on‑going training sessions.
11:50 - 13:00 Networking & Lunch Break (Everyone)  * Interact with Sponsors * 
13:00 - 13:50 [Rm C140] Warren Kruse (President, HTCIA IEC) & Trey Amick (Director, Magnet Forensics)
Panel Discussion:
 Industrial IOT Intro and Analysis Considerations Join Warren Kruse and Trey Amick for a discussion on the
potential relevance of IoT data to different corporate, criminal, and civil case scenarios, and the potential need for obtaining
discovery from, for example, internet‑connected cameras; home automation systems; smart speakers, TVs, and refrigerators,
and wearables. This discussion will also touch on aspects of the industrial realm such as the challenge of IoT data generated in
factories, warehouses, and pipelines, among other settings.
13:50 - 14:00 Networking (Everyone)  * Interact with Sponsors * 
14:00 - 14:30 [Rm C140] Top Tier Vendor Showcase (Marketing)
Rudi Thorsteinson from Blockchain Intelligence Group
 will walk through an example of how QLUE, its cryptocurrency tracing tool,
is used to easily trace and track the movement cryptocurrency through different obfuscation techniques, services and protocols,
and across multiple blockchains. During this time, he will show how funds move across the blockchain, how exchanges are identified,
and how to collect intelligence to identify bad actors.
14:30 - 15:20 [Rm C - Digital Forensics]
Colin Cree, Search Preparations
Critical in both public and
private sector. Search planning
is critical to any engagement or
investigation. This session will
provide an understanding of common search issues and how
to plan to minimize their effect
on your practice.
[Rm C - Financial Investigations]
Chris Pierre, Financial Investigations
While there have been incredible
advances in technologies such as
cryptocurrencies, identifying who
one is dealing with, beneficial
ownership, business interests, assets, liabilities and financial
relationships remain a very
important part of investigation
and due diligence risk management. This presentation
will address trending issues at the
intersection of OSINT, financial
crime investigation and risk management.
[Rm  - Cloud Investigations]
Thom Yohannan, Introduction to Cloud Forensics
The workshop will encompass
a basic yet comprehensive
overview of cloud forensics. 
 1. How cloud platforms,
specifically, AWS/GCP/Azure
 2. A history of case law one
should be aware of
 3. Forensic tasks in the cloud
versus on-premise
Classroom Closed ‑ Please
enjoy one of the other 3
on‑going training sessions.
15:20 - 15:30 Networking (Everyone)  * Interact with Sponsors * 
15:30 - 16:20 [Rm  - Forward Looking]
Mark Gaudet, The emergence of
cyber ranges as the core of a
cybercrime investigation ecosystem

The global shortage of
cybersecurity professionals is
driving the deployment of cyber
ranges as a key tool in workforce
development and training. Cyber ecosystems are developing
around cyber ranges that go
beyond individual training to
include research, cyber
awareness, live simulations and
incident response exercises. What role can cyber ranges play
in building a sustainable
cybercrime policing force, while
increasing awareness, and
reporting rates for cybercrime.
[Rm  - Forward Looking]
Neal Kushwaha, Canadian threats and risksthrough
the public’s eyes

Building on last year’s talk titled
“It’s not all Cyber: Exposing
Target Behaviours and Motives”,
targeting, intelligence, described
the different types of intelligence,
and described the difference between evidence and
intelligence. This year he will
describe the value of the National
Security Centre of Excellence (NSCOE/CdESN)) and describe
some of key threats and risks
Canadian entities and individuals
of National Interest are facing
today, and time permitting will dive into more than one
anonymized cases.
[Rm  - Legal/eDiscovery]
Vivek Gupta, eDiscovery Strategies
Description and timeslot to follow.
Classroom Closed ‑ Please
enjoy one of the other 3
on‑going training sessions.
16:20 - 18:00 Social Event & Networking (Everyone)  * Interact with Sponsors * 


Social Event Sponsor: 

TRACKS 1) Digital Forensics (Technical Level)
  2) Open Source & Intelligence
  3) eDiscovery/Legal /Ethics/Privacy
  4) Misc: Cloud Investigations / AI / ML / Threat Hunting & Mapping / Crypto Investigations


8:00 -
High Technology Crime Investigation Association (HTCIA)
REGISTRATIONS / Coffee & Tea     * Interact with Sponsors * 
9:00 - 9:50 [Rm C140] KEYNOTE: Adam Belsher
CEO, Magnet Forensics
Fireside Chat
9:50 - 10:00 Networking (Everyone)  * Interact with Sponsors * 
10:00 - 10:50 [Rm C - Digital Forensics]
Colin Cree, Imaging : Do it right, or not at all
Capturing a defensible image is
the most important step in any
examination. This session is a
review of imaging issues, and
types of imaging, ie boot disks,
forensic software, hardware imagers, remote imaging
[Rm C  - Investigations]
Allan Chabot, Where Cyber
meets Physical in an era of
a Digital Transformation

Physical Security practitioners
are adopting new technologies
to innovate how security protection services are
delivered to their organizations.
In this session, we will explore
this digital transformation
through the lens of exploring
what kind of data is generated
by interconnected sensors, CCTV cameras and badge
readers.  As an investigator,
you can improve the quality,
timeliness and thoroughness
of your fact finding through a
better understanding of physical security programs and
the personnel who are
responsible for its execution. 
[Rm C  -  Forward Looking]
John Armit, Tricks of the trade:
What’s in a fraudster’s toolbox?

With all demographic groups
being expected to use
technology for many facets of
their lives, Canadians are being
increasingly targeted by cyber criminals.  The presentation
will focus on “Tricks of the
trade: What’s in a fraudster’s
toolbox?”, attendees will learn
about current cyber enabled frauds and the most common
fraud techniques in the marketplace right now.
[Rm C - Crypto Investigations]
Eric Rowe, Tracing Interpretation for Investigators
An overview of Bitcoin
graphing and the information
it may provide to investigators.
Starting with UTXOs, addresses
and clusters, and then moving through transaction patterns,
metadata and OSINT this
presentation will explore some
of the insights that an
investigator can hope to gain
from tracing tools.
10:50 - 11:00 Networking (Everyone) * Interact with Sponsors * 
11:00 - 11:50 [Rm Cx  - Forensics]
Brent Salo, UAV/Drone Forensics
Drones In 2023: What is the problem?
Brent will discuss the latest
trends and challenges digital
forensic investigators are faced with when dealing
with modern consumer UAV devices. 
[Rm C - eDiscovery/Legal/Ethics]
Dominic Morissette, Analyzing the impact of illlegal IPTV
and their influence on the
viewership of live sport
and pay per view events

Illegal IPTV services are now
widely sold and distributed,
especially on social media.
This presentation aims at
explaining how this influences the viewership of live sports
and pay per view events, and
present possible solution to
limit the negative impacts of this phenomenon.  
[Rm C - Crypto Investigations]
John Dent, Strategic Insights
into the Laundering of the
Proceeds of Cyber-Enabled Crime

This 'Money Laundering/ Cryptocurrency' presentation
will provide a broad overview
into the high-level trends
identified in the laundering
of ransomware and cyber-enabled fraud proceeds. The
presentation will explore what
happens to ransoms after
they are paid, and what methods and services
ransomware and other threat actors use to launder the
cryptocurrency before cashing it out. 
[Rm C ‑ OSINT]
Robert Coccaro AND David
Managed Attribution:
Why it's important in OSINT

Managed attribution refers to the
deliberate and strategic
management of how information
is attributed to specific individuals
or organizations.It is often used in
situations where anonymity or
confidentiality is required, such
as in research of proprietary or
sensitive information. The goal of
managed attribution is to provide
accurate and reliable information
while protecting the identity of
the researcher or analyst.
11:50 - 13:00 Networking & Lunch Break (Everyone) * Interact with Sponsors * 
13:00 - 13:50 [Rm C ‑ OSInt]
Matin Fazelpour, Legal considerations during cyber
crime investigations

In Canada, cybersecurity and data
protection are governed by a
complex legal and regulatory
framework. This presentation
provides an overview of the evolving Canadian landscape
governing data protection and
cybersecurity that apply to
investigators.  We will explore
the statutory framework of
Canadian privacy and data protection laws relevant to
cybersecurity, the regulatory and
governance framework for certain regulated organizations
and institutions, and the current
state of the common law.
[Rm  - Forward Looking]
Melissa Martineau, Cyber Behavioural Analysis: The Human
Element of Cybercrime Investigations

This presentation introduces the
audience to the application of
behavioural analysis techniques
(aka profiling) to cybercrime
investigations. Providing a brief explanation of the historical
application of behavioural
analysis to investigation and the
types of profiling possible,
Ms. Martineau will explain how
she is using her skills that were
initially honed in the
interpersonal violence domain,
to cybercrime. The presentation
will conclude with a couple of
case examples.
[Rm C - OSInt]
James Skinner, Threat Hunting in Mobile Environment
Case Study

Are you curious about the
hidden intricacies of telco
mobile networks and how they
impact modern hunting
techniques? Join us for an eye‑opening talk on the
fascinating world of cellular
networks versus traditional networks. Discover the
complexities of telco mobile
networks and gain insight into how traditional threat analysis
differs within them. Don't miss
out on this rare opportunity to
expand your knowledge and
enhance your hunting skills.
Classroom Closed ‑ Please
enjoy one of the other 3
on‑going training sessions.
13:50 - 14:00 Networking (Everyone) * Interact with Sponsors * 
14:00 - 14:30 [Rm C140] Top Tier Vendor Showcase (Marketing) 
14:30 - 15:20 [Rm C ‑ Legal]
David Sutherland, Overview of Canadian Cybercrime Law
enforcement landscape

This presentation will provide an
overview of the Canadian Cybercrime Law Enforcement
landscape, touching on a variety of
topics including Cybercrime law, the investigation assessment
process, information sharing, criminal investigations,
collaboration with industry and
current challenges.  The secondary
focus of this presentation is to
discuss how law enforcement can
work together to combat Cybercrime.
[Rm  - Investigations]
Josh Gluck, O.P.P. Investigation Case Study
Description to follow
[Rm C ‑ OSInt]
Miguel Garzon, Open‑Source
C2 Frameworks: The New Trend
Among Threat Actors

The use of open‑source
command‑and‑control (C2)
frameworks by threat actors is
gaining traction as an alternative
to traditional C2 toolkits like Cobalt Strike, Sliver, and Brute
Ratel. In this presentation, we
will discuss the increasing
popularity of open‑source C2
frameworks among threat actors and their effectiveness in
bypassing modern security
defenses. We will introduce
Havoc, an advanced open‑source
C2 framework that uses sleep
obfuscation, indirect syscalls, and return address stack
spoofing to remain undetected. 
Classroom Closed ‑ Please
enjoy one of the other 3
on‑going training sessions.
15:20 - 15:30 Networking (Everyone) * Interact with Sponsors * 
15:30 - 16:20 [Rm C140] Warren Kruse (President, HTCIA IEC)
Discussing the many reasons and benefits of your membership in the
High Technology Crime Investigation Association 
16:20 - 16:30  * Interact with Sponsors * 


TRACKS 1) Digital Forensics (Technical Level)
  2) Open Source & Intelligence
  3) eDiscovery/Legal /Ethics/Privacy
  4) Misc: Cloud Investigations / AI / ML / Threat Hunting & Mapping / Crypto Investigations


8:00 -
High Technology Crime Investigation Association (HTCIA)
REGISTRATIONS / Coffee & Tea     * Interact with Sponsors * 
9:00 - 9:50

[Rm C140] KEYNOTE Mario Mainville

Exec. Director, Corporate Services Branch @ Competition Bureau Canada

"Competition Law Enforcement in the Digital Age"

9:50 - 10:00 Networking (Everyone)  * Interact with Sponsors * 
10:00 - 10:50 [Rm C - Digital Forensics]
Frank Corkery, Overcoming Vehicle Forensic Challenges
with Advanced Acquisition Techniques

Learn about advanced acquisition and decoding
techniques used to recover
data from vehicle infotainment
systems, navigation systems,
and other electronic control units. Explore advanced data
extraction methods when the
major tools either don’t
provide support, or the
hardware is not in adequate
condition to use standard acquisition techniques.
Discover how to deal with data
from 3 different chip types:
eMMC, NAND, and NOR;
receive an overview of ISP/
Direct eMMC as an advanced
non‑destructive data method;
and as a last resort, the Chip-Off process.
[Rm  - Forward Looking]
Matt Holland, Malware and AI: Mystery or Myth?
The future of malware, and
how AI will change the
implementation of malware
and hacker campaigns.  But how
much will AI truly impact malware, its operational usage,
or other types of offensive
hacking campaigns?  This intermediate/advanced
presentation will explore
malware, the true potential effects of AI on malware, and
what can be expected over the
next 5 years.
[Rm  - eDiscovery]
Rob Fried, Investigation of Connected Devices
Robert will discuss the forensic
investigation of “connected”
devices and focus on the forensic
preservation, analysis, and
review of data in forensic tools
and document review platforms.
Additionally, Robert will also
discuss the types of cases being
encountered, and the potential
linkage between different data sources that are encountered
during an investigation. Finally,
Robert will offer guidance on
key skills that will assist today’s
digital investigators. 
[Rm C - Forward Looking]
Trevor Stevado, Loudmouth Security
Description to follow
(This is the team that will offer
'Capture‑the‑Flag [CTF]' during our Summit)
10:50 - 11:00 Networking (Everyone)  * Interact with Sponsors * 
11:00 - 11:50

[Rm C140 - Investigations]
RMCP: David Sutherland, Bell: Anthony Martin, and Rogers: Daniel Pink
Panel Discussion: Law Enforcement and industry cooperation – Case Study

Using a recent illegal IPTV distribution case, the panel will highlight the benefits and challenges when law enforcement and industry
work collaboratively during a criminal investigation. This case study will cover topics such as information sharing, legal considerations,
disclosure and the court process, with an emphasis on the friction points inherent within law enforcement/industry cooperative efforts.

11:50 - 12:15 [Rm C140] Closing Session: Warren Kruse (President,  HTCIA IEC) & Denis Roussel (1st VP, HTCIA IEC)


Keynote Speakers

William Callahan

Dir of Gov't & Strategic Affairs
Blockchain Intelligence Group

Adam Belsher

Magnet Forensics Inc.

Mario Mainville

Exec. Director, Corporate Services Branch
Competition Bureau Canada


Speakers are being added as they are confirmed.

Warren Kruse

HTCIA International

Denis Roussel

First Vice President
HTCIA International

Eric Rowe

Senior IT Specialist
Canada Revenue Agency

Trey Amick

DirectorForensic Consultants
Magnet Forensics Inc.

Colin Cree

EFS e-Forensic Services

Dominic Morissette

PDN Cyber Security

Matin Fazelpour

Privacy & Cybersecurity Lawyer

Neumann Lim

Senior Manager

Allan Chabot

Sr Specialist, Asset Protection
Bell Canada

James Skinner

Sr. Security Systems Integrator
Bell Canada

Colin Ferguson

Sr. CTI Analyst
Bell Canada

Miguel Garzón

Sr. Specialist @ Bell Canada
Faculty Member at uOttawa

Brent Salo

SCG Canada Inc

Frank Corkery

Sales & Forensic Services
Teel Tech Canada

Paul Lorentz

Product Specialist

Thomas Yohannan

Cyberinsurance | Security
Forensics | Law

John Dent

Government of Ontario

Brad Ellis

Sr. Cloud Security Consultant

John Armit

John Armit

Detective Constable
Ontario Provincial Police

Alexandre Bruce

Alexandre Bruce

Senior Program Officer
Fisheries and Oceans Canada

Daniel Pink

Intellectual Property & Comms Lawyer
Rogers Communications

Anthony Martin

Integrity Investigator
Bell Canada

Neil Ning

Toronto Cyber Risk Advisory
Deloitte Canada

Ravi Hans

Toronto Cyber Risk Advisory
Deloitte Canada

Matt Holland

Co-Founder and CEO
Field Effect

Mark Gaudet

Vice President
Simulation Technologies

Rob Fried

Sr. VP, Forensics & Investigation
Sandline Global

Chris Pierre

Founder & Managing Director
KeyNorth Group

Martineau, Melissa

Melissa Martineau

Head of Cyber Behavioural
Analysis & Research

Neal Kushwaha

NSCOESN (Canada)

David Sutherland

David Sutherland

Corporal David Sutherland

Vivek Gupta

HTCIA Ontario Chapter

David Shewbert

Federal Relations & Operations

Robert Coccaro

Robert Coccaro

Solutions Engineer

Josh Gluck

Provincial Constable
Ontario Provincial Police

Plan Your Trip Today!

Les Suites Hotel Ottawa

Les Suites Hotel Ottawa, Ottawa downtown is a stone throw away.

One can experience the best of the capital city. It is actually near attractions like Parliament Hill, National Gallery of Canada and other top museums.

Hotel Les Suites Ottawa will give everyone the best of everything from comfort, location to outstanding service.

Organizing Committee

Denis Roussel

IEC First Vice President
IEC Representative


Gilles Racine

IEC Secretary
Chair, Organizing Committee


Anthony Martin

Ottawa Chapter
Secretary, Organizing Committee


David Ehrlich

HTCIA Office
Organizing Committee


Allan Langille

Atlantic Canada Chapter
Organizing Committee


Ilia Lvovski

British Columbia Chapter
Organizing Committee


Jeanette Foster

HTCIA Office
Organizing Committee


Kevin Lo

Ontario Chapter
Organizing Committee


Eric Rowe

Ottawa Chapter
Organizing Committee


Neil Farish

Ottawa Chapter
Organizing Committee