CANCELLED: 2023 Canada Cyber Investigation Summit
This event has been cancelled.
The HTCIA Canada Cyber Investigation Summit delivers invaluable content, compelling keynotes, leading-edge insights and extensive opportunities to exchange ideas. Our attendees demand the most current and up-to-date information to help them succeed at work and continue to grow in their careers. Sponsoring and exhibiting at the conference provides your company with the opportunity to engage with high tech crime investigators at all levels who are actively learning and evaluating the best that the industry has to offer. Don’t miss your chance to talk to and influence this qualified audience!
We look forward to welcoming you to the 5th Annual HTCIA Canada Cyber Investigation Summit.
Training venue: University of Ottawa, 100 Louis-Pasteur Private, [Building: Learning Crossroads (CRX)], Ottawa, Ontario, K1N 9N3, Canada
TRACKS | 1) Digital Forensics (Technical Level) | |||
2) Open Source & Intelligence | ||||
3) eDiscovery/Legal /Ethics/Privacy | ||||
4) Misc: Cloud Investigations / AI / ML / Threat Hunting & Mapping / Crypto Investigations |
8:00 - 8:40 |
High Technology Crime Investigation Association (HTCIA) REGISTRATIONS / Coffee & Tea * Interact with Sponsors * |
|||
8:40 - 9:00 | [Rm C140] Opening Session & Introductions | |||
9:00 - 9:50 | [Rm C140] KEYNOTE: William Callahan
Dir of Gov't & Strategic Affairs - Blockchain Intelligence Group Confronting National Security & Public Safety Threats in a Borderless Digital Asset World |
|||
9:50 - 10:00 | Networking (Everyone) * Interact with Sponsors * | |||
10:00 - 10:50 | [Rm C - Forward Looking] Trevor Stevado, Loudmouth Security Description to follow (This is the team that will offer 'Capture‑the‑Flag [CTF]' during our Summit) |
[Rm C - Legal/Privacy] Matin Fazelpour, Legal considerations during cyber crime investigations In Canada, cybersecurity and data protection are governed by a complex legal and regulatory framework. This presentation provides an overview of the evolving Canadian landscape governing data protection and cybersecurity that apply to investigators. We will explore the statutory framework of Canadian privacy and data protection laws relevant to cybersecurity, the regulatory and governance framework for certain regulated organizations and institutions, and the current state of the common law. |
[Rm - Coud Investigations] Brad Ellis, Accelerating Incident Response Investigations with Cloud Automation The threat landscape of cybersecurity is constantly evolving, and organizations must be prepared to respond quickly and effectively to incidents. However, incident response procedures can be time‑consuming, complex, and prone to inconsistencies due to misconfigurations. This presentation introduces an automatically provisioned cloud‑based cybersecurity incident response environment to address these challenges. Using automation provides a consistent approach to provisioning an incident response environment and resources, reducing the time and complexity involved in the process. |
[Rm C - Crypto Investigations] Eric Rowe: Truckers, Freedom, and Bitcoins: combining OSINT with blockchain information An overview of the Adopt-a- Trucker and HonkHonkHodl fundraising campaigns, and how the extensive open source and blockchain information which was available might be used to inform an investigation as well as a search and seizure. Using OSINT and blockchain information to discover: (1) donation, donor and recipient bitcoin addresses, (2) motivations of donors, (3) types of wallets used by the organizers and the truckers, (4) sources of KYC/identity information, (5) the use of seed word lists, and (6) the number of donation fund controllers. |
10:50 - 11:00 | Networking (Everyone) * Interact with Sponsors * | |||
11:00 - 11:50 | [Rm - Forensics] Paul Lorentz, Samsung Rubin, is it the Keychain of Android? Is your FFS really a FFS. Are you getting everything you need to parse Samsung Rubin? |
[Rm Cx - Case Study] Panel Discussion: ‑‑Neumann Lim ‑‑Neil Ning ‑‑Ravi Hans Managed Chaos: Navigating ransomware attacks with the art of incident response We will take you through a real ransomware case involving BlackBasta and provide a step by step guide to managing the many tasks dealing with the cyber incident. By following these steps, organizations can minimize the impact of a ransomware attack and ensure business continuity. |
[Rm - OSInt] Alex Bruce, Developing Effective Open Source Information Collection (OSIC) Governance Over the last five years, I have noticed that while the OSIC/ OSINT practitioner community has developed excellent resources and tradecraft, many commonly lack a critical governance model needed to ensure long term operations success. This presentation will explore the key governance and framework components that should be embedded within any individual or group protocols when conducting OSIC. The presentation is geared towards all OSINT practitioners, investigators and program managers/team-leads. |
Classroom Closed ‑ Please enjoy one of the other 3 on‑going training sessions. |
11:50 - 13:00 | Networking & Lunch Break (Everyone) * Interact with Sponsors * | |||
13:00 - 13:50 | [Rm C140] Warren Kruse (President, HTCIA IEC) & Trey Amick (Director, Magnet Forensics) Panel Discussion: Industrial IOT Intro and Analysis Considerations Join Warren Kruse and Trey Amick for a discussion on the potential relevance of IoT data to different corporate, criminal, and civil case scenarios, and the potential need for obtaining discovery from, for example, internet‑connected cameras; home automation systems; smart speakers, TVs, and refrigerators, and wearables. This discussion will also touch on aspects of the industrial realm such as the challenge of IoT data generated in factories, warehouses, and pipelines, among other settings. |
|||
13:50 - 14:00 | Networking (Everyone) * Interact with Sponsors * | |||
14:00 - 14:30 | [Rm C140] Top Tier Vendor Showcase (Marketing) Rudi Thorsteinson from Blockchain Intelligence Group will walk through an example of how QLUE, its cryptocurrency tracing tool, is used to easily trace and track the movement cryptocurrency through different obfuscation techniques, services and protocols, and across multiple blockchains. During this time, he will show how funds move across the blockchain, how exchanges are identified, and how to collect intelligence to identify bad actors. |
|||
14:30 - 15:20 | [Rm C - Digital Forensics] Colin Cree, Search Preparations Critical in both public and private sector. Search planning is critical to any engagement or investigation. This session will provide an understanding of common search issues and how to plan to minimize their effect on your practice. |
[Rm C - Financial Investigations] Chris Pierre, Financial Investigations While there have been incredible advances in technologies such as cryptocurrencies, identifying who one is dealing with, beneficial ownership, business interests, assets, liabilities and financial relationships remain a very important part of investigation and due diligence risk management. This presentation will address trending issues at the intersection of OSINT, financial crime investigation and risk management. |
[Rm - Cloud Investigations] Thom Yohannan, Introduction to Cloud Forensics The workshop will encompass a basic yet comprehensive overview of cloud forensics. 1. How cloud platforms, specifically, AWS/GCP/Azure 2. A history of case law one should be aware of 3. Forensic tasks in the cloud versus on-premise |
Classroom Closed ‑ Please enjoy one of the other 3 on‑going training sessions. |
15:20 - 15:30 | Networking (Everyone) * Interact with Sponsors * | |||
15:30 - 16:20 | [Rm - Forward Looking] Mark Gaudet, The emergence of cyber ranges as the core of a cybercrime investigation ecosystem The global shortage of cybersecurity professionals is driving the deployment of cyber ranges as a key tool in workforce development and training. Cyber ecosystems are developing around cyber ranges that go beyond individual training to include research, cyber awareness, live simulations and incident response exercises. What role can cyber ranges play in building a sustainable cybercrime policing force, while increasing awareness, and reporting rates for cybercrime. |
[Rm - Forward Looking] Neal Kushwaha, Canadian threats and risksthrough the public’s eyes Building on last year’s talk titled “It’s not all Cyber: Exposing Target Behaviours and Motives”, targeting, intelligence, described the different types of intelligence, and described the difference between evidence and intelligence. This year he will describe the value of the National Security Centre of Excellence (NSCOE/CdESN)) and describe some of key threats and risks Canadian entities and individuals of National Interest are facing today, and time permitting will dive into more than one anonymized cases. |
[Rm - Legal/eDiscovery] Vivek Gupta, eDiscovery Strategies Description and timeslot to follow. |
Classroom Closed ‑ Please enjoy one of the other 3 on‑going training sessions. |
16:20 - 18:00 | Social Event & Networking (Everyone) * Interact with Sponsors * |
Social Event Sponsor:
TRACKS | 1) Digital Forensics (Technical Level) | |||
2) Open Source & Intelligence | ||||
3) eDiscovery/Legal /Ethics/Privacy | ||||
4) Misc: Cloud Investigations / AI / ML / Threat Hunting & Mapping / Crypto Investigations |
8:00 - 9:00 |
High Technology Crime Investigation Association (HTCIA) REGISTRATIONS / Coffee & Tea * Interact with Sponsors * |
|||
9:00 - 9:50 | [Rm C140] KEYNOTE: Adam Belsher CEO, Magnet Forensics Fireside Chat |
|||
9:50 - 10:00 | Networking (Everyone) * Interact with Sponsors * | |||
10:00 - 10:50 | [Rm C - Digital Forensics] Colin Cree, Imaging : Do it right, or not at all Capturing a defensible image is the most important step in any examination. This session is a review of imaging issues, and types of imaging, ie boot disks, forensic software, hardware imagers, remote imaging options. |
[Rm C - Investigations] Allan Chabot, Where Cyber meets Physical in an era of a Digital Transformation Physical Security practitioners are adopting new technologies to innovate how security protection services are delivered to their organizations. In this session, we will explore this digital transformation through the lens of exploring what kind of data is generated by interconnected sensors, CCTV cameras and badge readers. As an investigator, you can improve the quality, timeliness and thoroughness of your fact finding through a better understanding of physical security programs and the personnel who are responsible for its execution. |
[Rm C - Forward Looking] John Armit, Tricks of the trade: What’s in a fraudster’s toolbox? With all demographic groups being expected to use technology for many facets of their lives, Canadians are being increasingly targeted by cyber criminals. The presentation will focus on “Tricks of the trade: What’s in a fraudster’s toolbox?”, attendees will learn about current cyber enabled frauds and the most common fraud techniques in the marketplace right now. |
[Rm C - Crypto Investigations] Eric Rowe, Tracing Interpretation for Investigators An overview of Bitcoin graphing and the information it may provide to investigators. Starting with UTXOs, addresses and clusters, and then moving through transaction patterns, metadata and OSINT this presentation will explore some of the insights that an investigator can hope to gain from tracing tools. |
10:50 - 11:00 | Networking (Everyone) * Interact with Sponsors * | |||
11:00 - 11:50 | [Rm Cx - Forensics] Brent Salo, UAV/Drone Forensics Drones In 2023: What is the problem? Brent will discuss the latest trends and challenges digital forensic investigators are faced with when dealing with modern consumer UAV devices. |
[Rm C - eDiscovery/Legal/Ethics] Dominic Morissette, Analyzing the impact of illlegal IPTV and their influence on the viewership of live sport and pay per view events Illegal IPTV services are now widely sold and distributed, especially on social media. This presentation aims at explaining how this influences the viewership of live sports and pay per view events, and present possible solution to limit the negative impacts of this phenomenon. |
[Rm C - Crypto Investigations] John Dent, Strategic Insights into the Laundering of the Proceeds of Cyber-Enabled Crime This 'Money Laundering/ Cryptocurrency' presentation will provide a broad overview into the high-level trends identified in the laundering of ransomware and cyber-enabled fraud proceeds. The presentation will explore what happens to ransoms after they are paid, and what methods and services ransomware and other threat actors use to launder the cryptocurrency before cashing it out. |
[Rm C ‑ OSINT] Robert Coccaro AND David Shewbert, Managed Attribution: Why it's important in OSINT Managed attribution refers to the deliberate and strategic management of how information is attributed to specific individuals or organizations.It is often used in situations where anonymity or confidentiality is required, such as in research of proprietary or sensitive information. The goal of managed attribution is to provide accurate and reliable information while protecting the identity of the researcher or analyst. |
11:50 - 13:00 | Networking & Lunch Break (Everyone) * Interact with Sponsors * | |||
13:00 - 13:50 | [Rm C ‑ OSInt] Matin Fazelpour, Legal considerations during cyber crime investigations In Canada, cybersecurity and data protection are governed by a complex legal and regulatory framework. This presentation provides an overview of the evolving Canadian landscape governing data protection and cybersecurity that apply to investigators. We will explore the statutory framework of Canadian privacy and data protection laws relevant to cybersecurity, the regulatory and governance framework for certain regulated organizations and institutions, and the current state of the common law. |
[Rm - Forward Looking] Melissa Martineau, Cyber Behavioural Analysis: The Human Element of Cybercrime Investigations This presentation introduces the audience to the application of behavioural analysis techniques (aka profiling) to cybercrime investigations. Providing a brief explanation of the historical application of behavioural analysis to investigation and the types of profiling possible, Ms. Martineau will explain how she is using her skills that were initially honed in the interpersonal violence domain, to cybercrime. The presentation will conclude with a couple of case examples. |
[Rm C - OSInt] James Skinner, Threat Hunting in Mobile Environment Case Study Are you curious about the hidden intricacies of telco mobile networks and how they impact modern hunting techniques? Join us for an eye‑opening talk on the fascinating world of cellular networks versus traditional networks. Discover the complexities of telco mobile networks and gain insight into how traditional threat analysis differs within them. Don't miss out on this rare opportunity to expand your knowledge and enhance your hunting skills. |
Classroom Closed ‑ Please enjoy one of the other 3 on‑going training sessions. |
13:50 - 14:00 | Networking (Everyone) * Interact with Sponsors * | |||
14:00 - 14:30 | [Rm C140] Top Tier Vendor Showcase (Marketing) | |||
14:30 - 15:20 | [Rm C ‑ Legal] David Sutherland, Overview of Canadian Cybercrime Law enforcement landscape This presentation will provide an overview of the Canadian Cybercrime Law Enforcement landscape, touching on a variety of topics including Cybercrime law, the investigation assessment process, information sharing, criminal investigations, collaboration with industry and current challenges. The secondary focus of this presentation is to discuss how law enforcement can work together to combat Cybercrime. |
[Rm - Investigations] Josh Gluck, O.P.P. Investigation Case Study Description to follow |
[Rm C ‑ OSInt] Miguel Garzon, Open‑Source C2 Frameworks: The New Trend Among Threat Actors The use of open‑source command‑and‑control (C2) frameworks by threat actors is gaining traction as an alternative to traditional C2 toolkits like Cobalt Strike, Sliver, and Brute Ratel. In this presentation, we will discuss the increasing popularity of open‑source C2 frameworks among threat actors and their effectiveness in bypassing modern security defenses. We will introduce Havoc, an advanced open‑source C2 framework that uses sleep obfuscation, indirect syscalls, and return address stack spoofing to remain undetected. |
Classroom Closed ‑ Please enjoy one of the other 3 on‑going training sessions. |
15:20 - 15:30 | Networking (Everyone) * Interact with Sponsors * | |||
15:30 - 16:20 | [Rm C140] Warren Kruse (President, HTCIA IEC) Discussing the many reasons and benefits of your membership in the High Technology Crime Investigation Association |
|||
16:20 - 16:30 | * Interact with Sponsors * |
TRACKS | 1) Digital Forensics (Technical Level) | |||
2) Open Source & Intelligence | ||||
3) eDiscovery/Legal /Ethics/Privacy | ||||
4) Misc: Cloud Investigations / AI / ML / Threat Hunting & Mapping / Crypto Investigations |
8:00 - 9:00 |
High Technology Crime Investigation Association (HTCIA) REGISTRATIONS / Coffee & Tea * Interact with Sponsors * |
|||
9:00 - 9:50 |
[Rm C140] KEYNOTE Mario Mainville Exec. Director, Corporate Services Branch @ Competition Bureau Canada "Competition Law Enforcement in the Digital Age" |
|||
9:50 - 10:00 | Networking (Everyone) * Interact with Sponsors * | |||
10:00 - 10:50 | [Rm C - Digital Forensics] Frank Corkery, Overcoming Vehicle Forensic Challenges with Advanced Acquisition Techniques Learn about advanced acquisition and decoding techniques used to recover data from vehicle infotainment systems, navigation systems, and other electronic control units. Explore advanced data extraction methods when the major tools either don’t provide support, or the hardware is not in adequate condition to use standard acquisition techniques. Discover how to deal with data from 3 different chip types: eMMC, NAND, and NOR; receive an overview of ISP/ Direct eMMC as an advanced non‑destructive data method; and as a last resort, the Chip-Off process. |
[Rm - Forward Looking] Matt Holland, Malware and AI: Mystery or Myth? The future of malware, and how AI will change the implementation of malware and hacker campaigns. But how much will AI truly impact malware, its operational usage, or other types of offensive hacking campaigns? This intermediate/advanced presentation will explore malware, the true potential effects of AI on malware, and what can be expected over the next 5 years. |
[Rm - eDiscovery] Rob Fried, Investigation of Connected Devices Robert will discuss the forensic investigation of “connected” devices and focus on the forensic preservation, analysis, and review of data in forensic tools and document review platforms. Additionally, Robert will also discuss the types of cases being encountered, and the potential linkage between different data sources that are encountered during an investigation. Finally, Robert will offer guidance on key skills that will assist today’s digital investigators. |
[Rm C - Forward Looking] Trevor Stevado, Loudmouth Security Description to follow (This is the team that will offer 'Capture‑the‑Flag [CTF]' during our Summit) |
10:50 - 11:00 | Networking (Everyone) * Interact with Sponsors * | |||
11:00 - 11:50 |
[Rm C140 - Investigations] Using a recent illegal IPTV distribution case, the panel will highlight the benefits and challenges when law enforcement and industry |
|||
11:50 - 12:15 | [Rm C140] Closing Session: Warren Kruse (President, HTCIA IEC) & Denis Roussel (1st VP, HTCIA IEC) |
Due to members experiencing delays in getting their travel approvals, the organizing committee has now extended the Early Bird Pricing until April 30, 2023!
Platinum Sponsor:
Gold Sponsors:
Bronze Sponsors:
Supporters:
Venue:
Speakers are being added as they are confirmed.


John Armit
Detective Constable
Ontario Provincial Police


Alexandre Bruce
Senior Program Officer
Fisheries and Oceans Canada


Melissa Martineau
Head of Cyber Behavioural
Analysis & Research


David Sutherland
Corporal David Sutherland
RCMP


Robert Coccaro
Solutions Engineer
Authentic8
Les Suites Hotel Ottawa
Les Suites Hotel Ottawa, Ottawa downtown is a stone throw away.
One can experience the best of the capital city. It is actually near attractions like Parliament Hill, National Gallery of Canada and other top museums.
Hotel Les Suites Ottawa will give everyone the best of everything from comfort, location to outstanding service.