9:15 am - 10:15 am

Keynote Session #1 (Rob Duhart, Vice President, Deputy CISO, Walmart)

10:45 am - 11:45 am

Forensic Analyses of Audio, Acoustic, and Video Evidence (Herbert Joe)

Audio, acoustics, voice and video evidence are common in civil and criminal litigation throughout all state and Federal courts. Often such evidence is extracted from a computer or mobile device. All parties must at least be generally familiar with what can (and cannot) be done forensically and legally with such evidence: Authenticity analyses forensically determine if the audio or video evidence is legally trustworthy (admissible), or whether it has been tampered or fabricated in any way (inadmissible). Digital signal processing (enhancement) makes the audio more audible/intelligible, or the video clearer. Photogrammetry allows determination of heights of suspects, etc. Aural-acoustic-spectrography is the forensic comparison of 2 voice samples (“known” vis-a-vis “unknown”) based on scientific principles well established in the speech and hearing sciences to determine the identity of a speaker. Learn generally what can and cannot be done in content-based forensic analyses of audio and video evidence, whether you're the proponent or opponent of the evidence.

The Dark Web - Why It's Important to Investigators (Todd Shipley)

This session will cover the importance of understanding the Dark web for investigators. It will discuss what investigators need to get on the Dark web and what possible value it is for OSINT collection. This session will introduce the investigator to the various issues surrounding tracing anonymous users during and investigation.

Mobile Analysis Methodology and 3rd Party App Analysis (Lab - Part 1) (Jessica Hyde)

This hands-on workshop teaches a methodology for mobile forensic analysis of unsupported applications and artifacts. It teaches a 5-part methodology; Discover, Test, Parse, Find, and Script. These are necessary skills to parse 3rd party applications.

Threat Simulations - a Hands-On Investigation (Lab - Part 1) (Ali Hadi and Mariam Khader)

9:00 am - 10:00 am

Do Not Fear The Dark Web (Keven Hendricks)

This presentation would cover the best investigatory practices for the dark web investigations, understanding evolving trends concerning the different dark nets, new decentralized messaging platforms that threat actors are using, being “undercover” on the dark web and engaging illicit markets, and how to attempt to identify a dark web threat actor in the “real world”.

Expert Witness (Aaron Crews)

Zaza vs. Malicious Code (Lab - Part 1) (Zaza Handy)

Zaza will take participants through tactics and techniques used to uncover elusive malware she encountered. She will discuss and demonstrate tools and methodology used to identify, retrieve, analyse and reverse engineer suspicious code identified during a challenging security incident she handled. During this session, she will discuss challenges encountered and solutions that worked during the investigation will be presented. Zaza will conclude with recommendations for responding and recovering from what she refers to as bad mama jammer resident malware.

Investigating Linux Systems (Lab - Part 1) (Ali Hadi and Miriam Khader)

Linux Forensics is an invaluable skill in the toolkit of any digital forensics investigator, given the widespread adoption of Linux in various IT infrastructures. This field involves more than just identifying illicit activities; it's about understanding the nuances of Linux environments that may have been compromised. Investigators equipped with knowledge in Linux Forensics can adeptly analyze a breached Linux system, discerning the how, when, and why of the attack. The ability to perform forensics on a Linux system means being able to navigate through layers of data and system logs to trace the origins of a breach. Forensic investigators must have the required skills to identify signs of compromise, such as unauthorized access or suspicious user activities. They must know where to look for these indicators within the Linux system, from file systems to application logs, and how to interpret them. Furthermore, Linux Forensics is not just about dealing with the aftermath of a cyber attack; it's also about proactive measures. Investigators skilled in this area can discover potential vulnerabilities on Linux systems, ensuring that they are fortified against possible threats.

10:30 am - 11:30 am

CyberTheft of Trade Secrets and Legal Considerations duing Data Breaches (Herbert Joe)

Trade secrets make up the majority of the value of U.S. public companies' portfolios. Not surprisingly, such secrets are high value theft targets for domestic and foreign competitors. Domestic economic damage attributed to trade secret theft alone – not even accounting for counterfeit goods and software piracy – exceeds $600 billion annually. This presentation explores the world of trade secrets, details some high-profile trade secret theft cases, how trade secrets differ from other intellectual properties, the legal aspects of trade secrets, some recent case law and legislation, and general discovery/legal considerations during a data breach.

Forensics in the New Millenium (Warren Kruse)

Zaza vs. Malicious Code (Lab - Part 2) (Zaza Handy)

Zaza will take participants through tactics and techniques used to uncover elusive malware she encountered. She will discuss and demonstrate tools and methodology used to identify, retrieve, analyse and reverse engineer suspicious code identified during a challenging security incident she handled. During this session, she will discuss challenges encountered and solutions that worked during the investigation will be presented. Zaza will conclude with recommendations for responding and recovering from what she refers to as bad mama jammer resident malware.

Investigating Linux Systems (Lab - Part 2) (Ali Hadi and Miriam Khader)

Linux Forensics is an invaluable skill in the toolkit of any digital forensics investigator, given the widespread adoption of Linux in various IT infrastructures. This field involves more than just identifying illicit activities; it's about understanding the nuances of Linux environments that may have been compromised. Investigators equipped with knowledge in Linux Forensics can adeptly analyze a breached Linux system, discerning the how, when, and why of the attack. The ability to perform forensics on a Linux system means being able to navigate through layers of data and system logs to trace the origins of a breach. Forensic investigators must have the required skills to identify signs of compromise, such as unauthorized access or suspicious user activities. They must know where to look for these indicators within the Linux system, from file systems to application logs, and how to interpret them. Furthermore, Linux Forensics is not just about dealing with the aftermath of a cyber attack; it's also about proactive measures. Investigators skilled in this area can discover potential vulnerabilities on Linux systems, ensuring that they are fortified against possible threats.

12:30 pm - 1:30 pm

Generative AI & Messaging Apps - Taking Digital Investigations by Storm (Julie Lewis)

Generative AI (ChatGPT, Bard, etc.) is an evolutionary technology taking all industries by storm. Most collaboration, social media and messaging apps have or will be embedding this productivity technology is some way. In this session, we will discuss the impact on the explosion of communications, authentication issues and approaches, and data security risks. We will also discuss the impact on digital investigations as we tackle the year of the bots.

Mock Trial (Part 1)

12:30 pm - 2:00 pm 

Unlocking Digital Forensics with PALADIN - a Hands-On Workshop (Lab - Part 1 & 2) (Steve Whalen)

Dive into the world of digital forensics with our interactive workshop at the HTCIA International Conference, featuring the powerful tool PALADIN. PALADIN is a versatile and user-friendly forensic suite built on a Ubuntu Linux foundation, renowned for its ability to simplify complex forensic tasks. This workshop is your gateway to mastering both basic and advanced features of PALADIN, including its intuitive graphical user interface, robust imaging capabilities, and the comprehensive PALADIN Toolbox. Our session will guide you through the essentials of using PALADIN for forensic imaging, data triage, and advanced analysis. You’ll learn to navigate its features, from creating forensic copies of data to leveraging the Toolbox for deeper investigations. We’ll explore how PALADIN streamlines the process of acquiring and analyzing digital evidence, making it an invaluable asset for forensic professionals. As a bonus, the first 50 attendees will receive their own PALADIN USB drive to keep, pre-loaded with the latest version of the tool, allowing you to immediately implement your new skills in real-world scenarios. Whether you’re new to PALADIN or looking to deepen your existing knowledge, this workshop offers a hands-on experience to enhance your forensic capabilities. Join us to unlock the full potential of PALADIN in your forensic investigations.

2:00 pm - 3:00 pm

Investigating Online Crypto Investment Fraud (Keven Hendricks)

While cryptocurrency may be a polarizing topic, every day there are people falling victim to scams or fraud with a nexus to crypto. Often viewed as abstruse or something that is beyond the purview of local law enforcement to investigate, this presentation would cover cryptocurrency fundamentals and best investigatory practices.

Prove It! The Future of Synethetic Media (AI) Detection in Justice and Public Safety (Trey Amik, Brandon Epstein, Steve Gemperle)

Tom Cruise performing magic tricks on TikTok, the Pope wearing Balenciaga, foreign leaders declaring acts of war…the prevalence of high-quality synthetic media online has brought a new age of disinformation and distrust to society. While a distinct concern, how does this relate to evidence admissibility in criminal investigations and legal proceedings? What is the true threat to public safety? This presentation will address the real concerns with synthetic media as it pertains to law enforcement and forensic examiners who have to authenticate evidence for court. The presentation will address not only the detection of synthetic or altered media but methods to prove when video files are real. Reliable, explainable, and repeatable techniques for the examination and authentication of video evidence will be introduced. The presentation will also discuss how to deploy these techniques at scale and integrated into an overall digital forensic examination.

Mock Trial (Part 2)