Training

SecTor Law Enforcement Operations Training

Today, digital investigations are playing a more prominent role in law enforcement. The discipline encompasses not just digital evidence with many different technologies, tools and techniques, but cyber law, security and privacy among others. Their increasing importance is reflected in the growing role of digital investigations with everyone from the first responders to the forensic specialists, prosecutors and more.

 

The SecTor Law Enforcement Operations and Forensics Training 2011 includes two tracks:

 

• Track 1: Operations (Law Enforcement Only)

  Topics such as Cloud Computing Investigations, New Attack Vectors/Threat Landscape, Investigation Support, Cyber Warfare

• Track 2: Forensics (technical, open to all)
  
  

Scenario based, hands on training for technical investigators

 

SecTor Law Enforcement Operations Training

Time	Operations Track 1 (104C)
08:30 - 08:45	Welcome and Introduction
Session 1 8:45 - 9:45	Securing Law Enforcement Networks: The Cost Of Wrong - Nick Selby
9:45 - 10:00	Break
Session 2 10:00 - 11:00	How Solid State Flash hard drives work & how into rebuild for data recovery - Scott Moulton
11:10 - 11:15	Break
Session 3 11:15 - 12:15	Virtualization Forensics - Troy Larson
12:15 - 13:15	Lunch
Session 4 13:15 - 14:15	How I Pwn Your Network: A chat with a Social Engineer - Kai Axford
14:15 - 14:30	Break
Session 5 14:30 - 15:30	Spy Jackers- Countering Persistent Threats - Sean Bodmer
15:30 - 15:45	Break
Session 6 15:45 - 16:45	TBD - Troy Larson

 

Session Abstracts - Operations Track 1

Securing Law Enforcement Networks: The Cost Of Wrong - Nick Selby

 

This frank, aggressive talk discusses how law enforcement agencies currently view network security, and why that view sucks. For many years, law enforcement agencies have managed to squeak by without suffering the consequences of terrible patching, stupid provisioning, undeclared network policies and general ignorance when it comes to security. With attacks against government-owned networks on the rise, and the wealth of information stored on police networks, it's only a matter of time before agencies fall victim to concerted, targeted attacks by organized criminals, gangs and paid hackers. What is to be done? We can start by removing our heads from our butts.

 

Speaker Bio: Nick Selby was sworn as a police officer in 2010. He has been an information security analyst and consultant for nine years, and has worked in physical security and intelligence consulting in various roles since 1993. In 2005 he established the information security practice at industry analyst firm The 451 Group, and from 2006-2011 served on the faculty of IANS Research. Since 2008 he has focused on law enforcement intelligence. He is the technology columnist for Law Officer Magazine, and co-founder of Police Led Intelligence and CSG Analysis.

---

 

Solid State Drives & How They Work For Data Recovery And Forensics - Scott Moulton

 

This presentation will be about the comparison of Flash USB Drives & Solid State Drives VS. Conventional Hard Drive for Data Recovery and Forensics. This presentation is also done with 3D ANIMATIONS that rival the History Channel! As we are all aware, solid state hard drives are going to overtake the hard drives soon rather than later. I am doing recoveries and rebuilds on Solid State Drives and will go over the comparisons to recovery on Standard Hard Drive Recoveries. I am going to discuss a few new items in data recovery that I am working on with rebuilding solid state drives and flash USB memory sticks for data recovery. I have be rebuilding flash drives by removing the chips and moving them to a new flash drive to recover the data. I am going to compare the processes we use with Hard Drives for recovery to Flash and SSD. I will take a look at the control chip for flash memory. A little known fact about flash memory is that flash memory is controlled by a chip that actually has a virtual OS. These are the topics I am going to cover from my experiences in running a successful data recovery company and doing training class for over 10 years. If you are interested in Data Recovery and what happens to the data on Solid State Drives, or just a better understanding of how the drive works, then this is something you don't want to miss!

 

Speaker Bio: Currently Scott Moulton runs a data recovery company called MyHardDriveDied.com as well as classes teaching his techniques to both the public and private sectors. Scott focuses his efforts on dispelling the myths of data recovery by showing how you can rebuild your own hard drives, perform data recovery for investigations or as business venture. Scott Moulton began his forensic computer career with a specialty in rebuilding hard drives for investigation purposes and has rebuilt hard drives for many many investigations. Many times working on a case, Mr. Moulton will be given hard drives that had already failed in an effort to *blame* the opposition or to slow down the work and cost the opposing forces more money. To combat the *blame* scenario, Mr. Moulton developed a skill at rebuilding hard drives and recovering data. In the five years since its inception, Mr. Moulton has handled many complex cases that include homicide, embezzlement, theft, divorce, child pornography and corporate fraud and continues to combat dead hard drives to this day.

---

 

Virtualization Forensics - Troy Larson

 

Abstract TBD

 

Speaker Bio: Troy Larson is the Senior Forensic Investigator in Microsoft's IT Security Group. Prior to joining Microsoft, Mr. Larson worked as a private computer forensics consultant, including two years with the Ernst & Young National Computer Forensics and Incident Response Team. Mr. Larson is a graduate of the University of California, Berkeley, and Boalt Hall School of Law.

---

 

How I Pwn Your Network: A chat with a Social Engineer - Kai Axford

 

Abstract TBD

 

Speaker Bio: Kai Axford (MBA, CPP, CISM, CISSP, ACE, CHFI), is the National Manager for the Information Risk Management & Security practice at Accretive Solutions and he is board certified in security management. In his current role he leads a team of penetration testers that conduct exploitation testing, facility breach exercises, vulnerability assessments, and other security exercises. Kai has delivered over 300 security presentations on a variety of topics, including computer espionage, digital forensics, security management, and incident response around the world. Kai holds an MBA in Information Assurance, is a Certified Protection Professional (CPP), an AccessData Certified (Forensics) Examiner and a graduate of the FBI Citizen's Academy. He is a member of ISSA, ISACA, Infragard, and the North Texas Electronic Crimes Task Force. He currently serves on the academic advisory board for the University of Dallas' graduate program in cybersecurity.

---

 

Spy Jackers- Countering Persistent Threats - Sean Bodmer

 

This lecture builds on a series of threats and countermeasures used to attribute specific occurred events to the individual or group. In this lecture Intelligence Analysis, Cyber-Counterintelligence, and Operational implantations will be covered specifically, how to objectively analyze the details of an intrusion in order to generate highly accurate assessments (profiles) of your adversary which can help IT Security Professionals and/or authorities with attribution and/or apprehension of the criminal. The ability to maintain access and collect information on a target with advanced or persistence access to your enterprise is the bread-and-butter of premier intelligence agencies around the world.

 

Speaker Bio: Sean is an active senior threat research analyst at Damballa. He specializes in the analysis of signatures and behaviors used by the botnets and the cyber-criminal community. Sean focuses his time learning tools, techniques, and procedures behind attacks and intrusions related to various persistent threats. Sean has worked in several Information Systems Security roles for various firms and customers over the past decade across United States. Most notably he has spent several years performing black box penetration testing, incident response, and intrusion and intruder analysis for Fortune 100 companies, the Defense Department, and 'other' Federal Agencies. Sean has shared numerous accounts of his findings at various industry conferences relating to the inner-workings of advanced persistent threats (APTs). Sean has lectured at industry conferences including Bluehat, Defcon, Defcon Skytalks, Hacker Halted, TakeDownCon, PhreakNIC, DC3, NW3C, NSA, DHS Annual Security Symposium, Pentagon Security Forum, and Carnegie Mellon CERT discussing his interest in analyzing and manipulating the minds and morale of persistent threats without their knowledge.

 

Sean has focused his research over the past several years on developing systems that enable the analysis of attackers through various advanced machine learning and enterprise platforms mixed of various public and private Honeynet technologies. Sean co-authored "Hacking Exposed: Malware and Rootkits (the definitive Computer Security book series)" with McGraw-Hill in 2009. Sean is currently working on another book "Spy Hunters: Countering Advanced Persistent Threats," a comprehensive manual that illustrates how to employ various methods of counter-intelligence, disinformation, and deception against active threats in order to learn the 'who' and 'why' behind the breach of your enterprise.

---

 

The training is free and available for Law Enforcement only.

Requires registration at www.sector.ca/register

For registration, or further information please visit:

http://www.sector.ca | Phone: 416.977.0330 | Toll Free: 1.877.977.0330 |

Email: info@sector.ca