2008 ASIS-HTCIA Training Conference and Expo Full Schedule

2008 ASIS-HTCIA Training Conference and Expo		Tuesday, 5/6/2008
Class ID	Event-Class/Instructor & Room	Start Time	End Time	Available
110	Breakfast - Oyster Point Eat Breakfast, a great opportunity to network and socialize.	07:30	08:00	All
111	Opening Ceremonies / Key Notes: Clifford Stoll; Dario Rocha and Roxanne Hercules - Oyster Point Welcome address by the Chief of Police of South San Francisco; Key Note Presentation by Clifford Stoll, Author of the "Cuckoo's Egg" and other books, Subject: "The Cuckoo's Egg - Twenty Years Later (What they don't teach you in Investigators school)". Cliff will be followed by Dario Rocha from Customs and Border Protection who will present IPR Enforcement to include trademark and copyright violations, admissibility, and administrative penalties. Dario will be followed by Roxanne Hercules, Chief CBPO/Public Affairs Liaison, Customs And Border Protection (CBP)who will speak on the latest enforcement processes to include the CBP five-tiered approach to terrorism: Cargo Security Strategy (CSS) to include 24 Hour Rule, National Targeting Center - Analytical Targeting Units, Detection Technology, Container Security Initiative (CSI), and Customs-Trade Partnership Against Terrorism (C-TPAT) (also Coast Guard Partnership).	08:00	10:00	All
112	Break - Oyster Point	10:00	10:15	All
200 UPDATED!	Combating Software and Content Piracy through Awareness, Education and Enforcement Keith M. Kupferschmid & Ramona Percelle - Baden A This is a great way for law enforcement and industry investigators to learn about the software and content industry and the impact of piracy. Through this lecture, the SIIA will provide law enforcement and industry investigators with real-life examples of pirated products and ways to identify illegal vs. legitimate software and to understand the various issues surrounding content piracy. By participating, the SIIA will be able to build a relationship with law enforcement and industry investigators to educate them about the software industry and its efforts to combat piracy and to better understand copyright infringement as it relates to corporations, individuals, and educational institutions.	10:15	12:15	Register
201 UPDATED!	Bridging the Gap Between Computer Forensics and Electronic Discovery Julie Lewis - Salon A & B This presentation will explain the differences between computer forensics and electronic discovery and address the explosive growth rate of data and emerging trends for dealing with this issue. A demo will be provided of FileQuest, a next-generation Web-based electronic discovery platform for managing filtering, review and production of large volumes of data over geographically distributed environments.	10:15	12:15	Register
202 UPDATED!	Electronic Discovery Update: After Zubulake and the New Federal Rules Milton Luoma - Salon C & D The discovery process in litigation has always included documents and evidence stored electronically, but now that the volume of information created and stored electronically is increasing exponentially, the question arises: who should bear the costs of producing those records? In Zubulake v. Warburg UBS, a federal judge in New York established a standard for determining the point at which costs of electronic document production should shift from the producer to the requestor. In December 2006 the U.S. Supreme Court adopted new rules of procedure regarding electronic discovery that incorporated much of the reasoning in the Zubulake opinion. Now that the new rules have been in place for a year, where is electronic discovery heading and what are the implications for organizations involved in litigation? When is it advantageous for an organization to bear the costs of a forensic analysis of a party opponent's computers? This presentation deals with a summary of the important issues involved in this decision-making process and suggests guidelines for management in making this determination. It also reviews the recent changes in the law of electronic discovery and its likely future directions.	10:15	12:15	Register
203 UPDATED!	Child Exploitation Investigations in the Workplace Robert Monsour - Salon H With the growth of the Internet, crimes such as child pornography, online enticement of minors, and child sex tourism have exploded. A surprising number of individuals who commit these crimes extend their unlawful activities to their workplace computers, creating risks for employers as well as children. This session will provide training for corporate investigators in conducting thorough investigations of potential child exploitation activity involving workplace computers. Attendees will receive guidance on presenting findings to law enforcement, handling evidence, and supporting personnel action. Participants will also learn some of the indicators of computer-based child exploitation activity, and how they can use these indicators to identify and stop these crimes in their own organizations.	10:15	12:15	Register
204 UPDATED!	Viruses, Trojans, BOT Infections and other Spyware Sreenivas Kancharla - Baden B This session will provide best practices overview on how to prevent infections from Viruses, Trojans, BOT Infections, Spyware and other Malware. You will learn Virus history and common environment of malicious code; and good practices to protect the information systems for malicious attacks.	10:15	12:15	Register
113	Lunch - Oyster Point Enjoy a great lunch with good company. Mingle and introduce yourselves.	12:15	13:15	All
205 UPDATED!	ESA Online Piracy Workshop Jake Snyder - Baden A The Entertainment Software Association (ESA) is the U.S. association exclusively dedicated to serving the business and public affairs needs of companies that publish video and computer games for video game consoles, personal computers, and the Internet. ESA members collectively account for more than 90 percent of the $7.4 billion in entertainment software sold in the U.S. in 2006, and billions more in export sales of U.S.-made entertainment software. The ESA offers a range of services to interactive entertainment software publishers including a global anti-piracy program, business and consumer research, government relations and intellectual property protection efforts. ESA also owns and operates the E3 Media & Business Summit. This presentation covers Online Anti-Piracy Efforts by the ESA and is directed at law enforcement and corporate investigators investigating counterfeit hardware and software.	13:15	15:15	Register
206 UPDATED!	FTK 2.0 Part 1 Access Data Staff - Salon A & B This is a four hour introductory class and demonstration of AccessData’s Forensic Tool Kit 2.0. It is suitable for both law enforcement and industry investigators involved in computer forensics and investigators who may have to review information obtained through a forensic examination of a digital media. (Part 1 of a 2 Part Class)	13:15	15:15	Register
207 UPDATED!	Internet Safety Presentation for Professionals Constable Kathy Macdonald - Salon C & D Internet users face new challenges understanding the technology that their children use every day for educational and entertainment purposes. Law enforcement officers and physical and information security professionals are often tasked with offering smart tips to customers and victims about the risks they face online. This presentation speaks about online risks including desensitization, cyber bullying, cyber threats and identity crime. This presentation offers practical information with sensible and simple tips to reduce risks. Kathy incorporates real life stories from kids, teachers and parents that help to illustrate the importance of Internet education and awareness for everyone.	13:15	15:15	Register
208 UPDATED!	“Policing the Internet” Making Online Investigations an everyday law enforcement task Todd Shipley and William Seibert - Salon H The internet has long been known as a free and open place with little or no regulation. Since the Internet’s beginnings law enforcement has been unable to spend a sufficient amount of its time and resources addressing the growing crime problem occurring on the Internet. The crime committed on the Internet is no longer relegated to only a few types of technology specific crimes. Every crime now, from identity theft to mass murders, can have a connection to the Internet. Identity thieves can apply, with ease and anonymity, for credit cards in their victims’ names, mass murders may detail their crimes on their MySpace page or a blog before they commit their heinous act, and we are all aware of the publicity surrounding the growing child predator problem which has only been enhanced by the expansion of the Internet into our lives. Law enforcement must learn to understand on a much broader scale the impact that the Internet has caused in the area of crime. Law enforcement must become regular fixtures on the Internet and “Make the Internet your regular beat™”. To accomplish this task a broader understanding of Internet crime and its impact must occur within all of law enforcement. An international strategy needs to be developed and coordinated with a sharing of information on a scale never before seen must occur, and tools need to be put into the hands of every investigator to enable the collection of evidence and allow for the easier investigation of Internet related crimes. This block of instruction will be a conversation with the attendees intended to draw on current experiences of the attendees and detail the current problems and solutions encountered by law enforcement. The discussion will be centered on suggestions for the best practices for online investigations and overcoming court challenges of Internet evidence. In addition, will be how to address the long-term changes required throughout law enforcement to effectively address the fast evolution of crimes on the Internet.	13:15	15:15	Register
209 UPDATED!	Stalk This! How to asses a threat, manage a case and empower the victim to deal with a Stalker in the workplace Kathleen Baty - Baden B TBS	13:15	15:15	Register
114	Break - Oyster Point	15:15	15:30	All
115	EXPO Set Up - Salon E & F For Vendors	15:30	17:30	All
210 UPDATED!	Counterfeit Investigations in China Brian Hyland - Baden A Do you have problems in China conducting investigations? This lecture and presentation will show how SanDisk Corporation started its anti-counterfeiting program in China. It describes the resources needed in China, investment challenges, Return on Investment (ROI) information for executive staff, and legal concerns both in China and the US.	15:30	17:30	Register
211 UPDATED!	FTK 2.0 Part 2 Access Data Staff - Salon A & B Continuation of Class 206 - 4 Hr Course * Register for Class 206	15:30	17:30	See 206
212 UPDATED!	Computer Fraud and Abuse Act Milton and Vicki Luoma - Salon C & D In response to serious threats from computer hackers Congress passed the Computer Fraud and Abuse Act in 1984. The act was passed to protect the government's computers and the government's financial information on financial institutions’ computers. As more hacking issues presented themselves and terrorist issues surfaced, the act was amended and rewritten. The act went through many amendments and incarnations including section G. Section G not only provided civil remedies in a criminal statute, but it also contained unprecedented language allowing private organizations to pursue abuses of this act in a civil action. This same section G has since been interpreted by the court to allow organizations to pursue their own employees for unauthorized access to company computers. These court decisions have resulted in creating a new tool for organizations to combat employee misuse of computing resources. This is particularly important now that courts are finding organizations liable for misdeeds of their employees that harm third parties. This presentation deals with how to use the Computer Fraud and Abuse Act effectively to enforce computer use policies and avoid liability to third parties.	15:30	17:30	Register
213 UPDATED!	Undertaking IPR BioTech Investigations in Emerging Markets, Case Studies from India Ashish Sonal - Salon H Emerging pharmaceutical manufacturing capacities in developing economies like China, Brazil and India are driving major changes in the global pharmaceutical markets. One aspect of this is the patent violations and the availability of low cost bulk drugs/APIs that are diverted into the manufacture of counterfeit drugs or smuggled into patent protected markets. Using India as a case study, the session would acquaint the audience with strategic approaches, technology tools and operational techniques for undertaking successful IPR investigations in the biotech sector in the emerging markets. The scope and coverage includes - a) Unraveling the complexity of the investigative environment of emerging markets, b) Technology tools and investigative procedures for intelligence generation, c) Use of smart internet search/monitoring technologies, assessment of data/information sources for undertaking market intelligence collection, sales channel surveillance, and (bulk) buyer profiling, d) Legal and operations planning framework for investigations in India, and e) Insights into financial, budgeting and ROI considerations for such investigations.	15:30	17:30	Register
214 UPDATED!	Unorthodox Countermeasures Against Email Scammers Eve Edelson - Baden B ‘419’ advance fee fraud rakes in hundreds of millions of dollars yearly. Nowadays it’s typically initiated by e-mail and culminates in a victim sending a money order in anticipation of some reward. While the e-mails often go out in bulk, an individual person is awaiting a response, and many pranksters write back purely out of mischief. Most are just trying to waste the scammers’ time; some go further and glean information (through various more or less technical means) about the scammers’ relationships and locations. The pranksters have been willing to share such data with law enforcement, although it’s not always clear how to proceed, or what kind of sharing is appropriate from a law enforcement perspective. This talk provides information on these unofficial resources.	15:30	17:30	Register

2008 ASIS-HTCIA Training Conference and Expo		Wednesday, 5/7/2008
Class ID	Event-Class/Instructor & Room	Start Time	End Time	Available
116	Breakfast - Oyster Point Eat Breakfast, a great opportunity to network and socialize.	08:00	08:30	All
117	EXPO - Salon E & F Vendor Exposition - Please stop in to see the vendors, discuss business opportunities or network with friends and other investigators.	08:30	10:30	All
300 UPDATED!	Threat Investigations Moshe P. Oberstein - Baden A The course topic is Threat Investigations Mitigation and Investigative Methods. Target audience is law enforcement officers or corporate security managers. The course will discuss the basics of threat investigation, a brief history, as well as a compilation of historical cases (Case Review).	08:30	10:30	Register
301 UPDATED!	Internet Safety Presentation for Professionals Constable Kathy Macdonald - Salon A & B Internet users face new challenges understanding the technology that their children use every day for educational and entertainment purposes. Law enforcement officers and physical and information security professionals are often tasked with offering smart tips to customers and victims about the risks they face online. This presentation speaks about online risks including desensitization, cyber bullying, cyber threats and identity crime. This presentation offers practical information with sensible and simple tips to reduce risks. Kathy incorporates real life stories from kids, teachers and parents that help to illustrate the importance of Internet education and awareness for everyone.	08:30	10:30	Register
302 UPDATED!	Computer Investigations and Occult / Satanic Abuse Winston Krone - Salon C & D Occult and Satanic Abuse cases have moved to the realm of the computer. This course is an introductory course regarding Computer Investigations and Occult or Satanic Abuse. Some of the topics to be covered include: Meaning of Occult/ Satanic Abuse; Does Occult/ Satanic Abuse Even Exist; Links to Other Crimes; Searching for Clues on a Computer; The Significance of Certain Dates in Computer / Online Activity; Alternate Identities; and On line, No One Knows You’re a Druid. At the end of this class, investigators will have a basic knowledge of Computer Investigations involving Occult or Satanic Abuse.	08:30	10:30	Register
303 UPDATED!	Introduction to EnCase Guidance Software - Salon H This class is an introduction to Guidance Software's EnCase, Computer Forensic and eDiscovery Software	08:30	10:30	Register
304 UPDATED!	Using Camera/Video for Surveillance Greg Young - Baden B This non-technical session will cover the do’s and don’ts of implementing video surveillance. Both law enforcement and corporate investigators with a video component in their cases will benefit from this class. Some of the topics include: Video Basics, Privacy Issues, Lighting and Environment, When to use Pan/Tilt/Zoom (PTZ) Cameras, Recording Options and New Technologies such as IP, Mega-Pixel and Analytics and what they mean to you.	08:30	10:30	Register
118	Break - EXPO Area	10:30	10:45	All
119	EXPO - Salon E & F Vendor Exposition - Please stop in to see the vendors, discuss business opportunities or network with friends and other investigators.	10:45	12:15	All
120	Lunch / Lunch Keynote: TBD - Oyster Point	12:15	13:15	All
121	EXPO - Salon E & F Vendor Exposition - Pleas stop in to see the vendors, discuss business opportunities or network with friends and other investigators.	13:15	15:15	All
305 UPDATED!	Studying Liars Part 1 Sergeant Paul Francois & Officer Enrique Garcia - Baden A How do you tell when someone is lying? If you have ever wondered how, this is the class for you. Participants will learn the basics of identifying typical deceptive behavior during interviews and how to accurately detect whether someone is lying about their involvement in a case or filing a false report. In this session participants will learn: Deceptive Body Language Indicators, Deceptive Verbal Indicators, Deceptive Emotional Indicators and Truthful verbal/non-verbal indicators (Part 1 of a 2 Part Class)	13:15	15:15	Register
306 UPDATED!	Internet Research for Law Enforcement and Corporate Investigators Cynthia Navarro - Salon A & B This lecture will introduce the basics of combining the investigative skills of a corporate or law enforcement investigator with the World Wide Web. Investigators will learn to use free tools from the Internet along with their investigative skills, to discover a wealth of information right at their fingertips. Attendees will be guided through the inner workings of various search engines and other services, such as zoominfo.com, google.com, myspace.com, ebay.com and more. We will also cover the fundamentals of search engine glossaries, lingo and math. Understanding the basics of using a search engine will enhance your search, boost your knowledge base and allow you to make sense of the almost unlimited information available on the web. Attendees/students will travel down the road of, “let’s get personal…,” viewing the world of myspace, blogs and how to post to your own myspace page. We will help dispel the myth that personal blogs are a “friends only” zone, and show the world of connecting individuals through their own friends and the vulnerability of children opening themselves up to that world. What better way to get to know a person. What better way than to use it as a tool for your investigation. There are other resources through paid services that will be touched on to show how you can augment your investigation with professional fee based databases used by investigators, process servers, recovery agents and bail bondsman. Several actual investigations will be discussed which were conducted by using the various skills demonstrated in this lecture and how this knowledge can assist in interviews and or interrogations. The final section will be a challenge match to see who can find the answer…	13:15	15:15	Register
307 UPDATED!	An Introduction to Network Forensics - Identifying Reconnaissance and Attacks on the Network Laura Chappell - Salon C & D Network forensics is the process of examining network traffic for evidence. In this presentation, Laura Chappell explains the signs that network reconnaissance is underway including OS fingerprinting, UDP/TCP/IP scans, dark MAC and dark IP scanning and more. Next, Laura examines the evidence that hosts have been compromised - unusual communication pairs, unusual protocols and applications, unusual traffic directions, and more. Finally, Laura takes you through several examples of compromised hosts and the suspect traffic to and from those hosts.	13:15	15:15	Register
308 UPDATED!	REACT Task Force: Identity Theft Update Mike Mattocks - Salon H Statistics have shown that approximately 9.3 million Americans will become a victim of identity theft each year, which works out to about one every four seconds. But, since we live in California, which is the ID Theft capital of the country, one in three will be a victim. Topics to be covered include: Why Identity Theft? Who is doing identity theft? How do “they” obtain our information? How easy is it for the thief to steal our identity? How do we prevent becoming a victim of identity theft? What precautions should we take? What do we do if we do become the victim of an identity theft? To obtain the answers to these very important questions and to learn more about the fastest growing crime in the country, members of the REACT Task Force will be putting on a presentation on Identity Theft that will not only provide the attendees with answers and thought provoking suggestions, but it will also enhance the knowledge of the private citizen as well as the Law Enforcement Officer. Ample time will be taken for questions and answers. Please note that this presentation is designed for all personnel including, corporate investigators and it is a good introductory class / presentation for sworn law enforcement personnel on the issues and information related to identity theft investigations.	13:15	15:15	Register
309 UPDATED!	IP Video Systems Greg Young - Baden B This session will cover how IP Video systems work and how they are deployed. With the increasing use of surveillance systems, IP cameras document activity which may be the only evidence in an investigation. Some of the topics include: IP Video Technology, Video Compression Techniques, Composite vs. IP Video, Mega-Pixel Technologies, when to use IP and Hybrid Video Systems.	13:15	15:15	Register
122	Break - EXPO Area	15:15	15:30	All
123	EXPO - Salon E & F Vendor Exposition - Please stop in to see the vendors, discuss business opportunities or network with friends and other investigators.	15:30	17:30	All
310 UPDATED!	Studying Liars Part 2 Sergeant Paul Francois & Officer Enrique Garcia - Baden A Continuation of Class 305 - 4 Hr Course * Register for Class 305	15:30	17:30	See 305
311 UPDATED!	Israeli Security Techniques Greg Schneider - Salon A & B Just saying the words, “Israeli Security”, or “Israeli Military” or “Israeli Intelligence” conjures up feelings of awe, respect, and appreciation in the minds of security professionals the world over. This presentation will uncover the genesis (no pun intended) of the Israeli model of terrorism prevention from the establishment of the country until the present day. Case studies will be examined of how Israel was able to achieve its reputation as a security conscious country. The presentation will also focus on how Israel educates its civilians in security awareness and how the country mobilizes during large scale emergencies. The attendee will be educated as to how Israel trains protective services, incorporates technology and design, and security procedures in efforts to deter and counter terrorism. The lecture will culminate into how best Israeli Security Techniques can be applied to US homeland security efforts.	15:30	17:30	Register
312 UPDATED!	Complementary Tools - Honeypots, Keyloggers, Wired and Wireless Traffic Capture, Traceback / Reconnaissance Software, etc. Laura Chappell - Salon C & D There are numerous open source and commercial tools available for decoy / deception, interception and traceback. In this session, Laura Chappell introduces and demonstrates many of these tools and provides a list of related tools that you will definitely want to check out.	15:30	17:30	Register
313 UPDATED!	Hacker Techniques and Incident Handling Visveswaran "CRV" Chidambaram - Salon H What are some of the techniques used by hackers to attack your systems and how do you handle an incident involving an intrusion? This presentation presents the step-by-step approach used by many computer attackers; the latest computer attack vectors and how you can stop them; Proactive and reactive defenses for each stage of a computer attack; demos of scanning for, exploiting, and defending systems; strategies and tools for detecting each type of attack; attacks and defenses for Windows, Unix, switches, routers and other systems; application-level vulnerabilities, attacks, and defenses; developing an incident handling process and preparing a team for battle; Legal issues in incident handling; and, recovering from computer attacks and restoring systems for business	15:30	17:30	Register
314 UPDATED!	Security Convergence: Emerging Technologies and Architectures James Connor - Baden B CSO and security practitioners both physical and logical are seeing a revolution in the types of technologies that are now deploying within the traditional network infrastructures. They may be even more shocked to learn what is currently residing on their networks within the security closets and electrical rooms of their enterprise. As the CSO begins to sort out the transformation of the physical security system landscape, many questions will keep them up night. What impact will these devices have on security, availability, compliance, and storage? What new and interesting things can be done with this data, which will be assimilated to address multiple activities that culminate into a singular security event. The following questions will be addressed: What impact could this have on existing budgets? What is the architecture of these emerging products? What new capabilities will these products offer to correlate physical and logical breaches in security?	15:30	17:30	Register
124	Reception - Snacks and Drinks - Oyster Point Join us for great company, drinks and snacks!	17:30	19:30	All

2008 ASIS-HTCIA Training Conference and Expo		Thursday, 5/8/2008
Class ID	Event-Class/Instructor & Room	Start Time	End Time	Available
125	Breakfast - Oyster Point Eat Breakfast, a great opportunity to network and socialize.	07:30	08:00	All
400 UPDATED!	Investigations in India, Taiwan & China, Challenges and Successes Camilla (Cammie) Herron - Baden A Investigations have become global and trans-national, crossing borders often involving targets in more than one country at a time. Having worked on-the-ground investigations throughout the Asia Pacific region for over 4 years, she learned many lessons from how to begin investigations, developing them and moving them forward working with local law enforcement/government agencies in various countries. She has participated in successful investigations in India, China and Taiwan, countries where many global companies are having challenges, she will discuss how the cases were started, what challenges had to be overcome and what ultimately worked, leading to successful law enforcement actions and prosecutions. Cultural issues, which are also very important in being successful in Asia, will also be discussed and explained in context.	08:00	10:00	Register
401 UPDATED!	Macintosh Forensics Part 1 Ben Charnota - Salon A & B This is an introductory class to MacIntosh Forensics using hardware and software developed by Blackbag Tech. It is suitable for both law enforcement and industry investigators involved in forensics. (Part 1 of a 2 Part Class)	08:00	10:00	Register
402 UPDATED!	Corporate IT - Attack Countermeasures Richard DeBruyne - Salon C & D To speak about modern day Attack Countermeasures we need to align our thinking with the expectations of the new corporate world. In our increasingly controlled and transparent "IT World", with personal accountability in the board room, we can no longer pretend that things are all working correctly if they are not. To any company an attack that leads to a loss event or a breach can be seriously damaging. Today companies cannot sweep these loss events under the rug but rather are increasingly expected to manage technology threats and to not only detect the event, but to prevent it, and to react in a way that is consistent with the law, industry best practice, and in the benefit of the financial stakeholders of the company. This presentation will examine what some of the largest corporations are doing today to implement a comprehensive system of Corporate IT Countermeasures. Along with an explanation of their motivations to support an IT countermeasures program we will examine some of the most common technologies to expose their threats and the corresponding preventative, detective, and reactive countermeasures.	08:00	10:00	Register
403 UPDATED!	Stalk This! How to asses a threat, manage a case and empower the victim to deal with a Stalker in the workplace Kathleen Baty - Salon E TBS	08:00	10:00	Register
404 UPDATED!	Establishing and eDiscovery Program Michael Deyo - Baden B Discovery of electronically stored information requires attorneys to lead a multi-faceted approach with responsibility spanning across outside counsel firms, inside counsel, senior management, Information Technology (IT) and Telecommunications departments, application owners, data custodians, and electronic discovery (eDiscovery) vendors. Investigators must understand both the legal and practical issued invoked by eDiscovery in order to best support counsel’s need to discover and produce electronic evidence during litigation. Moreover, inside counsel, IT, and internal investigators will need to understand the interplay of eDiscovery and proactive records management in order to craft policies and business processes to control the risks and costs of litigation and eDiscovery. This session will brief recent developments in eDiscovery law and provide a foundation of knowledge that will aid corporations and government agencies in establishing an internal eDiscovery program.	08:00	10:00	Register
126	Break - Oyster Point	10:00	10:15	All
405 UPDATED!	Hacker Techniques and Incident Handling Visveswaran "CRV" Chidambaram - Baden A What are some of the techniques used by hackers to attack your systems and how do you handle an incident involving an intrusion? This presentation presents the step-by-step approach used by many computer attackers; the latest computer attack vectors and how you can stop them; Proactive and reactive defenses for each stage of a computer attack; demos of scanning for, exploiting, and defending systems; strategies and tools for detecting each type of attack; attacks and defenses for Windows, Unix, switches, routers and other systems; application-level vulnerabilities, attacks, and defenses; developing an incident handling process and preparing a team for battle; Legal issues in incident handling; and, recovering from computer attacks and restoring systems for business	10:15	12:15	Register
406 UPDATED!	Macintosh Forensics Part 2 Ben Charnota - Salon A & B Continuation of Class 401 - 4 Hr Course * Register for Class 401	10:15	12:15	See 401
407 UPDATED!	eBay and PayPal Investigations - Working with Law Enforcement and Industry Mike Rou - Salon C & D The session will provide a basic overview of what eBay and PayPal are and exactly how both platforms operate, and the different ways their products are commonly used by consumers. They will discuss their data retention and disclosure policies in detail; provide examples of the different types of data/evidence that can be useful in a criminal investigation along with their investigative capabilities. They will l also share the basic fraud types that can impact their industry, and provide insight into current emerging frauds they are witnessing.	10:15	12:15	Register
408 UPDATED!	The Jihadist Threat in America Majid Hassan - Salon E The threat of having terrorist cells inside the United States is very real due to the multicultural and religious diversity of the nation. Knowing the forces behind the jihadist, their use of technology, and the threat they pose to United States, allows us to counter this treat. Learn how to understand the thinking of the Islamic Jihadist, and how to counter the threat within your agencies, organizations, and communities.	10:15	12:15	Register
409 UPDATED!	Unorthodox Countermeasures Against Email Scammers Eve Edelson - Baden B ‘419’ advance fee fraud rakes in hundreds of millions of dollars yearly. Nowadays it’s typically initiated by e-mail and culminates in a victim sending a money order in anticipation of some reward. While the e-mails often go out in bulk, an individual person is awaiting a response, and many pranksters write back purely out of mischief. Most are just trying to waste the scammers’ time; some go further and glean information (through various more or less technical means) about the scammers’ relationships and locations. The pranksters have been willing to share such data with law enforcement, although it’s not always clear how to proceed, or what kind of sharing is appropriate from a law enforcement perspective. This talk provides information on these unofficial resources.	10:15	12:15	Register
127	Lunch - Oyster Point Enjoy a great lunch with good company. Mingle and introduce yourselves.	12:15	01:15	All
410 UPDATED!	Bridging the Gap Between Computer Forensics and Electronic Discovery Julie Lewis - Baden A This presentation will explain the differences between computer forensics and electronic discovery and address the explosive growth rate of data and emerging trends for dealing with this issue. A demo will be provided of FileQuest, a next-generation Web-based electronic discovery platform for managing filtering, review and production of large volumes of data over geographically distributed environments.	13:15	15:15	Register
411 UPDATED!	Internet Research for Law Enforcement and Corporate Investigators Cynthia Navarro - Salon A & B This lecture will introduce the basics of combining the investigative skills of a corporate or law enforcement investigator with the World Wide Web. Investigators will learn to use free tools from the Internet along with their investigative skills, to discover a wealth of information right at their fingertips. Attendees will be guided through the inner workings of various search engines and other services, such as zoominfo.com, google.com, myspace.com, ebay.com and more. We will also cover the fundamentals of search engine glossaries, lingo and math. Understanding the basics of using a search engine will enhance your search, boost your knowledge base and allow you to make sense of the almost unlimited information available on the web. Attendees/students will travel down the road of, “let’s get personal…,” viewing the world of myspace, blogs and how to post to your own myspace page. We will help dispel the myth that personal blogs are a “friends only” zone, and show the world of connecting individuals through their own friends and the vulnerability of children opening themselves up to that world. What better way to get to know a person. What better way than to use it as a tool for your investigation. There are other resources through paid services that will be touched on to show how you can augment your investigation with professional fee based databases used by investigators, process servers, recovery agents and bail bondsman. Several actual investigations will be discussed which were conducted by using the various skills demonstrated in this lecture and how this knowledge can assist in interviews and or interrogations. The final section will be a challenge match to see who can find the answer…	13:15	15:15	Register
412 UPDATED!	Data Breaches and Thefts - Are You Prepared? Thomas Quilty - Salon C & D If you are a corporate investigator, does your company have a plan for a Data Breach or Theft? If you are a member of Law Enforcement, do you know what to expect if called to the scene of a Data Breach or Theft? What is “Safe Harbor?” These and other questions will be answered with the goal of helping you to be prepared for when a Data Breach or Theft occurs. The steps you take now, before a breach or theft, can mean the difference between your corporation being viewed negatively for not having a plan or in a positive light for taking all necessary steps before, during and after the breach or theft.	13:15	15:15	Register
413 UPDATED!	Enterprise Investigation Management Becky Bace - Baden B Optimized investigation management throughout the enterprise is proving to be a critical means of controlling risk. This risk is commonly seen as exposed brand reputation, corporate civil and criminal litigation, and even fines for failure to meet regulatory mandates. While all investigations are different, this presentation will show a common 'lifecycle' across all investigations.	13:15	15:15	Register
128	Break - Oyster Point	15:15	15:30	All
414 UPDATED!	Corporate IT - Attack Countermeasures Richard DeBruyne - Baden A To speak about modern day Attack Countermeasures we need to align our thinking with the expectations of the new corporate world. In our increasingly controlled and transparent "IT World", with personal accountability in the board room, we can no longer pretend that things are all working correctly if they are not. To any company an attack that leads to a loss event or a breach can be seriously damaging. Today companies cannot sweep these loss events under the rug but rather are increasingly expected to manage technology threats and to not only detect the event, but to prevent it, and to react in a way that is consistent with the law, industry best practice, and in the benefit of the financial stakeholders of the company. This presentation will examine what some of the largest corporations are doing today to implement a comprehensive system of Corporate IT Countermeasures. Along with an explanation of their motivations to support an IT countermeasures program we will examine some of the most common technologies to expose their threats and the corresponding preventative, detective, and reactive countermeasures.	15:30	17:30	Register
415 UPDATED!	Demystifying DNS Allan Hurst - Salon A & B What is DNS and why is it important to law enforcement and private industry investigators? Every network user and administrator uses Domain Name Services (DNS), but nobody ever seems fully comfortable with it. DNS is a basic building block of every modern network. Everything end users do – from web surfing to email – is made possible through DNS. This is a beginner level session which presents the basics of DNS, including a demonstration of helpful tools for troubleshooting DNS and why DNS is important to the law enforcement and industry investigator.	15:30	17:30	Register
416 UPDATED!	Internet Safety Presentation for Professionals Constable Kathy Macdonald - Salon C & D This is a four hour introductory class and demonstration of AccessData’s Forensic Tool Kit 2.0. It is suitable for both law enforcement and industry investigators involved in computer forensics and investigators who may have to review information obtained through a forensic examination of a digital media.	15:30	17:30	Register
417 UPDATED!	Israeli Security Techniques Greg Schneider - Baden B Just saying the words, “Israeli Security”, or “Israeli Military” or “Israeli Intelligence” conjures up feelings of awe, respect, and appreciation in the minds of security professionals the world over. This presentation will uncover the genesis (no pun intended) of the Israeli model of terrorism prevention from the establishment of the country until the present day. Case studies will be examined of how Israel was able to achieve its reputation as a security conscious country. The presentation will also focus on how Israel educates its civilians in security awareness and how the country mobilizes during large scale emergencies. The attendee will be educated as to how Israel trains protective services, incorporates technology and design, and security procedures in efforts to deter