2015 Agenda

Agendas are available for past years including: 20132014, 2015, and 2016.

SPEAKERS: Topics, Descriptions, and Biographies

CTIN15 speakers:


AMELIA PHILLIPS

TOPIC and DESCRIPTION

FIRST PRESENTATION
Social Media Forensics       (second session)

Posting on walls, tweets, blogs, hangouts and more. So much of people’s personal and professional lives are conducted in social media that it now plays a critical role in digital forensics. Come and explore the new tools that can be used for social media forensics. Learn what you can obtain using the tools and when you need a warrant. The challenge for all investigators are the conglomeration of evidence types and the non-consistent manner in which the data is stored.

SECOND PRESENTATION
Writing Technical Textbooks

Writing a textbook for the digital forensics field presents unique challenges. The software always lags behind the latest operating system releases, creation of new drive images, hardware and software costs add to the research that must take place. Come and listen to a candid conversation about writing for the industry.

BIOGRAPHY

Dr. Amelia Phillips is a graduate of the Massachusetts Institute of Technology with a BS in Astronautical Engineering and a BS in Archaeology. She recently earned her doctorate in Computer Security at the University of Alaska Fairbanks as an interdisciplinary degree.

After working as an engineer at the Jet Propulsion Laboratory and TRW, Amelia worked with e-commerce sites and began her training in digital forensics and investigations during the dot-com boom. She has designed certificate and AAS programs for community colleges in e-commerce, network security, digital forensics and data recovery. Amelia co-authored the textbook Guide to Computer Forensics and Investigations now in its fourth edition. This year the first edition of her next textbook E-Discovery – An Introduction to Digital Evidence was published. Amelia is program lead for the Network Security and Data Recovery/Digital Forensics for Highline Community College in Seattle. She was also the lead for Highline’s first Bachelor of Applied Science degree in Cybersecurity and Forensics which goes online in the Fall of 2014. Amelia is the Regional Director of the Pacific Rim Collegiate Cyber Defense Competition (PRCCDC) which Highline has hosted since 2010. The 7th annual event with be this March at Highline.

Amelia also is active in working with developing nations in e-learning, retention, network security, digital forensics and entrepreneurship. She is currently tenured at Highline Community College in Seattle, WA and is serving as the Chair of the Pure & Applied Science Division. Amelia was a visiting Fulbright Scholar at the Polytechnic of Namibia in 2005 and 2006.


BILL LONG

TOPIC and DESCRIPTION

E-Discovery Basics

A step-by-step overview of how it’s done. From the first indication that litigation may ensue, then building a plan and executing the plan through to data production.

BIOGRAPHY

Mr. Long is owner and a Principal of Integrid, specializing in matters involving digital information, electronic discovery and digital forensics. Mr. Long has over thirty-eight years of experience in technology as well as many phases of business activity. In addition to his technology background, Mr. Long has experience in management (including service as CEO) as well as marketing, accounting, and finance. He is a Digital Forensic Certified Practitioner, Certified Computer Examiner, Certified Fraud Examiner and has the Data Recovery Expert Certification. Mr. Long has served as a court-appointed independent computer expert and has testified as a digital forensic expert.


BRANDON LEATHA and JONATHAN KARCHMER

TOPIC and DESCRIPTION

IP Theft Investigation       (second session)

A detailed look at the tools and techniques used to extract and analyze forensic artifacts from computers, mobile devices, cloud services and other sources of ESI in support of IP theft investigations.

BIOGRAPHY

Mr. Brandon Leatha is a Director at iDiscovery Solutions (iDS), an award-winning e-Discovery, expert testimony, and digital forensics firm headquartered in Washington, DC. Based out of Seattle, Washington, Mr. Leatha is an expert in e-Discovery, data analytics, and computer forensics. With over 13 years of consulting experience in the litigation support industry, Mr. Leatha advises clients throughout the e-Discovery lifecycle, providing guidance on data preservation, evidence collection, data reduction strategies, review methodology, and document production. He has extensive experience performing computer forensic investigations, structured data analytics, and assisting clients in the effective utilization of technology assisted review (TAR).

Mr. Leatha has been a corporate 30(b)(6) witness, a court-appointed neutral computer forensics examiner, and has testified on numerous electronic discovery and computer forensics issues. He has been an active member of the Sedona Conference Working Group on Electronic Document Retention and Production (WG1) since 2005, and he is an active member of the Computer Technology Investigators Network (CTIN). Mr. Leatha has provided training on electronic discovery and computer forensics for seminars, CLE courses, and industry training events. Prior to joining iDS, Mr. Leatha was the founder and owner of Leatha Consulting LLC and the Director of ESI Consulting and Data Analysis at Electronic Evidence Discovery (EED).

—-

Mr. Jonathan Karchmer is a Senior Manager in the Costa Mesa office of iDiscovery Solutions, Inc. (iDS). Mr. Karchmer has over fourteen years of experience in managing projects dealing with computer forensic examinations, ESI collection/processing, hosting, as well as document review and production. He has advised counsel in engagements regarding intellectual property and trade secret theft, contractual disputes, electronic document production, FTC second requests, due diligence investigations, embezzlement, harassment, illegal surveillance, network attack/incident handling, and network security auditing. Mr. Karchmer has also offered sworn testimony in state and federal courts. Prior to joining iDS, he was a Senior Managing Consultant in the Electronic Discovery Practice at LECG, and a Computer Forensic Analyst for both Spinelli Corporation and Mack/Barclay Inc.


BRETT SHAVERS

TOPIC and DESCRIPTION

Hiding Behind the Keyboard       (second session)

This discussion into the methods used in covert communications and techniques to uncover and analyze electronic communications will give you insight into different avenues of analysis and investigation of hidden communications. This presentation is based on an upcoming Syngress book to be published late 2015 by Brett Shavers.

BIOGRAPHY

Brett is a digital forensics examiner and author of two books (Placing the Suspect Behind the Keyboard and X-Ways Forensics Practitioner’s Guide). Brett’s forensic experience spans a law enforcement career in investigating cybercrime to the private sector as an expert consultant in civil litigation. He has over 1,000 hours of formal digital forensics training from many US federal agencies and forensic software companies. Brett is also a frequent speaker across North America in conferences and provides private consultation to government agencies in high tech analysis and covert acquisition methods.


COLIN CREE

TOPIC and DESCRIPTION

Investigating USB Storage on Windows 8       (second session)

USB storage drives continue to be used to compromise data in the corporate network. This session will provide guidance on how to investigate the use of a USB drive on a Windows 8 computer.

BIOGRAPHY

Colin Cree is a Director of a Vancouver based company, EFS e-Forensic Services Inc., a computer forensic and e-discovery services provider that also provides training and sells related software and hardware. His background includes serving in the RCMP for 25 years. While serving in the RCMP Colin spent 8 years investigating commercial crime and 5 years in the Tech Crime unit. Colin has been involved in computer forensics since 1997. His expertise includes commercial crime investigations, computer crime investigations and analysis, providing expert witness testimony and ensuring the highest teaching and professional practice standards are maintained throughout the courses and investigations for which he is responsible.


CRAIG BALL

TOPIC and DESCRIPTION

Spoiled and Deluded: The Shakespearean Tragedy that is Search in E-Discovery

Keyword search is the gold standard in electronic discovery, but how well does it work? You may be surprised. This program will open your eyes to what you’re missing and reveal the secret pitfalls of electronic search. You’ll also learn tips you can apply now to significantly improve the quality of search and lower the cost of e-discovery.

BIOGRAPHY

Craig Ball of Austin is a trial lawyer, computer forensic examiner, law professor and noted authority on electronic evidence. He limits his practice to serving as a court-appointed special master and consultant in computer forensics and electronic discovery and has served as the Special Master or testifying expert in computer forensics and electronic discovery in some of the most challenging and celebrated cases in the U.S. A founder of the Georgetown University Law Center E-Discovery Training Academy, Craig serves on the Academy’s faculty and teaches Electronic Discovery and Digital Evidence at the University of Texas School of Law. For nine years, Craig penned the award-winning Ball in Your Court column on electronic discovery for American Lawyer Media and now writes for several national news outlets. For his articles on electronic discovery and computer forensics, please visit www.craigball.com or his blog, www.ballinyourcourt.com.


DAVID MATTHEWS

TOPIC and DESCRIPTION

FIRST PRESENTATION
Latest Issues Surrounding eDiscovery

SECOND PRESENTATION
Level the CyberSecurity Playing Field

Learn why and how to share information, ides and resources to level the cyber security playing field.

BIOGRAPHY

David Matthews is the former Director of Incident Response for Expedia, Inc. He has facilitated three regional cyber event exercises. He is also the founder of the Cyber Incident Response Coalition and Analysis Sharing group.

Besides the CISSP & CISM he is a Digital Recovery Forensics Specialist (DRFS), and CyberSecurity Forensic Analyst (CSFA). He is the author of “Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval”, published in the summer of 2012. David was the recipient of the 2012 Information Security Executive of the Decade – West award.


DAVID STENHOUSE

TOPIC and DESCRIPTION

Making Your Job Better and Easier       (second session)

The computer forensics and eDiscovery industry is full of variables that make our daily tasks and career more difficult than ever before. Based on 17 years experience working for a federal agency and the private sector, David Stenhouse will share his insights on how to not only survive in this industry but make the career an enjoyable endeavor no matter your current position.

BIOGRAPHY

David Stenhouse is the President of DS Forensics, Inc. Since 1998, Mr. Stenhouse has provided electronic discovery and computer forensics expertise to Federal Law Enforcement and the legal industry. Mr. Stenhouse is himself a forensic examiner, and has performed hundreds of forensic examinations on multiple types of hardware and operating systems, in criminal cases and civil litigation. He has acted as a neutral expert in numerous cases appointed by the court to create electronic discovery plans, capture and analyze electronic data, provide conclusions in regards to such electronic data, as has been hired to act as a special advisor to the court, providing assistance in the understanding of technical concepts. He has testified in State and Federal court in numerous criminal and civil cases, and has testified in Federal court as an expert witness in computer-generated evidence. Mr. Stenhouse is a former Special Agent in the United States Secret Service and a Trooper in the Washington State Patrol.


ERIC ZIMMERMAN

TOPIC and DESCRIPTION

Plumbing the Depths: Shellbags

Learn about the most common ShellBag types including timestamps, usernames, changing program associations, file system info, user searches, accessing network resources and so on. This discussion will start at the hex level and culminate with examples of ShellBags Explorer to streamline the review of ShellBags data.

BIOGRAPHY

Eric Zimmerman is an FBI special agent assigned to the Cyber crimes squad of the Salt Lake City FBI field office where he has been investigating child pornography and computer intrusions since 2007. He is a member of the Utah ICAC and has provided training and assistance to dozens of local, state, federal and international law enforcement agencies. Eric has a degree in computer science and has developed several computer programs to aid in the investigation and prosecution of child exploitation matters.


GORDON MITCHELL

TOPIC and DESCRIPTION

Incident Handling       (second session)

There is always tension when the server is down – should it be patched or will it be best to preserve the evidence? What can be done before the attack? Is it really true that there is an intrude inside my network? This talk will be illustrated with examples from real incidents.

BIOGRAPHY

Gordon has been around CTIN from the early days. He runs Future Focus, a company that does engineering design, debugging and computer forensics. Gordon’s background includes interesting jobs: flying for the US Navy a few wars back, work in big companies, and startups. He has the usual initials after his name; PhD, CPP, CISSP, CPS, GSEC, GCIH, GPen…


JOHN BAIR

TOPIC and DESCRIPTION

FIRST PRESENTATION
Mobile Device Forensics – Part 1       (second session)

Case studies involving two homicide and one robbery investigation involving key cell phone data and problems encountered with acquiring and parsing the data.

SECOND PRESENTATION
Mobile Device Forensics – Part 2       (second session)

Learn how to combine texts, stored images and CDR data in a manner that will be understood by the jury.

BIOGRAPHY

John Bair is currently employed as a detective with the Tacoma Police Department. He has been commissioned as a law enforcement officer since May 1989. While working in the homicide unit and exposed to gang violence, he discovered the demand to focus on evidence stored on mobile devices.

In 2006 John created the current forensic lab that focuses on mobile evidence related to violent crimes in the city of Tacoma. His case experience shortly thereafter gained the attention of Mobile Forensics Incorporated (MFI). MFI hired John as a contract instructor. MFI soon merged with AccessData to become their only training vendor for their mobile forensics core. This relationship fosters direct contact with engineers who assist in criminal cases which need anomalies and exploits addressed within their forensic products.

July 2013 he was also hired by Fox Valley Technical College to assist in part time training for the Department Of Justice – Amber Alert Program. His expertize with mobile forensics is being utilized to structure a digital evidence module for investigators responding to scenes where children had been abducted. The program promotes how to prevent mobile evidence contamination and how to triage live devices under exigent circumstances.

Within Pierce County, he began a mobile forensics training program for Superior Court Prosecutors and Judicial Officers which is currently in its third year. The program stresses the proper search warrant language, validation of evidence and how to present this dynamic content in court.

In December 2013, Detective Bair gave a presentation to the University Of Washington’s Institute of Technology which provided an outline to merge digital solutions between the Tacoma Police Department and UWT. The relationship will focus on building a digital forensic lab that will be modeled after the Marshall University Forensic Science Center in West Virginia. The lab proposal also includes the ability to conduct “chip-off” forensics which will be a one of kind facility on the west coast.

Based upon the proposal to create a combined lab, John began part time lecturing at UWT in April 2014. The course covered legal concepts, logical, physical searching methods and manual “carving”. UWT requested the program to continue – allowing additional time to expand the same concepts into three progressive levels. Presently, UWT and Tacoma are currently working collectively to create an advanced lab and are seeking funding opportunities that will further develop the mobile forensics curriculum.

John’s certifications include Mobile Forensics Certified Examiner (MFCE), Cellebrite Certified Physical Analyst (CCPA), AccessData Mobile Examiner (AME), Cellebrite Certified Task Instructor (CCTI), AccessData Certified Examiner (ACE), as well as specialized mobile repair and JTAG forensics courses.


KEVIN RIPA

TOPIC and DESCRIPTION

Raw Data Carving       (second session)

You have used all of the utilities in EnCase, FTK and X-Ways and think you have found everything but guess again. Learn how to manually carve data and make it useful.

BIOGRAPHY

Kevin J. Ripa, is a former member, in various capacities, of the Department of National Defence serving in both foreign and domestic postings. He is now providing superior service to various levels of law enforcement and Fortune 500 companies, and has assisted in many sensitive investigations around the world. Mr. Ripa is a respected and sought after individual within the investigative industry for his expertise in Information Technology Investigations, and has been called upon to testify as an expert witness on numerous occasions. He has been involved in many complex cyber-forensics investigations. Mr. Ripa can be contacted via email at kevin@computerpi.com.


NATE BAILEY

TOPIC and DESCRIPTION

Ethics and the Computer Examiner

Do digital analysts have an ethical obligation to identify all of the relevant artifacts or only those their clients want to use? Learn how to effectively manage your client’s expectations and protect your reputation at the same time.

BIOGRAPHY

Nate Bailey has a BS in physics from UW and graduated magna cum laude from Indiana University Maurer School of Law. He has also served on the Federal Communications Law Journal and was elected to the Order of the Coif. He is an associate with Sebris Busto James in Bellevue where he represents both private and public employers in a full range of employment law matters, including wage and hour issues and discrimination claims. Nate has worked on several cases where computer forensics were a critical component of the case, including one last year that culminated in a three week trial.


PANEL

TOPIC and DESCRIPTION

eDiscovery Favorite Tools

Join a panel of your fellow analysts and examiners to learn about their favorite tools for managing and reviewing electronic data.

Digital Forensics Favorite Tools

Join a panel of your fellow analysts and examiners to learn about their favorite tools to collect and analyze digital media.


RON GODFREY and BILL NELSON and AMELIA PHILLIPS

TOPIC and DESCRIPTION

Writing Technical Textbooks

Writing a textbook for the digital forensics field presents unique challenges. The software always lags behind the latest operating system releases, creation of new drive images, hardware and software costs add to the research that must take place. Come and listen to a candid conversation about writing for the industry.

BIOGRAPHY

Ron Godfrey is a Marine Corps veteran who served with the Military Police in Yuma, Arizona. Prior to joining IT Forensics, Inc. Mr. Godfrey was employed by a Fortune 50 company as a computer forensic examiner. In his eight years of computing forensics experience, Mr. Godfrey has supported numerous corporate investigations by conducting forensic examinations for organizations tasked with enforcing policies and laws. Cases include the successful forensic examination of a high profile laptop theft and the use of computer forensics for the first time in a Malaysia Industrial Court case. His work on a corporate eDiscovery class action lawsuit filed in the Federal courts has been noted in national law journals, and has the potential to be used as a standard process for eDiscovery cases involving large corporate systems. Mr. Godfrey’s work has been reviewed and validated by third party forensic specialists.

As an employee of a National Aeronautics and Space Administration (NASA) and U.S. Government contractor, Mr. Godfrey was responsible for administering computer security procedures and ensuring compliance with government and company requirements for computing systems operating in heterogeneous environments. Mr. Godfrey was recognized for his computing support of the STS-107 Challenger shuttle disaster.

Mr. Godfrey is a member and former secretary of the Computer Technology Investigators Network (www.ctin.org), and is a Data Recovery/Computer Forensics instructor at Highline Community College. He is a co-author of “E-Discovery: An Introduction to Digital Evidence, 1st Edition.” Mr. Godfrey holds a Computer Forensic Examiner Certificate from Highline Community College, and has extensive training and numerous certificates in Microsoft Certified Systems Engineer networking, Department of Defense computer security, and vendor forensic and computer courses.
—-

Mr. Nelson is president of IT Forensics, Inc. and a founding shareholder. Previously, Mr. Nelson was employed by two Fortune 50 Companies.

He was an Automated Fingerprint Identification System software (AFIS) engineer for six years. In addition to AFIS software engineering he was project manager for new AFIS installations. He has served as a Reserve Police officer and civil investigator for a school district.

Mr. Nelson has an Associate of Arts Media Technician degree from Bellevue Community College, Bellevue, WA, and a Bachelor of Science Data Processing degree from Griffin College, Seattle, WA. He has provided training through Computer Technology Investigations Network and is a co-author of “Guide to Computer Forensics and Investigations”.

He is a former president, of Computer Technology Investigators Network (CTIN) and a member of Computer Related Information Management and Education (CRIME). He is formerly an adjunct faculty member with City University involved in the development of a series of degree programs supporting high technology security. He is currently an instructor with the University of Washington Digital Forensics Certificate Program.


STEVE BELTZ

TOPIC and DESCRIPTION

FIRST PRESENTATION
Life After the Washington State Patrol

Steve will discuss how his original program with the U.S. Dept. of State grew from 3 to 30 people and then his involvement with DEA, FBI, ICE and DoD culminating in his appointment as Assistant Director for the Recovery Accountability and Transparency Board managing the Recovery Operation Center which specialized in “big data” analysis.

SECOND PRESENTATION
Even Geeks Can Speak

Learn how to prepare, design and deliver professional presentations using a visual and “story board” technique that will both educate and entertain your audience.

THIRD PRESENTATION
Graphic Analysis of Structured and Unstructured Data

Learn how big data analysis labs mine data to uncover relationships, trends and hidden themes. See how this information is translated into detailed reports with interactive link charts and timelines providing valuable intelligence leads for investigators.

BIOGRAPHY

Steve Beltz has been in law enforcement directly or in support operations for over 28 years and is currently Assistant Director of the Federal, Recovery Operation Center in Washington DC. Steve manages a highly specialized technical workforce involved in financial analysis of fraud against the federal government. In the past he has also managed federal contracts that include network security, computer forensic and e-discovery operations located at the U.S. DoS, DEA, FBI, ICE and DOD. Steve had been employed by the Washington State Patrol for 16+ years where he spent most of his career as a detective specializing in major crime scene investigations, computer forensics and criminal intelligence. He has been teaching and giving presentations for over 30+ years to include several Washington State area universities, the Washington State Patrol and other county, city and federal agencies.


TERRY LAHMAN

TOPIC and DESCRIPTION

Linux and Open Source Tools Demo       (second session)

Linux and Open Source digital forensic tools are an incredible value – FREE! Linux is a reliable and stable platform to conduct examinations, host virtual machines and with may distros it isn’t just a single OS. See a live demo of what can be accomplished with Linux and Open Source.

BIOGRAPHY

Terry Lahman, Chief Digital Forensics Analyst at eForensicsPro, specializes in computers, tablets, GPS devices, and cell phones. He has over 35 years experience in the fields of computers and electronics, including 17 years at Microsoft. His software development background spans both Microsoft Windows and Apple iOS platforms, including developing software tests for the NTFS file system and Windows NT memory manager. His extensive knowledge of Windows and his expertise in software testing bring a valued skill to the digital forensics field.


TROY LARSON

TOPIC and DESCRIPTION

Code Signing

What is code signing and how can you use it? Learn how to use code signing to build hash sets and find malware.

BIOGRAPHY

Troy has been a senior forensics investigator with Microsoft for over 11 years and is also an attorney. He has provided numerous talks on computer forensics and the changes that can be found in the latest Microsoft operating systems.


CTIN Conference Agendas for years: 2013 | 2014 | 2015 | 2016

Comments are closed.