CyberSocialCon 2024 Agenda

Tuesday, December 10

10AM ET

Welcome & Introduction

Kevin DeLong, Founder, Cyber Social Hub

Welcome to this year's conference!

10:30AM ET

Rich Communication Services - How Can You Tell?

Adam Firman, Tech Evangelist, MSAB

Short Message Service (SMS) has long been the cornerstone of mobile messaging, allowing users to send short text messages over cellular networks. With the advent of smartphones and the demand for richer communication experiences, Rich Communication Services (RCS) has emerged as a successor to SMS, promising a more interactive and dynamic messaging platform. There are 421 million Global Monthly Active Android users and 1.2 billion Android Ready Devices using or capable of using RCS. However, now iOS and Android can communicate via this method, what challenges does this pose for forensic examiners?!

11:30AM ET

Tech Abuse Investigations

Joe Seanor, Investigator, Cyber Private Investigations

Domestic abuse has found a new battleground: technology. Abusers are exploiting every device imaginable, turning everyday technology into a weapon. In this presentation, I'll expose how cameras, cell phones, cars, and more are being used to control and abuse victims, making it harder than ever to escape and find safety.

12:30PM ET

Sponsor Spotlight - Belkasoft

Elena Chertova, Belkasoft Knowledge Team

1PM ET

An employee stole millions of dollars worth of company data... or did they...

Matt Danner, Owner & Founder, Monolith Forensics

Matt Danner, owner of Monolith Forensics, will walk you through the forensics of a case related to the alleged theft of high value company data. This case is a real whodunit - a riddle, wrapped in a mystery inside an enigma, and stuffed into a paradox.

If you want to deep dive into disk, file system, and operating system forensics with a side of good old fashioned detective work - this is the talk for you.

2PM ET

Unique Apps & Data Sources Hiding Evidence

Amber Schroader, CEO, Paraben Corp.

While many investigators are familiar with popular apps and their potential evidentiary value, there's a vast universe of niche apps that can hold valuable, often overlooked, data. In this session, we'll delve into the world of niche apps, exploring their unique functionalities and the data they can reveal. From fetish apps to data-hiding tools, we'll provide a fresh perspective on where to look for evidence in your investigations.

3PM ET

LEAPPing into the Future: How LAVA is Heating Up Open Source Digital Forensics

Alexis Brignoni & James Habben, iLEAPP & LAVA

The LEAPPs (Logs, Events, And Preferences Parsers) have become essential tools for digital forensic investigators tasked with extracting and analyzing data from mobile devices, digital search warrant returns, and vehicles. This talk will give the community a preview of the new reporting format called LAVA (LEAPPs Artifact Viewer Analyzer.) LAVA will make working with parsed data from the LEAPPs easier and more efficient.

Wednesday, December 11

10AM ET

Effective Documentation in OSINT Investigations: Strategies for Capturing and Preserving Data

Ritu Gill, Open Source Intelligence Analyst, OSINT Techniques

Open Source Intelligence (OSINT) investigations hinge on the ability to capture and document information accurately and efficiently as it is discovered. This presentation will guide attendees through the critical practices of documenting OSINT findings to ensure that every piece of information is preserved and verifiable. The presentation will also address structuring documentation to create a clear audit trail and ensuring data integrity through timestamps and digital hashes.

11AM ET

Drone Forensics: Making the connection.

Davis Grier, Director of Engineering, V2 Forensics

Aircraft, remote, and mobile device lets investigators connect the dots from app to aircraft. In this session, we'll discuss ways of analyzing drone apps to tie them to an aircraft or vice versa.

12PM ET

Sponsor Spotlight - Truxton Forensics

Dave Ryberg, Director of Sales, Truxton Forensics

12:30PM ET

Sponsor Spotlight - Techno Security & Digital Forensics Conference

Jennifer Salvadori & Allison Dowd, Techno Security

1PM ET

Telegram: A Super Platform for Crime and Crypto

Stephen E. Arnold & Erik Arnold, Arnold Information Technology

Telegram is approaching one billion users. An increasing number of users reside in the United States. This presentation explains why Telegram is a super platform for criminal activity and crypto currency "plays." The presentation falls into four sections. The first section presents a ransomware operation targeting individuals who are trying to purchase stolen credit cards. A diagram of the operation makes the capabilities of the Telegram platform clear. The second section presents an overview of the more than 100 functions and services of the Telegram platform. The key point is that Telegram has had a cadence of innovations over the past 11 years. Functionality of the Telegram platform is three times that of Instagram, Signal, and WhatsApp. In addition, the organization of the Telegram distributed architecture is presented and the command-and-control services identified. The third part of the presentation presents information about the Dubai-based One Network (TON Foundation) and the new TONsocial organization. The Foundation manages the blockchain and crypto activities, and the TONsocial entity is designed to build a global social media network similar to VKontakte, the Russian Facebook, just integrated with the Telegram Messenger application. The final part of the presentation presents probable development vectors identified by my research team with brief comments about the impact on US law enforcement, intelligence professionals, and money laundering investigators.

2PM ET

A Forensic Examination of the Arc Browser

Justin Tolman, Forensic SME and Evangelist, Exterro

Arc is a “new” browser published by The Browser Company. It was first released for macOS and iOS on April 19, 2022, and Windows on April 30, 2024. While (obviously!) not one of the big four browsers, it is important to be aware of the different platforms available for people to access the internet so that “no evidence is left behind.”

This presentation will introduce you to the Arc Browser and its associated data structures. We will break down the data structures and the relationships between the SQLite databases, XML files, pList files, and more. This presentation will provide you with a resource for later reference when you encounter this browser in evidence.

3PM ET

Swatting: Tradecraft & Real World Case Studies

Keven Hendricks, Investigator, Ubivis Project

This presentation will cover the epidemic of "swatting". Understanding the "troll culture" leading to the swatting phenomenon. Evolving trade-craft involving swatting will be covered, as well as investigatory avenues for swatting. Real world cases will be covered.

Thursday, December 12

10AM ET

AI in Forensics: Empowering Examiners, Not Replacing Them

Tom Oldroyd, Director of Strategy and Sales, Semantics 21

The true potential of AI in digital forensics is only just beginning to be realised. At Semantics 21, we were the first to release an AI capable of detecting CSAM media, and we leverage AI in multiple solutions to locate CSAM victims, transcribe police audio and video interviews, and even perform offline location detection without GPS a world-first innovation in forensic technology. AI won’t replace human examiners, but examiners who harness AI will certainly set the benchmark. Join our session to explore both the benefits and the challenges of AI in forensics, with real-world examples from the global leaders in AI-driven forensic solutions.

11AM ET

Sponsor Spotlight - VFC

Geoff Boyd, VFC

12PM ET

Sponsor Spotlight - OSINT Liar

Dan Cardin, OSINT Liar

12:30PM ET

Part 2: LEAPPing into the Future: How LAVA is Heating Up Open Source Digital Forensics

Alexis Brignoni & James Habben, iLEAPP & LAVA

The LEAPPs (Logs, Events, And Preferences Parsers) have become essential tools for digital forensic investigators tasked with extracting and analyzing data from mobile devices, digital search warrant returns, and vehicles. This talk will give the community a preview of the new reporting format called LAVA (LEAPPs Artifact Viewer Analyzer.) LAVA will make working with parsed data from the LEAPPs easier and more efficient.

1PM ET

Essential Early Case Assessment for Mobile Device Extractions

Rich Frawley, Director of Training, ADF Solutions

This presentation delves into the critical importance of early case assessment (ECA) in mobile device extractions. By understanding the case context and potential evidence, investigators can prioritize their analysis and maximize the efficiency of their efforts.

The presentation will cover key topics such as case context, evidence identification, prioritization techniques, and case examples. By understanding the nature of the case, investigators can identify key data points and anticipate potential challenges. Through effective prioritization, they can streamline their analysis and focus on the most relevant information. The presentation will also include real-world case studies to illustrate the application of ECA principles and demonstrate how early assessment can lead to more efficient and effective investigations. Additionally, the presentation will emphasize the importance of adhering to forensic standards and procedures, documenting all steps and findings, and minimizing the risk of data contamination or loss.

2PM ET

AI Solutions in Forensics and Legal Technologies: The Good, the Bad, and the Ugly

Brian McHughs, Co-founder & CEO, Indexed I/O

How does AI fundamentally work? In this presentation we'll explore various AI models and workflows and take a deep dive into each of their strengths, weaknesses, and significant issues. With AI everywhere it is important you know how it works...and even more so, when it doesn't. We'll use real world examples as we navigate AI solutions and how they can be leveraged with collected data sets.

3PM ET

Unleashing the Potential of Reddit OSINT: Tips and Tricks for a Successful Investigation

Zach Yuzdepski, Demand Generation Manager, Pagefreezer

Despite being overshadowed by social media giants, Reddit is an underrated gem in the realm of OSINT. Reddit stands out for its vast assortment of third-party tools that grant access to previously deleted content. With millions of daily active users, Reddit provides valuable information for effective OSINT gathering.

In this session, we will explore tips and tricks for Reddit OSINT, including overviews on: finding communities of interest, finding details about users, and navigating Reddit subreddits.

CyberSocialCon is Cyber Social Hub's annual online digital investigations conference.