CyberSocialCon 2023 Agenda

Pre-Conference Sessions

On-demand

RF Survey - What Is It and How Can It Be Helpful in Your Investigations?

Magnus Hedlund, Head of Sales and Strategic Alliances, Vespereye

In today's digital investigations, it becomes more and more important to speed up process, minimize the amount of data, and validate the data you have.

In this presentation, we'll cover how a RF survey on the crime scene can help you achieve those goals.

Available to watch now when you register for the event!

On-demand

A Consultative Approach to Forensics

Rob Fried, Senior Vice President, Forensics & Investigations, Sandline Global & Gary Hunt, Director, Digital Forensics & Investigations, Sandline Global

Taking a consultative approach to investigations - including the identification, preservation and collection of data sources.

Available to watch now when you register for the event!

On-demand

RF Survey - What Is It and How Can It Be Helpful in Your Investigations?

Magnus Hedlund, Head of Sales and Strategic Alliances, Vespereye

In today's digital investigations, it becomes more and more important to speed up process, minimize the amount of data, and validate the data you have.

In this presentation, we'll cover how a RF survey on the crime scene can help you achieve those goals.

Available to watch now when you register for the event!

On-demand

A Consultative Approach to Forensics

Rob Fried, Senior Vice President, Forensics & Investigations, Sandline Global & Gary Hunt, Director, Digital Forensics & Investigations, Sandline Global

Taking a consultative approach to investigations - including the identification, preservation and collection of data sources.

Available to watch now when you register for the event!

Wednesday, December 13

9AM ET

Keynote: Will A.I. become the new criminal tactic of choice?

Kevin DeLong, Founder, Cyber Social Hub

Any tool intended for good can be used for evil (ie hammers to hit a nail to build a house... or used in an assault). What about A.I.? Has it become sophisticated enough to be used as a tool for criminal activities? Can it be used to fight crime or gather intelligence? This Keynote will pose questions... answers... and more questions about the future of A.I. in investigations. It will also highlight how far A.I. technology has come and what we might see in the future.

10AM ET

Finding a Diamond in the Dumpster, Decoding RAM in Mobile Forensics

Adam Firman, Tech Evangelist, MSAB

This session will delve into the world of RAM decoding and explore the significant advantages it offers in uncovering a potential goldmine of data that would otherwise be missed with a standard mobile extraction. For years, computer forensic examiners have relied heavily on RAM analysis to uncover valuable evidence, and now, the question is whether mobile forensic examiners will follow suit. This session will aim to shed light on the importance of RAM decoding and its potential to revolutionize mobile forensic investigations.

11AM ET

The Rise of Dark Web Extremism

Keven Hendricks, Detective, Ubivis Project

This presentation would cover the evolution of extremist content on the dark web. Various dark nets will be covered, evolving cyber tradecraft for threat actors to communicate with each other, and how accelerationism and radicalization are taking place daily on the dark net channels.

12PM ET

Start With the Where: Automating and Leveraging Geo Data in DFIR and OSINT Investigations

Dave Ryberg, Director of Sales, Truxton Forensics

Channel your inner Waldo and conquer the exploding avalanche of geographic data in your investigations! Join Truxton’s Dave Ryberg and see how to automatically separate geographic wheat from the chaff and correlate locations with other artifacts and events.

See how to quickly set up geofences and alerts to automatically find patterns of life, timelines of events, and quickly export geo results to Google Earth and other mapping programs.

During the session, attendees will see how to import and analyze location data from phones, cars, cameras, drones, and wi-fi spots from a variety of seized evidence and open source/subscription providers to quickly solve the most complicated cases.

We'll cover:

  • Geo Data from the Usual Places

  • Geo Data from the Not-So-Usual Places

  • Geo Data from Other Services

  • Location Filters

  • Sensitive Site Violations and GeoFencing

  • Correlating and Analyzing Bullet listGeo Data

12:30PM ET

The AI Revolution in Digital Forensics: Detego Global's Game-Changing Analytics

Mike Bates, Technical Sales Engineer: North America, Detego Global

Artificial intelligence is revolutionizing our daily lives, and its impact on criminal investigations is no exception. Join Detego Global for an exclusive presentation at this year's CyberSocialCon, where they demonstrate how investigators can leverage cutting-edge AI tools to streamline investigations and fast-track the discovery of critical evidence.

1PM ET

Digital Evidence on the Frontline - Best Practices for Capturing the “Here and Now” from Victims and Witnesses

Rich Frawley, Director of Training, ADF Solutions

Frontline investigators are frequently presented with digital evidence that is relevant and should be collected, whether a simple text, photo or video. The data we are allowed to collect is being limited in many jurisdictions, along with a reluctance from victims and witnesses to allow access to all data. Most times, If the data is not captured at that moment, chances are it will walk away and not be available again.

Attendees will walk away understanding:

  • How to employ methods to collect data available “here and now”

  • Techniques to lessen reluctance of vic/wit and gather evidence with specificity

  • Overview of new UK consent laws

  • Tips and tricks on gathering specific case information:

    - Strengthening your screenshot game

    - Recording the session

    - Hidden and deleted apps

    - Working with your victim / witness

2PM ET

Conducting Investigations on Social Media: Collection and Review of Social Media Data at Scale

Jesse Ward, Onboarding and Implementation Manager, Pagefreezer

When it comes to online investigations, modern social media platforms can be tremendously useful. Not only do subjects inadvertently upload incriminating evidence themselves—but third parties also upload content that can be useful during investigations. 

However, the real-time and dynamic nature of social media—combined with the overwhelming amount of content being uploaded every minute—creates challenges for investigators looking to make productive use of social evidence. These challenges include:

  • Finding relevant posts and comments amid long timelines and very active accounts  

  • Quickly capturing evidence before it is deleted

  • Manually capturing vast quantities of social media data

  • Reviewing evidence that was ineffectively captured and lacks context 

  • Generating defensible evidence that can stand up in court

Drawing from real-world examples in both the private and public sectors—including some of the top global investigative firms, law enforcement agencies, and industry regulators— this session will examine how investigatorsBullet list can streamline social media investigations. It will discuss how they can work with social media evidence at scale, and offer practical tips and strategies for transforming live social posts into evidentiary-quality records.  

3PM ET

Droning on: The Life and Death of UAS

Jansen Cohoon, President, V2 Forensics

From take off to landing, detection to mitigation, and hobbyist to professional, drones are infiltrating many areas of society. Whether you end up dealing with them from as a nuisance or criminal activity, be prepared to know what is available to help your investigations.

4PM ET

Investigating User and System Activity related to Data Exfiltration in Enterprise Environments

Justin Tolman, Forensic Subject Matter Expert and Evangelist, Exterro

It has been said that “Data is the new oil.” For every private company or government agency the protection and tracking of that data should be of highest priority. In the event of data being exfiltrated through employee misdeeds, investigations must move quickly to remediate any potential damage both current and future. This presentation will address workflows, artifacts, and considerations to investigate these breaches quickly but without sacrificing investigative quality.

Wednesday, December 13

9AM ET

Keynote: Will A.I. become the new criminal tactic of choice?

Kevin DeLong, Founder, Cyber Social Hub

Any tool intended for good can be used for evil (ie hammers to hit a nail to build a house... or used in an assault). What about A.I.? Has it become sophisticated enough to be used as a tool for criminal activities? Can it be used to fight crime or gather intelligence? This Keynote will pose questions... answers... and more questions about the future of A.I. in investigations. It will also highlight how far A.I. technology has come and what we might see in the future.

10AM ET

Finding a Diamond in the Dumpster, Decoding RAM in Mobile Forensics

Adam Firman, Tech Evangelist, MSAB

This session will delve into the world of RAM decoding and explore the significant advantages it offers in uncovering a potential goldmine of data that would otherwise be missed with a standard mobile extraction. For years, computer forensic examiners have relied heavily on RAM analysis to uncover valuable evidence, and now, the question is whether mobile forensic examiners will follow suit. This session will aim to shed light on the importance of RAM decoding and its potential to revolutionize mobile forensic investigations.

11AM ET

The Rise of Dark Web Extremism

Keven Hendricks, Detective, Ubivis Project

This presentation will cover the evolution of extremist content on the dark web. Various dark nets will be covered, evolving cyber tradecraft for threat actors to communicate with each other, and how accelerationism and radicalization are taking place daily on the dark net channels.

12PM ET

Start With the Where: Automating and Leveraging Geo Data in DFIR and OSINT Investigations

Dave Ryberg, Director of Sales, Truxton Forensics

Channel your inner Waldo and conquer the exploding avalanche of geographic data in your investigations! Join Truxton’s Dave Ryberg and see how to automatically separate geographic wheat from the chaff and correlate locations with other artifacts and events.

See how to quickly set up geofences and alerts to automatically find patterns of life, timelines of events, and quickly export geo results to Google Earth and other mapping programs.

During the session, attendees will see how to import and analyze location data from phones, cars, cameras, drones, and wi-fi spots from a variety of seized evidence and open source/subscription providers to quickly solve the most complicated cases.

We'll cover:

  • Geo Data from the Usual Places

  • Geo Data from the Not-So-Usual Places

  • Geo Data from Other Services

  • Location Filters

  • Sensitive Site Violations and GeoFencing

  • Correlating and Analyzing Geo Data

12:30PM ET

The AI Revolution in Digital Forensics: Detego Global's Game-Changing Analytics

Mike Bates, Technical Sales Engineer: North America, Detego Global

Artificial intelligence is revolutionizing our daily lives, and its impact on criminal investigations is no exception. Join Detego Global for an exclusive presentation at this year's CyberSocialCon, where they demonstrate how investigators can leverage cutting-edge AI tools to streamline investigations and fast-track the discovery of critical evidence.

1PM ET

Digital Evidence on the Frontline - Best Practices for Capturing the “Here and Now” from Victims and Witnesses

Rich Frawley, Director of Training, ADF Solutions

Frontline investigators are frequently presented with digital evidence that is relevant and should be collected, whether a simple text, photo or video. The data we are allowed to collect is being limited in many jurisdictions, along with a reluctance from victims and witnesses to allow access to all data. Most times, If the data is not captured at that moment, chances are it will walk away and not be available again.

Attendees will walk away understanding:

  • How to employ methods to collect data available “here and now”.

  • Techniques to lessen reluctance of vic/wit and gather evidence with specificity.

  • Overview of new UK consent laws

  • Tips and tricks on gathering specific case information

    - Strengthening your screenshot game

    - Recording the session

    - Hidden and deleted apps

    - Working with your victim / witness

2PM ET

Conducting Investigations on Social Media: Collection and Review of Social Media Data at Scale

Jesse Ward, Onboarding and Implementation Manager, Pagefreezer

When it comes to online investigations, modern social media platforms can be tremendously useful. Not only do subjects inadvertently upload incriminating evidence themselves—but third parties also upload content that can be useful during investigations. 

However, the real-time and dynamic nature of social media—combined with the overwhelming amount of content being uploaded every minute—creates challenges for investigators looking to make productive use of social evidence. These challenges include:

  • Finding relevant posts and comments amid long timelines and very active accounts  

  • Quickly capturing evidence before it is deleted

  • Manually capturing vast quantities of social media data

  • Reviewing evidence that was ineffectively captured and lacks context 

  • Generating defensible evidence that can stand up in court

Drawing from real-world examples in both the private and public sectors—including some of the top global investigative firms, law enforcement agencies, and industry regulators— this session will examine how investigatorsBullet list can streamline social media investigations. It will discuss how they can work with social media evidence at scale, and offer practical tips and strategies for transforming live social posts into evidentiary-quality records.  

3PM ET

Droning on: The Life and Death of UAS

Jansen Cohoon, President, V2 Forensics

From take off to landing, detection to mitigation, and hobbyist to professional, drones are infiltrating many areas of society. Whether you end up dealing with them from as a nuisance or criminal activity, be prepared to know what is available to help your investigations.

4PM ET

Investigating User and System Activity Related to Data Exfiltration in Enterprise Environments

Justin Tolman, Forensic Subject Matter Expert and Evangelist, Exterro

It has been said that “Data is the new oil.” For every private company or government agency the protection and tracking of that data should be of highest priority. In the event of data being exfiltrated through employee misdeeds, investigations must move quickly to remediate any potential damage both current and future. This presentation will address workflows, artifacts, and considerations to investigate these breaches quickly but without sacrificing investigative quality.

Thursday, December 14

9AM ET

Proper Collection, Documentation, and Presentation of Open Source Information in Court Proceedings

Brian Napierala, Senior Analyst – Open Source and Cyber Investigations, Hetherington Group

Are you so confident in your open source findings that you would testify in court? In this presentation, participants will learn best practices for capturing and storing open source findings on social media, public records, and more. Participants will be introduced to documentation procedures for creating sharp and understandable reports. Several tools—free and fee-based—as well as sample reports will be reviewed and shared that are court friendly.

10AM ET

Smartphones and Forensic Updates

Amber Schroader, CEO & Founder, Paraben Corp.

Smartphones go through more changes than any other type of digital evidence. Staying on top of firmware updates, artifact changes, and potential pitfalls is all part of being a smartphone investigator. Learn about the 2023 changes and what to watch for from both Apple iOS and Android.

11AM ET

Conducting Business Email Compromise Investigations: Techniques and Tools

Robert Gaines, PKF O'Connor Davies

An overview of standard business email compromise investigations, discussing methodology, data collection, data analysis and reporting. Microsoft Office 365 and Google Workspace email environments will be discussed, as well as on-premises Exchange environments. Attendees will gain insight into current tools, and methodologies, as well as how to leverage “off the shelf” products to perform investigations.

12PM ET

The Evolution of Incident Response

Bob O’Leary, Senior Solutions Architect US, Binalyze

Automated Incident Response is the next evolution of Cyber IR standard. A solution that begins the IR process automatically before the human response commences and rapidly provides investigators and analysts actionable information to resolve the incident. Automated incident response solutions must be capable of remotely collecting all evidential artifacts related to a cyber incident rapidly across multiple Operating Systems platforms. It must be fast and easy to use and capable of accelerating Cyber IR investigations with comprehensive features and functionality including triage assessments, collections of data of investigative value, tracking lateral movement through an environment, timelining the event and more. A valuable automated incident response solution will reduce or eliminate irrelevant data and enable investigators and analysts to focus on the relevant data to resolve a cyber incident in hours which would be a dramatic improvement over current timeframes.

12:30PM ET

Evolve to Intella Investigator: Streamline Your Investigation Team

Tim Freda, Regional Sales Manager, Vound Software

Evolve to Intella Investigator: streamline your investigation team. Multi User, collaborative, and web-based. Intella Investigator allows entire teams to work on cases simultaneously via web browser, allowing for greater efficiency and availability of information.

1PM ET

The Dark Web, What You Thought You Knew and What is Real

Todd Shipley, President, Dark Intel

We all think we know what the Dark web is, but how much do we not know about what's really out there in the darkness. This presentation will cover some of the unknown not commonly covered in the how to get on the Dark web talks. What is real and what is a phish. What makes up a hidden site on the Dark web and much more.

2PM ET

5 Skills and Techniques that Will Make You a Better Digital Forensics Expert

Matt Danner, Owner & Founder, Monolith Forensics

There's more to being a digital forensics examiner than just performing extractions. By developing certain traits, you will be able to enhance your professional capabilities as a forensic practitioner. In this session, Matt Danner will cover several skills and techniques, developed in his own experience consulting as a digital forensics expert, that will improve your digital forensics expertise.

3PM ET

Using Open Source/Free Tools for Memory Acquisition and Triage

Greg Tassone, DA Investigator, High Tech Crimes - Nevada County

In digital forensics investigations, there is an increasing need to acquire and examine memory from servers and other computers. There have been recent updates to powerful open-source and free tools to make these tasks easier and faster. This session will demonstrate the real-world use of these tools to acquire and triage RAM, highlighting tools such as the newly updated DumpIt (Windows and Linux, Magnet Forensics) for acquisition and Bulk_Extractor for rapid triage.

4PM ET

Anatomy of an Attack – Using System Roles In Your Ransomware Investigation

Brian Carrier, CEO, Sleuth Kit Labs

A challenge with intrusion investigations is knowing when to stop. When have you identified all of the systems and techniques that the attacker used? Without that, it’s hard to know if the attacker is truly out.

In this talk, we will introduce the concept of system roles, which map a phase of an attack to systems that were used in that phase. We’ll give special attention to ransomware attack phases. For example, ransomware attacks have a “Deployer” node that is responsible for distributing the malicious executables to victims. It could be the initial victim system, the domain controller, or another system. For each role type, we’ll cover what kinds of artifacts you’ll find.

Thursday, December 14

9AM ET

Proper Collection, Documentation, and Presentation of Open Source Information in Court Proceedings

Brian Napierala, Senior Analyst – Open Source and Cyber Investigations, Hetherington Group

Are you so confident in your open source findings that you would testify in court? In this presentation, participants will learn best practices for capturing and storing open source findings on social media, public records, and more. Participants will be introduced to documentation procedures for creating sharp and understandable reports. Several tools—free and fee-based—as well as sample reports will be reviewed and shared that are court friendly.

10AM ET

Smartphones and Forensic Updates

Amber Schroader, CEO & Founder, Paraben Corp.

Smartphones go through more changes than any other type of digital evidence. Staying on top of firmware updates, artifact changes, and potential pitfalls is all part of being a smartphone investigator. Learn about the 2023 changes and what to watch for from both Apple iOS and Android.

11AM ET

Conducting Business Email Compromise Investigations: Techniques and Tools

Robert Gaines, PKF O'Connor Davies

An overview of standard business email compromise investigations, discussing methodology, data collection, data analysis and reporting. Microsoft Office 365 and Google Workspace email environments will be discussed, as well as on-premises Exchange environments. Attendees will gain insight into current tools, and methodologies, as well as how to leverage “off the shelf” products to perform investigations.

12PM ET

The Evolution of Incident Response

Bob O’Leary, Senior Solutions Architect US, Binalyze

Automated Incident Response is the next evolution of Cyber IR standard. A solution that begins the IR process automatically before the human response commences and rapidly provides investigators and analysts actionable information to resolve the incident. Automated incident response solutions must be capable of remotely collecting all evidential artifacts related to a cyber incident rapidly across multiple Operating Systems platforms. It must be fast and easy to use and capable of accelerating Cyber IR investigations with comprehensive features and functionality including triage assessments, collections of data of investigative value, tracking lateral movement through an environment, timelining the event and more. A valuable automated incident response solution will reduce or eliminate irrelevant data and enable investigators and analysts to focus on the relevant data to resolve a cyber incident in hours which would be a dramatic improvement over current timeframes.

12:30PM ET

Evolve to Intella Investigator: Streamline Your Investigation Team

Tim Freda, Regional Sales Manager, Vound Software

Evolve to Intella Investigator: streamline your investigation team. Multi User, collaborative, and web-based. Intella Investigator allows entire teams to work on cases simultaneously via web browser, allowing for greater efficiency and availability of information.

1PM ET

The Dark Web, What You Thought You Knew and What is Real

Todd Shipley, President, Dark Intel

We all think we know what the Dark web is, but how much do we not know about what's really out there in the darkness. This presentation will cover some of the unknown not commonly covered in the how to get on the Dark web talks. What is real and what is a phish. What makes up a hidden site on the Dark web and much more.

2PM ET

5 Skills and Techniques that Will Make You a Better Digital Forensics Expert

Matt Danner, Owner & Founder, Monolith Forensics

There's more to being a digital forensics examiner than just performing extractions. By developing certain traits, you will be able to enhance your professional capabilities as a forensic practitioner. In this session, Matt Danner will cover several skills and techniques, developed in his own experience consulting as a digital forensics expert, that will improve your digital forensics expertise.

3PM ET

Using Open Source/Free Tools for Memory Acquisition and Triage

Greg Tassone, DA Investigator, High Tech Crimes - Nevada County

In digital forensics investigations, there is an increasing need to acquire and examine memory from servers and other computers. There have been recent updates to powerful open-source and free tools to make these tasks easier and faster. This session will demonstrate the real-world use of these tools to acquire and triage RAM, highlighting tools such as the newly updated DumpIt (Windows and Linux, Magnet Forensics) for acquisition and Bulk_Extractor for rapid triage.

4PM ET

Anatomy of an Attack – Using System Roles In Your Ransomware Investigation

Brian Carrier, CEO, Sleuth Kit Labs

A challenge with intrusion investigations is knowing when to stop. When have you identified all of the systems and techniques that the attacker used? Without that, it’s hard to know if the attacker is truly out.

In this talk, we will introduce the concept of system roles, which map a phase of an attack to systems that were used in that phase. We’ll give special attention to ransomware attack phases. For example, ransomware attacks have a “Deployer” node that is responsible for distributing the malicious executables to victims. It could be the initial victim system, the domain controller, or another system. For each role type, we’ll cover what kinds of artifacts you’ll find.

CyberSocialCon is Cyber Social Hub's annual online digital investigations conference.