The Road to CEIC 2013: EnCase in Action!

Jessica Bair

The “Road to CEIC 2013” is a series of blog posts on all things CEIC, before, during, and after, from an insider’s point of view.

The final agenda for @CEIC_Conf #CEIC was just released. Some breaking news: Guidance Software will unveil and describe in-depth EnCase® Analytics, our new security intelligence product employing big data analytics. EnCase Analytics empowers customers to find and expose cyber-threats hiding behind complex relationships in the wealth of data that exists within the sum of all endpoints of an enterprise. Presentations and demonstrations about EnCase Analytics will be available throughout the conference. I have been looking forward to this big announcement for months, and I will be creating the EnCase OnDemand training for EnCase Analytics this summer.

In just a few days, the advance team members will be arriving in Orlando to start setting up the lab machines and internal network, beginning the process of transforming the Rosen Shingle Creek hotel into a digital investigation mini-city. The diversity and depth of the speaker talent and sessions are truly remarkable. One on my favorite tracks @CEIC_Conf #CEIC each year is EnCase in Action, where peers share their experiences on how EnCase made a difference. A few weeks ago, my fiancé and I had dinner with Jamey Tubbs and his wife at a Guidance Software event. I worked for Jamey in the US Army CID as a Special Agent and District Computer Crime Coordinator/Computer Forensic Examiner, and we have known each other for over a decade. Inevitably, the dinner conversation included a few "war stories," including some of our own EnCase in Action adventures. Our partners were fascinated with the experiences we shared, in how computer forensic technology affected the outcome of investigations; and in the case of Jamey’s service in Iraq, had a direct impact on the safety of our troops and success of the mission.

At their core, digital forensics, e-discovery and cybersecurity are all about working with data; and understanding that data and managing it are the keys to your success. John Lukach is an EnCase professional extraordinaire, skilled with EnCase® Forensic, EnCase® Portable, EnCase® Enterprise, EnCase® eDiscovery, EnCase® Cybersecurity, and EnScript® programming. I was very happy when he joined us a part-time instructor, and he has freely shared his work in the form of EnPacks available on EnCase® App Central, such as Low Hanging Fruit and Retention Analyzer. On Sunday evening at CEIC, John will be presenting Simple Data Assessments, the process of using EnCase products in the information governance life cycle. John will show you how to generate a myriad of EnCase reports; detailing compliance, risk, and return on investment for an enforced records-retention program.

Automation is a theme @CEIC_Conf #CEIC, woven throughout the tracks. EnCase in Action is no exception. We are all aware that Wal-Mart is the largest corporation in the world. You can imagine that size comes with a proportionally large e-discovery work load. What you may not realize is that EnCase eDiscovery is central to their successful e-discovery program. Daniel Smyth is the longest tenured consultant on the Guidance Software Professional Services (GSI PS) team, and along with Edward Erkes (GSI PS), will be presenting EnCase eDiscovery Processing Workflow with Thomas Funk of Wal-Mart. Although this ‘A-Team of E-Discovery’ will be focusing on processing, they will show how the processing step in the Electronic Discovery Reference Model can affect every other step down the line (recollect, production, archive, review, etc). They will advise you on how to refine and improve the entire process, including providing a workflow diagram you can use in EnCase eDiscovery automation.

Automation continues with cybersecurity. As I spoke about in The Road to CEIC 2013: Cyber-Threat Response: Mitigate, Reduce, Reduce!, it is essential for organizations to mitigate the risk of cyber-attacks, reduce the time delay of response and reduce the costs of damage. Learn how to automate your incident response in Integrating EnCase Cybersecurity and Third-Party Incident Response Tools to ArcSight and other SIEM Tools with Mark Morgan (GSI PS) and Matthew Keller (Worldwide Information Network Systems). Mark and Matt will demonstrate how they integrated the EnCase Cybersecurity modules, as well as third-party incident response tools (such as volatility, Regripper, PDF Parser, etc.), into the ArcSight console. This presentation will demonstrate how these tools can be launched from the ArcSight console as alerts are identified, in order to immediately respond to possible attacks. Mark and Matt will introduce a GUI Interface that allows you to learn what tools to use and when to use them. They provided a sneakpeek below.

EnCase in Action track: Just a reminder: Friday, May 10th is the deadline to receive a free pass to CEIC 2013, valued at $1295.00 USD with every full-price Guidance Software Annual Training Passport your organization purchases. Sign Up Here for your Annual Training Passport and receive your free pass to attend CEIC 2013. Use code SPRING FORWARD.

I’m going to take a quick vacation before heading to Orlando myself next week. I will see you @CEIC_Conf #CEIC!

Jessica Bair
Senior Director, Curriculum Development

No comments :

Post a Comment