One of the biggest challenges for investigators today is not only the number of devices or the amount of data (the average hard drive has just crossed the 1TB threshold), but the number and diversity of applications and artifacts that are on a system.
Frankly, we feel your pain. We know there’s no single tool that investigators can rely on to support all applications, browsers, and file systems. We get it when practitioners tell us they require a larger toolbox and deeper skill set to support the overwhelming challenges in digital investigations.
Guidance Software uses CEIC to bring together all of the speakers with their tools and apps that integrate with EnCase and provide you with better visibility into systems, applications and artifacts.
There are four tracks that focus on digital investigations:
- Digital Forensics Labs
- Advanced Digital Forensics Labs
- Topics in Digital Forensics
- Mobile Devices and Cloud Investigations
You can view the agenda here to read session descriptions and speaker bios on the 44 lab, lecture, and panel sessions that focus on digital forensics. You can also get a sneak preview on a few of the hands-on lab topics that are sure to warrant a packed room, such as the ones we've highlighted here below.
David Cowen and Matthew Seyer of G-C Partners, LLC, will outline the three major file systems in use today that utilize journaling (NTFS, EXT3/4, HFS+) and explain what is stored and its impact on your investigations. You will learn:
Digital Forensics Session Highlight: File System Journaling Forensics
- What data is stored by your file systems?
- How to gather the data using EnCase.
- How to use a free parser to understand the data.
Digital Forensics Session Highlight: Vehicle Systems ForensicsBen LeMere, CEO of Berla Corporation, is back by popular demand this year. We know students of vehicle forensics will be glad to hear that you'll be able to get your hands on the data stored in several different infotainment and telematics systems in his practical, hands-on lab session. Vehicle Infotainment and Telematics systems store a vast amount of data such as recent destinations, favorite locations, call logs, contact lists, SMS messages, emails, pictures, videos, social media feeds, and the navigation history of everywhere the vehicle has been. This information is not easily retrievable and is typically stored in several different systems within a vehicle not traditionally associated with event data. This is cutting-edge technology that is quickly becoming more pervasive in the field of investigations.
Digital Forensics Session Highlight: Windows ShellBag Forensics in DepthVincent Lo, Digital Forensics and Incident Response Investigator, knows that ShellBag behavior is a challenging task for “forensicators.” The problem of identifying when and which folders a user accessed arises often and investigators attempt to search for them in the ShellBag information because it may contain registry keys indicating which folders the user accessed previously. Their timestamps may demonstrate when they were accessed. Nevertheless, a lot of activities can create/update the timestamps. That’s why you won’t want to miss this hands-on lab, where you’ll understand the details of ShellBag information, review various activities across Windows operating systems and learn how to interpret it correctly.
If it wasn’t obvious before this blog, now it should be loud and clear: this year’s sessions on digital forensics pull no punches when it comes to providing more visibility to the good, the bad, and the sometimes very ugly and diverse applications and artifacts you face every day.
Stay tuned for Part 3 of this blog topic on digital forensics, where we’ll shed light on the caliber of speakers we’re bringing in to teach these sessions mentioned here. We're confident that these are experts whom you know and trust.
In the meantime, be sure to visit the CEIC website for information on the current event agenda, registration information, sponsor and exhibitor opportunities, and to register now. Also, be sure to follow us on Facebook, Twitter, and LinkedIn for the latest CEIC buzz and conversation.