The full agenda for Pre-Conference Tutorials is below. For information on any other track, please click the links below.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: Big Data Analytics and Social Network Monitoring Training
Track 3: Distilling Cyber Threat Information into Actionable Intelligence Training
Track 4: Encrypted Traffic Monitoring and IT Intrusion Product Training
Track 5: LEA, Defense and Intelligence Analyst Training and Product Demonstrations
Track 6: Social Network Monitoring and Big Data Analytics Training and Product Demonstrations
Track 7: Mobile Signal Intercept and Electronic Surveillance Training and Product Demonstrations
Pre-Conference Seminars and Tutorials (Tuesday, 2 December 2014)
Seminar #1
Presented by Charles Cohen, Cohen Training and Consulting, LLC
8:30-16:30
Online Social Media and Internet Investigations
Charles Cohen also holds the position of Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA8:30-9:30: Session 1 of 6
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analysis
This session is for criminal investigators and intelligence analysts who need to understand the impact of online social networking on how criminals communicate, train, interact with victims, and facilitate their criminality.9:45-10:45: Session 2 of 6
OSINT and Criminal Investigations
Now that the Internet is dominated by Online Social Media, OSINT is a critical component of criminal investigations. This session will demonstrate, through case studies, how OSINT can and should be integrated into traditional criminal investigations.
11:00-12:00: Session 3 of 6
Metadata Exploitation in Criminal Investigations
This session is for investigators who need to understand social network communities along with the tools, tricks, and techniques to prevent, track, and solve crimes.13:00-14:00: Session 4 of 6
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
Current and future undercover officers must now face a world in which facial recognition and Internet caching make it possible to locate an online image posted years or decades before. There are risks posed for undercover associated with online social media and online social networking Investigations. This session presents guidelines for dealing with these risks.14:15-15:15: Session 5 of 6
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition
While there are over 300 social networking sites on the Internet, Facebook is by far the most populous, with over 800 million profiles. It has roughly the same population as the US and UK combined, making it the third largest country by population. There are over 250 million images and 170 million status updates loaded on Facebook every day. This session will cover topics including Facebook security and account settings, Facebook data retention and interaction with law enforcement, and common fraud schemes involving Facebook.15:30-16:30: Session 6 of 6
What Investigators Need to Know about Emerging Technologies Used to Hide on the Internet
Criminal investigators and analysts need to understand how people conceal their identity on the Internet. Technology may be neutral, but the ability to hide ones identity and location on the Internet can be both a challenge and an opportunity. Various methods of hiding ones identity and location while engaged in activates on the Internet, provides an opportunity for investigators to engage in covert online research while also providing a means for criminals to engage in surreptitious communication in furtherance of nefarious activities. As technologies, such as digital device fingerprinting, emerge as ways to attribute identity this becomes a topic about which every investigator and analyst may become familiar.Seminar #2
8:30-16:30Understanding ISS Technologies and Products Deployed in Telecommunications Networks and Monitoring Centers for Law Enforcement and Intelligence Analysts
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This one day pre-conference seminar covers the spectrum of ISS Technologies and Products deployed in today's fixed wire, mobile wireless and Internet Service Provider networks and LEA Monitoring and Intelligence Gathering Centers. This all day seminar is ideal for those law enforcement, public safety and intelligence analysts who need an understanding of the ISS technologies to be discussed in the conference sessions and the ISS products displayed at the exhibit hall as well as an understanding of the buzz words and jargon used by telecom operator engineers and their vendors.
08:30-10:45
Introduction to Telecom Infrastructure, Interception and Related ISS Products
What do LEAs need to know about telecommunications networks infrastructure, basic LI elements (access, delivery and collection function), LEA Monitoring Center Functions and where are ISS products deployed for monitoring and intercept.Understanding ISS:
Why Understanding Telecom Infrastructure is Important for Law Enforcement and Intelligence AnalystsBasic Telecom Building Blocks:
Circuit vs. Soft IP Switching, Signaling (SS7, ISDN, DTMF, etc.), fiber optics (SDH and SONET), Broadband Access (DSL, Cable Modems, Wi-Fi etc.), IP Core Technologies (Routing, ATM, MPLS, etc.) and Network Elements for Intercept.Telco Back Office Systems:
Billing Systems, Mediation Services for Capturing Call Detail Records and LEA Intercept Request Processing.Lawful Interception Architectures:
Probes (active and passive), Optical Layer Intercept at 10, 40 and 100 GBPS, Mediation and Data Retention Architectures, CALEA Pen Register and Trap & Trace, LEA Monitoring Center Functions and ISS Products Deployed in Fixed Wire Network Infrastructure.Typical US DEA Funded LI Systems:
LIMS, T2S2, Warrant Processing, Data Logs, Capacity Requirement (e.g. Targets, Handoff Circuit Capacity, etc.) Central America Project Funding and Enterprise Hardware/Software RequirementsLegal Intercept Options:
What must telecom operators provide with a served subpoenas, Search Warrant, CALEA-Title III, National Security Letter and FISA Warrant.
11:00-14:00
Understanding Mobile Wireless Infrastructure, Interception and Related ISS Products
Infrastructure basics, back office infrastructure, IM, data and where are ISS products deployed for monitoring and intercept.Types of Wireless Network:
Differences among Network Operators, MUNO's, WiFi, WiMAX, Microwave, Satellite, Femtocells and NFC Interfacing.Mobile Network Infrastructure:
Subsystems (cell sites, sector antennas, back hall, processors at towers, MSO special features (HLR, VLR, etc.) and PSTN Interconnect.Cellular Network Generations:
Infrastructure Difference Among GSM, GPSS, EDGE, HSPA, North American CDMA, W-CDMA and LTE (CSFB vs. IMS Based) and Difference in Data Service Support.Smartphones:
Functional Differences between 3G/4G Smartphones and 2G Phones, SMS messaging vs. iPhone text messages regarding intercept and 3G vs. LTE data services capabilities.Cell Phone CDR's:
What records do cellular operators obtain when the phone is on, what's in a CDR when phone call is initiated and other forensic data of value to LEA's.Cell Phone Tracking Options:
Cellular Operator Tracking Services available to LEA's, Target Pinging, Location technologies (GPS is National Based vs. RF Spectrum Mapping, GSM Surveillance, A-GSM intercept, WiFi Tracking, IMSI/IMEI Catchers, Spyware and more.Smartphone Services to Avoid Tracking:
WHATSAPP, TIGER Text, WICKR, VIBER, GroupMe and more.ISS Intercept Product Options:
Electronics Surveillance (audio, video and GPS), Location Based Mediation Products, Smartphone IT Intrusion and Cellular CDR data mining, Geocoded Photo Metadata, EXIF tags, Special Smartphone Services for Geolocation (Creepy, Instragram, Foursquare, VIBE and more).14:15-16:30
Understanding the Internet, Interception and Related ISS Products
What Investigators Have To Know about IP call Identifying Information, Investigations Involving E-Mail, Facebook, Twitter, Skype, Instant Messaging, Chat Rooms and what can be done to address Internet intercept deploying ISS infrastructure and where are ISS products deployed for monitoring and intercept.IP Basics:
Why Understanding IP Layering Model, TCP/IP and UDP is important for LEA's and the IC Community, IP addresses (IPv4 vs. IPv6), static vs. dynamic addresses and more.Internet Players:
The managers (ICANN, IANS and IETF), NSPs vs. ISPs vs. CDNs, How the Internet Players exchange IP Traffic, Private vs. Public peering and IXPs.ISP Infrastructure:
RAS, RADIUS, DHCP and DNS and why these servers are important to understand.VoIP Options:
Types of VoIP Services, PSTN interconnect, Gateway Based (Vonage), P2P (Skype & VIBER), Softswitches, SIP and IMS.E-mail Services:
Client Based E-mail vs. Webmail. What's different about E-mail, SMS, WEB 2.0, HTTPS, HTTPS 2.0, Smartphone messaging and Social Network messages.Social Network Metadata:
From Tweets, Facebook, E-mail and Smartphones.Deep Packet Inspection:
What's DPI, Where do telecoms deploy DPI and Where does the Intelligence Community request DPI intercept.Defeating Encryption:
Encryption options, Public Key Encryption, TOR, Third Party Services Available (Wickr), Encryption Products and how to defeat encryption (Spyware, Remotely Loaded Programs, IT Intrusion and Man-In-The-Middle Attacks)ISS Products for Intelligence Gathering:
OSINT, Big Data Analytics, Speaker Recognition, Facial Recognition, IP Mediation Devices and Monitoring Centers.Seminar #3
8:30-16:30Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1 day seminar is to take the attendees from the basics of understanding the internet, how to find data, through to a full understanding of best practice of an internet investigator, having awareness and knowledge of all the tools available to achieve this.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methods will be given throughout the seminar.
8:30-9:30
The World Wide Web and the Internet
- How it works. Why it works. How data traffic leaves a trace ;
- What the internet is; what is an IP and what protocols are used ( TCP/IP)
- IPv4 and IPv6 – understanding the changes
- mirror servers use and value
- Tracking and evaluating data
9:45-10:45
Recognizing Traffic Data
- A practitioner's guide to what data is available. How to harvest and analyze it.
- Best practice to identify suspects and build profiles.
- Data collection and interrogation
- IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id)
- Dynamic approaches to identifying suspects through internet profiles
- What investigators get from tech and service providers, and how to analyze it
- What to ask for with current legislation to achieve best results
- SPOC best practice.
- ISP/ CSP capabilities and opportunities.
11:00-12:00
WIFI and Mobile Data
- A practitioner's look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement.
- Dynamic live time tracing
- Geo location services and uses
- Surveillance without DSA and authority
13:00-14:00
Emerging Technologies, Masking Tech and Tools
- How suspects are using emerging and new technologies.
- An introduction to where technology is going, and how Law enforcement can use this to our advantages.
- Darknet, (Deepweb) and IRC use
- VOIP, Skype
- Advanced data sniffing and profile building
- TOR systems, applications and ways to coax offenders out of the system.
14:15-15:15
Advanced Techniques in Tracing Suspects
- Using innovative and dynamic methods to trace offenders.
- tricks used by suspects and how to combat them
- Covert internet investigations
- Proxy servers and hiding.
- managing collateral intrusion
- Reverse and social engineering
- Thinking outside the box
- Possible missed opportunities
- Profile building and manhunts
15:30-16:30
Open Source Intelligence Training (OSINT)
- An in depth look at what tools are available; how to use them, and practical applications.
- safety online when open sourcing
- open source training and awareness basics
- Trace suspects using available tools
- How to identify leads in investigations and data from ISP
- Internet tools to assist in building online profiles on suspects
- A run through of my website dedicated to online tracing tools and how best to use it (LEA ONLY)
- Reverse engineering and social engineering