About Pre-Conference Seminars and Tutorials Tutorials
The full agenda for Pre-Conference Seminars and Tutorials is below. For information on any other track, please click the links below.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: Big Data Analytics and Social Network Monitoring Training
Track 3: Threat Detection from Automated OSINT Collection and Analysis
Track 4: Encrypted Traffic Monitoring and IT Intrusion Product Training
Track 5: LEA, Defense and Intelligence Analyst Product Training
Track 6: Social Network Monitoring and Big Data Analytics Product Training
Track 7: Mobile Signal Intercept and Electronic Surveillance Product TrainingPre-Conference: Seminars and Tutorials (Monday, 16 March 2015)
Seminars and Tutorials (Monday, 16 March 2015)
Seminar #1
9:00-17:00Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
The aim of this 1 day seminar is to take the attendees from the basics of understanding the internet, how to find data, through to a full understanding of best practice of an internet investigator, having awareness and knowledge of all the tools available to achieve this.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methods will be given throughout the seminar.
9:00-10:00
The World Wide Web and the Internet
- How it works. Why it works. How data traffic leaves a trace ;
- What the internet is; what is an IP and what protocols are used ( TCP/IP)
- IPv4 and IPv6 – understanding the changes
- mirror servers use and value
- Tracking and evaluating data
10:15-11:15
Recognizing Traffic Data
- A practitioner's guide to what data is available. How to harvest and analyze it.
- Best practice to identify suspects and build profiles.
- Data collection and interrogation
- IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id)
- Dynamic approaches to identifying suspects through internet profiles
- What investigators get from tech and service providers, and how to analyze it
- What to ask for with current legislation to achieve best results
- SPOC best practice.
- ISP/ CSP capabilities and opportunities.
11:30-12:30
WIFI and Mobile Data
- A practitioner's look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement.
- Dynamic live time tracing
- Geo location services and uses
- Surveillance without DSA and authority
13:30-14:30
Emerging Technologies, Masking Tech and Tools
- How suspects are using emerging and new technologies.
- An introduction to where technology is going, and how Law enforcement can use this to our advantages.
- Darknet, (Deepweb) and IRC use
- VOIP, Skype
- Advanced data sniffing and profile building
- TOR systems, applications and ways to coax offenders out of the system.
14:45-15:45
Advanced Techniques in Tracing Suspects
- Using innovative and dynamic methods to trace offenders.
- tricks used by suspects and how to combat them
- Covert internet investigations
- Proxy servers and hiding.
- managing collateral intrusion
- Reverse and social engineering
- Thinking outside the box
- Possible missed opportunities
- Profile building and manhunts
16:00-17:00
Open Source Intelligence Training (OSINT)
- An in depth look at what tools are available; how to use them, and practical applications.
- safety online when open sourcing
- open source training and awareness basics
- Trace suspects using available tools
- How to identify leads in investigations and data from ISP
- Internet tools to assist in building online profiles on suspects
- A run through of my website dedicated to online tracing tools and how best to use it (LEA ONLY)
- Reverse engineering and social engineering
Seminar #2
9:00-17:00A real World Look at Investigations in the Dark Web
Presented by: Todd G. Shipley CFE, CFCE, President and CEO of Vere Software, Co-Author of , Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace
The aim of this 1 day seminar is to take the attendees from the basics of understanding the Dark Web, how to access it to how to finding information hidden within it. The attendees will learn the best practices for the internet investigator when working in the Deep Web and the tools available to assist their investigations into the Deep Web.
This exclusively Law Enforcement only, as Practical examples, covert and investigative methods will be given throughout the seminar.
9:00-10:00
The Dark Web, what it is and what it is not10:15-11:15
To Tor or not to Tor11:30-12:30
Cryptocurrency and its use in the Dark Web13:30-14:30
Going Undercover on the Dark Web14:45-15:45
Using web bugs and other technology to locate a suspect16:00-17:00
Advanced Dark Web Investigations, identifying the anonymous userSeminar #3
9:00-12:30Understanding ISS Technologies and Products Deployed in Telecommunications Networks and Monitoring Centers for Law Enforcement and Intelligence Analysts
Presented by: Dr. Jerry Lucas, President, TeleStrategies
This half day pre-conference seminar covers the spectrum of ISS Technologies and Products deployed in today's fixed wire, mobile wireless and Internet Service Provider networks and LEA Monitoring and Intelligence Gathering Centers. This half day seminar is ideal for those law enforcement, public safety and intelligence analysts who need an understanding of the ISS technologies to be discussed in the conference sessions and the ISS products displayed at the exhibit hall as well as an understanding of the buzz words and jargon used by telecom operator engineers and their vendors.
9:00-10:00
Introduction to Telecom Infrastructure, Interception and Related ISS Products
What do LEAs need to know about telecommunications networks infrastructure, basic LI elements (access, delivery and collection function), LEA Monitoring Center Functions and where are ISS products deployed for monitoring and intercept.Understanding ISS:
Why Understanding Telecom Infrastructure is Important for Law Enforcement and Intelligence AnalystsBasic Telecom Building Blocks:
Circuit vs. Soft IP Switching, Signaling (SS7, ISDN, DTMF, etc.), fiber optics (SDH and SONET), Broadband Access (DSL, Cable Modems, Wi-Fi etc.), IP Core Technologies (Routing, ATM, MPLS, etc.) and Network Elements for Intercept.Telco Back Office Systems:
Billing Systems, Mediation Services for Capturing Call Detail Records and LEA Intercept Request Processing.Lawful Interception Architectures:
Probes (active and passive), Optical Layer Intercept at 10, 40 and 100 GBPS, Mediation and Data Retention Architectures, CALEA Pen Register and Trap & Trace, LEA Monitoring Center Functions and ISS Products Deployed in Fixed Wire Network Infrastructure.Typical US DEA Funded LI Systems:
LIMS, T2S2, Warrant Processing, Data Logs, Capacity Requirement (e.g. Targets, Handoff Circuit Capacity, etc.) Central America Project Funding and Enterprise Hardware/Software RequirementsLegal Intercept Options:
What must telecom operators provide with a served subpoenas, Search Warrant, CALEA-Title III, National Security Letter and FISA Warrant.10:15-11:15
Understanding Mobile Wireless Infrastructure, Interception and Related ISS Products
Infrastructure basics, back office infrastructure, IM, data and where are ISS products deployed for monitoring and intercept.Types of Wireless Network:
Differences among Network Operators, MUNO's, WiFi, WiMAX, Microwave, Satellite, Femtocells and NFC Interfacing.Mobile Network Infrastructure:
Subsystems (cell sites, sector antennas, back hall, processors at towers, MSO special features (HLR, VLR, etc.) and PSTN Interconnect.Cellular Network Generations:
Infrastructure Difference Among GSM, GPSS, EDGE, HSPA, North American CDMA, W-CDMA and LTE (CSFB vs. IMS Based) and Difference in Data Service Support.Smartphones:
Functional Differences between 3G/4G Smartphones and 2G Phones, SMS messaging vs. iPhone text messages regarding intercept and 3G vs. LTE data services capabilities.Cell Phone CDR's:
What records do cellular operators obtain when the phone is on, what's in a CDR when phone call is initiated and other forensic data of value to LEA's.Cell Phone Tracking Options:
Cellular Operator Tracking Services available to LEA's, Target Pinging, Location technologies (GPS is National Based vs. RF Spectrum Mapping, GSM Surveillance, A-GSM intercept, WiFi Tracking, IMSI/IMEI Catchers, Spyware and more.Smartphone Services to Avoid Tracking:
WHATSAPP, TIGER Text, WICKR, VIBER, GroupMe and more.ISS Intercept Product Options:
Electronics Surveillance (audio, video and GPS), Location Based Mediation Products, Smartphone IT Intrusion and Cellular CDR data mining, Geocoded Photo Metadata, EXIF tags, Special Smartphone Services for Geolocation (Creepy, Instragram, Foursquare, VIBE and more).11:30-12:30
Understanding the Internet, Interception and Related ISS Products
What Investigators Have To Know about IP call Identifying Information, Investigations Involving E-Mail, Facebook, Twitter, Skype, Instant Messaging, Chat Rooms and what can be done to address Internet intercept deploying ISS infrastructure and where are ISS products deployed for monitoring and intercept.IP Basics:
Why Understanding IP Layering Model, TCP/IP and UDP is important for LEA's and the IC Community, IP addresses (IPv4 vs. IPv6), static vs. dynamic addresses and more.Internet Players:
The managers (ICANN, IANS and IETF), NSPs vs. ISPs vs. CDNs, How the Internet Players exchange IP Traffic, Private vs. Public peering and IXPs.ISP Infrastructure:
RAS, RADIUS, DHCP and DNS and why these servers are important to understand.VoIP Options:
Types of VoIP Services, PSTN interconnect, Gateway Based (Vonage), P2P (Skype & VIBER), Softswitches, SIP and IMS.E-mail Services:
Client Based E-mail vs. Webmail. What's different about E-mail, SMS, WEB 2.0, HTTPS, HTTPS 2.0, Smartphone messaging and Social Network messages.Social Network Metadata:
From Tweets, Facebook, E-mail and Smartphones.Deep Packet Inspection:
What's DPI, Where do telecoms deploy DPI and Where does the Intelligence Community request DPI intercept.Defeating Encryption:
Encryption options, Public Key Encryption, TOR, Third Party Services Available (Wickr), Encryption Products and how to defeat encryption (Spyware, Remotely Loaded Programs, IT Intrusion and Man-In-The-Middle Attacks)ISS Products for Intelligence Gathering:
OSINT, Big Data Analytics, Speaker Recognition, Facial Recognition, IP Mediation Devices and Monitoring Centers.
Seminar #4
13:30-14:30Understanding TOR, Dark Web and CryptoCurrency for Law Enforcement
Presented by Matthew Lucas (Ph.D, Computer Science) and Vice President, TeleStrategies
Your department unlikely has the wherewithal to take down Silk Road 2.0 and many other Dark Web sites as the FBI, DHS and participating European law enforcement did one day in early November, 2014. But you need to know how criminals use TOR, Dark Webs and CryptoCurrency to sell almost everything that's stolen or retailed illegally.
This webinar is for law enforcement, other government agents and private enterprise investigators. Specifically you will learn about TOR and anonymous web surfing, Dark Web hosting and use of CryptoCurrency. Plus some insight on the future of TOR.
TOR – as used for private/anonymous web surfing
- what is it, what's its purpose
- who runs it, where it came from, who maintains it
- how it is configured w/i browsers for private internet surfing, illustrated
- basics of how TOR works, comparison to traditional web browsing
- TOR encryption methods
- usage and uptake
TOR – as used for anonymous service hosting (Dark Web)
- What are .onion services, contrast to traditional service platforms
- How are .onion services searched, indexed and discovered
- Examples of .onion services – both legitimate and criminal
TOR and cryptocurrency
- What are cryptocurrencies, where did they come from, who manages them
- Using cryptocurrency
- TOR/cryptocurrency synergies
- .onion/cryptocurrency uses and examples
The Future of TOR
- Approaches/limitations/possibilities
- Case studies and current research on defeating TOR
Seminar #5
14:45-15:45
Understanding Browser and Device "Fingerprinting" to Identify Criminals and Terrorists
Presented by: Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies
Every communications device has a set of digital characteristics (a so-called "fingerprint") that can be used by law enforcement to identify, track and isolate that device on a given network. This session will look at the possibilities of device fingerprinting, including: MAC/physical properties, IP network configuration, operating system profiles and application-level information such as java environment variables, cookies and application-resident data. Where possible, each will be illustrated with case studies and examples to show how law enforcement can leverage the device characteristics to identity criminal behavior, track suspects and collect evidence.
Seminar #6
16:00-17:00Understanding Encryption Technologies, Services Used by Criminals and Covert IT Intrusion Techniques
Presented by: Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies
The Internet is migrating from an open platform of interconnected devices, to a world of highly encrypted, tightly integrated systems. This webinar will look at the technologies that application developers, social-media companies and enterprises are adopting that effectively lockout law enforcement and intelligence analysts from intercepting and decoding content. The presenter will look at in detail the encryption protocols, techniques and standards that the Internet community is adopting, and consider the implications to traditional intercept and content decoding systems - including application fingerprinting, exploitation approaches and practical considerations for law enforcement.
1. Encryption Basics
- Shared vs. Public Key Encryption
- Certified Authorities
- Significants of Key Size
- GSM Encryption (A5.1, A5.2 to A5.3)
2. Basic eCommerce Encryption Options
- Encryption used in Financial Transactions
- Role of Web 2.0, HTTPS and SSL/TLS
- Telecom Operator Encryption Service Options
3. Special Encryptions and Anonymous Communications Services Frequently used by Criminals
- Commercial Offerings
- TOR
- Proxy Servers and VPN Services
- P2P Option
4. Defeating Encryption and Covert IT Intrusion Techniques
- How Does Spyware and IT Intrusion Work
- Cooperation with Certificate Authorities
- Defeating GSM Encryption
- Man-in-the-Middle Attack Techniques
- Device Fingerprinting
5. HTTP 2.0 and Future Encryption Developments
- What's Driving the Development of HTTP 2.0? (e.g. Prisim-Proffing the Internet)
- Why will it be a challenge to LEA/IC's (multiple elements per connections, HTTP header compression and mandatory enryption)
- Other Dark Email Project Underway