|
|
|
Conference Track 5 |
|
|
|
Note to attend the LEA Training Program, you must be a sworn Law Enforcement, Defense or Intelligence Agent and must register by November 27, 2006 in order to verify eligibility. |
|
|
|
Monday, December 4, 2006 |
|
Session A: Understanding Internet Intercept for LEAs |
| 10:15-10:45 a.m. Introduction to File System Analysis and Forensic Modality This session will outline the ways in which computer data is arranged on storage media such as a hard drive, and several others. It will cover the methods for preserving and acquiring data as well as a broad overview for analysis. 10:45-11:45 a.m. File System Analysis Concepts – Data Remnants and Recovery This session will delve into the areas of the storage media that contain evidentiary data. It will explain deleted data, slack space data, and unallocated space. A brief overview of Operating System evidence, such as the windows registry, will also be covered. 12:00-1:00 p.m. LUNCH 1:00- 2:00 P.m. FAT File System Analysis One of the oldest and still widely used file systems, the File Allocation Table file system will be explored. This section builds on the previous sessions and is more than just an introduction into the way data is stored with this type of file system. Attendees will learn the layout of data in the FAT system and the implications this has on analysis. 2:20-5:00 p.m. NTFS File System Analysis The New Technology File System (NTFS) has become the standard file system type in most contemporary Windows Installations. The methods by which data is stored in an NTFS file system differ greatly from the FAT file system and methods of analysis differ as well. Attendees will learn the layout of data in the NTFS system and the implications this has on analysis. |
|
Tuesday, December 5, 2006 8:30-4:00 p.m. |
|
|
|
8:30-9:00 a.m. Introduction to Networking and Internet Communications This session will introduce the basics of networking and TCP/IP communication. It will cover how originating network/Internet Traffic can be traced and identified. E-mail headers will also be explained. Tools for tracing IP addresses will be demonstrated 9:00-9:30 a.m. Evidence in Networking and Internet Communications This session will be a continuation of Session 1. 10:00-11:30 a.m. Live Computer Incident Response: Collecting Live Evidence In today’s computer world, investigators are continually faced with responding to and dealing with running (live) computer evidence. The actions that are taking during this initial response can either preserve or eradicate data. This session and session 4 will outline the proper steps for responding to the live computer incident and for preserving volatile data. Real world tools will be demonstrated. 11:30-1:00 p.m. Live Computer Incident Response – Continuation of Session 3 This session will be a continuation of Session 3 11:30-1:00 p.m. Lunch 1:30-4:00 p.m. Data Taps – Technology Overview for Tapping Data Connections The ability to intercept and monitor communications has spilled almost entirely into the world of data. This session will focus on those situations where monitoring computer network traffic is applicable. Additionally, it will discuss methods and technologies for monitoring. |
|
|
|
Tuesday, December 5, 2006 |
|
Session B: Enhancing Investigations with Telephonic Information |
|
|
|
8:30-9:30 a.m. Understanding Telco Infrastructure How Telephone Information can Enhance your Investigation Telco Infrastructure: How Telephone Systems work… Landline, Cell, VoIP, PBX, CENTREX, Tolll-Free, 900, Satellite, ect 10:00-11:30 a.m. Tracing Threat, Harassment, 911, etc. calls Little know Technologies to ID Callers 11:30-1:00 p.m. Lunch 1:00-3:30 p.m. Exploiting Prepaid Telephone Calling Cards. Using these strategies, you'll never lose a call 4:00-5:00 p.m. Exploitation of Throw-away Cell Phones. ID Subscribers, get the CDRs, Monitor Audio |
|
|
|
Wednesday, December 6, 2006 |
|
Enhancing Investigations with Telephonic Information (continued) |
|
|
|
8:30-9:30 a.m. Sting & Special Operations Setting up "hello" phones & toll-free numbers to support your case, conning the bad guys with a answering machine, putting prepaid cards & cell answering machine, putting prepaid cards & cell phones in the bad guys' hands all set to monitor 10:00-11:00 a.m. Subpoenas & Subpoena management and how to exploit subscriber and CDR info to support your investigations Subscriber subpoena verbiage, investigative use of subscriber records. CDR subpoena verbiage, managing subpoenas, special subpoenas 11:30-12:30 p.m. Court Orders Using subpoena subscriber & Toll Analysis to establish PC for a Court Order and writing the demand part of a court order 12:30-1:30 p.m. Lunch 1:30-4:00 p.m. Countering Criminal Tricks to hide Calls Dial 0, Info connect, ppd cards & phones, collect, voice dial, pass-through, SIM swap, & more 4:00-5:00 p.m. Case Studies. How would you approach the telephonic aspect of these cases? An in-depth application of the concepts covered in the past two days. |
|
|