|
|
|
Track 5A is open to all conference attendees |
|
|
Tuesday, May 29, 2007 |
|
9:00-5:00 p.m. Understanding Telecommunications Technologies for Law Enforcement Agents, Intelligence Analysts and Non-Telecom Engineers Presented by: Dr. Jerry Lucas, President, TeleStrategies (PhD, Physics) Dr. Matthew Lucas, VP, TeleStrategies (PhD, Computer Science) This one day, pre-conference training seminar provides a technology primer for Law Enforcement Agents, Intelligence Analysts, Vendors and Non-engineers, who need to understand the basics of today’s telecommunications networks and services provided in order to support lawful interception and counterterrorism programs. Telecom Infrastructure and Lawful Interception * PSTN Basics: What’s do LEAs need to know about the public switched telecommunications network, circuit switching, digital transmission, fiber transport , access ( analog, E-1, DSL, etc), signaling ( DTMF, ISDN, SS7, ect), billing systems and call detail records. * Intercept LI Architectures: ETSI standards overview for lawful intercept, basic LI elements (access, delivery and collection function), call information and call content data collection, SS7 probes and relevant telecom network elements. VoIP Infrastructure and Lawful Interception * VoIP Basics: Circuit switching versus VoIP, softswitches, gateways, VoIP over broadband and interconnection with the PSTN. * VoIP Intercept: Options for intercept: routers, session borders controllers, layer 2 intercept, intelligent probes, LEA to telecom operator provisioning, mediation setup/teardown, signaling and IP content collection. P2P Infrastructure and Lawful Interception/Blocking * P2P Basics: what’s peer to peer( P2P) networking, hybrid P2P ( e.g. Napster) vs. true P2P ( e.g. Gnutella and BiTorrent), legitimate P2P networks, what’s Skype, how it works and how to block it. * Deep Packet Inspection: what is it and why is it needed, how does real time surveillance work, isolating traffic streams points of DPI deployment and more. Mobile Wireless Infrastructure and Interception * Overview: Infrastructure basics (GSM, GPRS, EDGE, UMTS, HSPDA and CDMA), smart terminals, HLR, VLR and IMS. * Wireless Intercept : intercept at the switch, cell site or tactical monitoring, location based technologies to track targets, what call usage data is available, call detail records, SIM vs. phone memory, cell site analysis to established targets travel path and more.
Understanding Cybersecurity for LEAs, Telecom Operators and ISPs This 1 Day training seminar is for law enforcement agents, service providers and enterprise security managers who have to understand the Internet and Cybersecurity. Presented by: Detective Sergeant Andrew W. Donofrio and Invited Faculty Bergen County Prosecutors Office, New Jersey Criminal Investigation Division- Computer Crimes Unit 10:30am – 12:00pm Introduction Botnets Botnet is a term to refer to a collection of software robots, or bots, which run autonomously. Botnets are typically used for nefarious purposes and threaten an Internet Service Provider’s customer base and the Internet Community as a whole. This session will examine the technology behind botnets, the criminal usage, and methods of deployment 1:00pm – 2:00pm Detecting Botnets and DDoS Attacks and Responding This session will examine botnet behavior and discuss ways to identify botnets. Other Denial of Service Attacks will also be discussed. Responding to the threat of botnets and denial of service attacks will be examined 2:30pm - 3:30pm Introduction to Malware and Analysis The problems examined in Sessions one and two are often predicated on a proliferation of malicious software (maleware) such as viruses, Trojans, spyware, etc. This session will provided an overview of maleware characteristics and methods for reverse engineering it. |
|
Track 5 B: LEA and Intelligence Analysts Training |
|
To attend LEA Training Track 5B, you must be a sworn US or International Law Enforcement Officer, Intelligence Analyst, Homeland Security, Justice, Interior or other Government Employee with counterterrorism or criminal investigation responsibilities. Government Picture ID required for entry to Track 5B Training Classrooms Certificates of training completion will be available upon request. |
|
Understanding Internet Intercept Tuesday, May 29, 2007 9:00-5:00 p.m. Presented by Detective Sergeant Andrew W. Donofrio and Invited Faculty Bergen County Prosecutors Office, New Jersey Criminal Investigation Division- Computer Crimes Unit This one day training seminar is for law enforcement agents who have to understand the Internet, how to lawfully collect and analyze data and how to interface with Internet Service Providers (ISP) of the target. Introduction to Computer Forensic and the Forensic Modality This session will outline the ways in which computer data is arranged on storage media such as a hard drive, and the evidence that may exist within the data. It will cover the methods for preserving and acquiring data as well as a broad overview of forensic analysis of computer storage devices and other electronic media. File System Analysis Concepts – Data Remnants and Recovery This session will delve into the areas of the storage media that contain evidentiary data. It will explain deleted data, slack space data, and unallocated space. A brief overview of Operating System evidence, such as the windows registry, will also be covered. Live Computer Incident Response: Collecting Live Evidence In today’s computer world, investigators are continually faced with responding to and dealing with running (live) computer evidence. While sessions one and two deal with the forensic analysis of storage media, this session deals with live computer evidence; evidence that exists in RAM and other places which will be lost upon the discontinuation of power The actions that are taken during this initial response can either preserve or eradicate data. This session will outline the proper steps for responding to the live computer incident and for preserving volatile data. Real world tools will be demonstrated. This is particularly important in the Windows Vista world and where other Encryption algorithms may be used. Data Taps – Technology Overview for Tapping Data Connections The ability to intercept and monitor communications has spilled almost entirely into the world of data. This session will focus on those situations where monitoring computer network traffic is applicable. Additionally, it will discuss methods and technologies for monitoring. Tuesday and Wednesday, May 29-May 30, 2007 Enhancing Investigations with Telephonic Information 9:00-5:00 p.m. Presented by Robert Lottero, President, NTI Law Enforcement Services This two day training seminar is for Law Enforcement Agents and Intelligence Analysts Day 1, Tuesday, May 29, 2007 9:00-5:00 p.m. Understanding Telco Infrastructure How Telephone Information can Enhance your Investigation Telco Infrastructure: How Telephone Systems work… Landline, Cell, VoIP, PBX, CENTREX, Tolll-Free, 900, Satellite, ect Tracing Threat, Harassment, 911, etc. calls Little know Technologies to ID Callers Exploiting Prepaid Telephone Calling Cards Using these strategies, you'll never lose a call Exploitation of Throw-away Cell Phones ID Subscribers, get the CDRs, Monitor Audio Day 2, Wednesday, May 30, 2007 10:30-3:30 p.m. Enhancing Investigations with Telephonic Information (continued) Sting & Special Operations Setting up "hello" phones & toll-free numbers to support your case, conning the bad guys with a answering machine, putting prepaid cards & cell answering machine, putting prepaid cards & cell phones in the bad guys' hands all set to monitor Subpoenas & Subpoena management and how to exploit subscriber and CDR info to support your investigations Subscriber subpoena verbiage, investigative use of subscriber records. CDR subpoena verbiage, managing subpoenas, special subpoenas Court Orders Using subpoena subscriber & Toll Analysis to establish PC for a Court Order and writing the demand part of a court order Countering Criminal Tricks to hide Calls Dial 0, Info connect, ppd cards & phones, collect, voice dial, pass-through, SIM swap, & more Case Studies How would you approach the telephonic aspect of these cases? An in-depth application of the concepts covered in the past two days. 4:00-5:00 p.m.
Intelligence
Modules & Behavior Profiling Mr. Manfred Bendisch, Nokia Siemens Networks LEA Training Track 5B ( Continued) Thursday, May 31, 2007 8:30-9:00 a.m. Real-Time Steganography Detection James E. Wingate, Vice President ,Director Steganography, Backbone Security 9:00-9:30 a.m. Cyber Fraud New Tactics Richard Howard, Director, iDefense Security Intelligence, VeriSign Ralph Thomas, Manager, Security Intelligence Malcode Operations, iDefense Research,VeriSign 10:30-11:30 p.m. Using Cell Site Data as evidence or Intelligence in Major Crime Investigation This presentation will provide three case examples including London Terrorism Offences, Murder Investigation and Domestic Extremism Groups. Shaun Hipgrave, Director, Forensic Telecommunication Services 1:00-2:00 p.m. Open Source Network Forensics Many law enforcement agencies, particularly at the state and local level, do not have the budget to purchase expensive network forensics suites from large vendors. For these groups, open source solutions offer a powerful and free means to collect and analyze the same sorts of network traffic available to commercial products. In this presentation, consultant, author, and trainer Richard Bejtlich of TaoSecurity describes how his favorite open source network forensic tools and techniques can successfully detect and investigate unauthorized activity. Richard Bejtlich, TaoSecurity 4:00-5:00 p.m. Location Based Services for Public Safety, National Security & Commercial Location Based Services This presentation will address a state-of-the-art mobile location solution that can provide optimum support for all location-enhanced applications. Each location-sensitive service or application presents its own challenges in terms of required location accuracy, latency, reliability, cost tolerance, and other parameters. Malik Ishak, Director, Business Development, Middle East & Africa, Andrew Network Solutions Stuart Katz, Director of Product Line Management for U-TDOA, Andrew Network Solutions Friday, June 1, 2007 8:30-9:30 a.m. Pine Digital Security In this interactive workshop Pine Digital Security will introduce the audience in the mindset of a hacker, targeting the telco's lawful interception system. Mark Lastdrager, CEO, Pine Security 10:00-11:00 a.m. Basic Tools used by Forensic Investigators This presentation will run through a list of forensic tools as well as tools that while not forensic by design can be very helpful to the forensic examiner. Greg Kelley, Vestige Digital Investigations 11:30-12:30 a.m. Introduction to Key Cyber-Terrorism Concepts-items LEA Staff Should Always Keep in Mind It is useful to reassess LEAs understanding of basic concepts relating to the fight against such threats: what constitutes Cyber-terrorism, how do attacks take place, against whom. What are governments doing at local and international levels to protect Critical Infrastructure for its citizens? Mathieu Gorge, Managing Director, VigiTrust |
|
|
