| |
Enterprise Lab |
Forensics Lab |
General Lab I |
General Lab II |
General Lab III |
Fundamentals Lab |
eDiscovery |
Lecture |
|
3:00pm -
4:30pm |
Detecting Malicious Code: The Next Generation of Physical Memory Analysis - Rich Cummings, Jim Butterworth |
EnCE® Workshop - Kirk Hunter |
Adding VMware to Your Computer Forensics Toolbox - TBD |
How to Forensically Acquire Data Using Software and Hardware Write-block Solutions - Manfred Hatzesberger |
|
Basic Investigator Skills: How to Not Spend Your Life Sorting Through Search Hits - Matt McFadden |
|
The Etiquette of Being Deposed - Andy Spruill |
4:45pm - 6:00pm |
Lose the GeekSpeak: Creating Client Friendly Forensic Reports - Jerry Hatchett |
Cell Phone Forensics - Manfred Hatzesberger |
Search Engine and Indexing - Dominik Weber |
|
Forensic Investigation 101: Where to Start Looking - Chris Hapsas |
|
Corporate Investigations in the 21st Century - James Doyle |
|
7:30am - 8:50am |
Email Investigations - Art Montes |
How to Create and Perform Effective Keyword Searches (Advanced Searching) - Brent Botta |
Foreign Language Challenges - Dominik Weber |
"Policing the Internet" Making Online Investigations an Everyday Law Enforcement Task - Todd Shipley and Bill Siebert |
|
What is Forensics, Beyond the Hype: What the Case Law Says - Christopher Kelly |
|
The Next Generation of Incident Response: Convergence of the Forensic Analyst and Incident Responder - Jim Butterworth |
9:00am - 10:00am |
KEYNOTE - JIM LOVELL, COMMANDER OF THE APOLLO 13 MISSION |
10:00am - 10:30am |
EXHIBIT HALL REFRESHMENT BREAK |
10:30am - 11:30am |
Covert Remote Examinations - Walker Johnson |
Using EnCase Field Intelligence Model (FIM) for Probationer/Parolee Supervision - Larry Sewell |
Cyberchild Exploitation - Part I: Investigations in the Workplace IT Focus - Robert Monsour Lecture |
|
|
Digital Forensic Triage - Raphael Bousquet |
|
Unpublished NTFS Forensic Artifacts - Dominik Weber |
11:45am - 12:45pm |
Unleashing the Power of EnScript Programming - Howard Williamson |
EnCE® Workshop - Kirk Hunter |
Cyberchild Exploitation - Part II: Computer Forensics and Child Rescue, Law Enforcement Focus - Matt McFadden |
Outsourcing Your Case: Real World Handling - David Shin |
|
The Difference Between Static and Volatile Data: What's Their Investigative Value - TBD |
|
What's Lurking in Your Enterprise - Chet Hosmer |
12:45pm - 2:00pm |
LUNCH BREAK |
| Technology Forum-EnCase |
2:00pm - 3:30pm |
IR Response Techniques - Yogesh Khatri |
Mastering Conditions Enterprise Forensics - Jon Stewart |
Network Forensics Techniques: How it Differs from Host Level Forensics - MJ Staggs |
|
|
Introduction to Common File Systems and their Structure - Larry Sewell |
|
Forensic and Digital Investigations in EMEA - Dr. Professor John Walker |
3:30pm - 4:00pm |
EXHIBIT HALL REFRESHMENT BREAK |
4:00pm - 5:30pm |
Pre-Incident Response Planning - Lance Mueller |
Reverse Engineering Malware - Yogesh Khatri |
Imaging Macs Without Macs - Nicole Donnelly |
File Identification and Recovery using Block-Based Hash Analysis - Simon Key |
|
|
|
|
|
7:00am - 8:30am |
Data Audit and Policy Enforcement - Gus Quiroga |
Learning to Love the Records Pane - Jon Stewart |
What to Do When All Hope is Gone: Acquiring Data Off a Dead Drive - John Weichman and Eddie Weichman |
|
File Identification and Recovery using Block-Based Hash Analysis - Simon Key |
How to Forensically Acquire Data Using Software and hardware Write: Block Solutions - Chris Hapsas |
|
Case Studies of Botnet Infection, Propagation and Control - MJ Staggs |
8:45am - 10:00am |
EDS/Encryption - Dominik Weber |
Timeline Analysis - Kirk Hunter |
Triage for Analysis of Intellectual Property - Bruce Pixley |
Anti (Computer) Forensics: Is There Such A Thing? - Scott Mann |
How to Create and Perform Effective Keyword Search (Advanced Searching) - Brent Botta
|
Information Gathering and Data Correlation - Chris Pavan & Nick Ringold
|
|
Creating Total Visibility By Linking Network and Host Forensics - Edward Schwartz |
10:00am - 10:30am |
EXHIBIT HALL REFRESHMENT BREAK |
10:30am - 11:30am |
Conducting Enterprise Investigations - Scott Steiner |
Essential Macintosh Forensics - David York |
Automating Event Log Forensics - Dr. Rich Murphey |
How to Spot Packet Forgeries and Spoofing - MJ Staggs |
|
Email Lab: What you Can Do With Gmail - Art Montes |
|
Teaching Computer Forensics - Andy Spruill |
11:45am - 12:45pm |
EnScript Series: Advanced EnScript Part I: Using Projects and the DeBugger - Shawn McCreight |
Advanced Tips and Tricks of Forensics - Chris Pavan & Nick Ringold |
Identifying and Overcoming Advanced Data-hiding Techniques - TBD |
Vista® Deep Dive I: First Looks: Basic Investigations of Windows® Vista - Dave Arnett |
|
What Every Investigator Needs to Know About Creating a Forensic Report - Dan Purcell |
|
Mystery Slot: Never Before Released Material - Dominik Weber |
12:45pm - 2:00pm |
LUNCH |
| Technology Forum-EnScript or EE |
2:00pm - 3:30pm |
Introduction to AIRS - Gus Quiroga |
Advanced RAID Acquisitions and Analysis - Howard Williamson |
Technical Profiling for Law Enforcement and Intelligence - Christopher Jones |
Vista Deep Dive II: Bitlocker-Details and Forensic Considerations of Full Volume Encryption in Vista - Lance Mueller |
The Process of Peer Review - Chris Pavan & Nick Ringold |
|
|
eCrime and Steganography - Chet Hosmer |
3:30pm - 4:00pm |
EXHIBIT HALL REFRESHMENT BREAK |
4:00pm - 5:30pm |
EnScript Series: Advanced EnScript Part II: Creating
Plug-ins - Shawn McCreight |
|
User Traffic Analysis: How to Look at a Live Environment - Jim Butterworth |
Vista Deep Dive III: File and Registry Virtualization: A Look at how Vista's use of Virtualization may Impact your Investigation - John Marsh |
|
Academic Roundtable - Andy Spruill Moderator |
|
|
|
9:00am - 10:30am |
Information Assurance - Gus Quiroga |
Examining the Windows Registry - Dan Purcell |
iPhone® Forensics, New Handheld Devices, New Issues - Amber Schroader |
|
|
Basic RAID Acquisition and Analysis - Simon Key |
|
|
10:30am - 11:00am |
EXHIBIT HALL REFRESHMENT BREAK |
11:00am - 12:30pm |
EnScript Series: Advanced EnScript Part III: Creating Packages and Licenses - Shawn McCreight |
Super Basic Stuff: What You Can Do With EnScript - James Habben |
|
"Live" Malware Analysis for the Incident Responder and Corporate Information Security Professional - Rich Cummings |
|
|
|
The Future of EnCase Software - Gary Ulaner |