Accelerating digital forensics and incident response presentation at HTCIA International Conference

Dr Schatz’ will present a seminar on accelerating forensic and incident response workflow at the HTCIA International Conference, Summerlin, Nevada, this August. An abridged version of this presentation, titled “Accelerating your forensic & incident response workflow: the case for a new standard in forensic imaging” was recently presented at the AusCERT 2016 Conference, Gold Coast, Australia.

 


Presentation on accelerating digital forensics and incident response at AusCERT2016

On 26th May 2016 Dr Schatz will present on accelerating forensic and IR workflow at the AusCERT 2016 conference, in the Gold Coast, Queensland, Australia. The seminar, titled “Accelerating your forensic & incident response workflow: the case for a new standard in forensic imaging” will address the following:

Today’s forensic processes are mired by practices carried over from a pre-networked world; with inexpensive and exotic storage, mobile devices, and cloud computing compounding the delays between incident notification and meaningful analysis. Practitioners and responders are faced with the unsatisfactory choice of either forensically preserving only a limited amount of evidence while accepting the risk of missing relevant information (triage), or delaying analysis while waiting for full forensic preservation. This seminar will examine the role of existing forensic imaging formats in creating such an environment, and examine how an improved forensic image format (the AFF4 forensic container format) enables practitioners to perform forensic analysis without the delays imposed by current approaches. Finally, the seminar will provide practical advice on adopting such a new approach, defending questions around forensic soundness, and optimising forensic workflow both in the field and in the lab.

UPDATE: The slides for this presentation are available.


Upcoming presentation on mobile phone forensics at PFIC2014

Dr Schatz will be presenting a seminar on the current state of the art in extraction of evidence from smartphones, at the Paraben Forensic Innovation Conference, Nov 12-14 2014, in Utah, USA. The seminar, titled Smartphone Physical: The Current State of Play” covers the following:

This seminar will examine the current state of play in regard to the lowest level of acquisition and analysis of Android and iOS smart phones. Focusing on the theory of operation underlying open source and commercial tools, rather than the tools themselves, attendees of this this seminar will gain an understanding of the techniques currently employed for acquisition and analysis, and the corresponding limitations and opportunities in forensic practice.

 

 


Presentation on Ransomware Incident Response at AusCERT2014

On 13 May 2014, Dr Schatz was was honoured to present at the AusCERT2014 Online Crime Symposium at the Gold Coast, Australia. In this seminar he addressed the challenges of responding to incidents involving Ransomware, from the perspective of a private sector incident responder.

We’d like to thank the AusCERT program committee for inviting us to this forum and allowing us to share our perspectives.

The AusCERT Cybercrime Symposium is a closed, invitation only event, targeted at Government, law enforcement and private sector personnel involved in the development of policies or strategies for e-security or e-government, or who have responsibility for investigations either within their own organisations or for the broader community.


Android mobile phone forensics training at SYSCAN 2014

Over the period 31 March – 2 April 2014, Dr Schatz delivered a three day training course titled “Android Forensic Analysis in Depth” along side the Symposium on Security for Asia Network (SyScan) conference in Singapore.

The training covered forensic acquisition and analysis of Android based mobile phones and tablet devices. In this course the participants worked their way through the various methods of gaining access to data in phones, including logical via file and forensic acquisition applications, and physical, via rooting and JTAG. Students then moved on to learning a range of techniques for interpreting the content of such acquisition, addressing issues such as locked phones, and encryption. The culmination of the course was a half day practical session solving a mock-case.