Monday, October 6, 2014

2014 Pre-Conference Training Seminars

Seminar #1
8:30-4:30 p.m.
　
Online Social Media and Internet Investigations

Presented by Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA

8:30-9:30 a.m.: Session 1 of 6
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analsyis
This session is for criminal investigators and intelligence analysts who need to understand the impact of online social networking on how criminals communicate, train, interact with victims, and facilitate their criminality.

9:45-10:45 a.m.: Session 2 of 6
OSINT and Criminal Investigations
Now that the Internet is dominated by Online Social Media, OSINT is a critical component of criminal investigations. This session will demonstrate, through case studies, how OSINT can and should be integrated into traditional criminal investigations.
　
11:00-12:00 p.m.: Session 3 of 6
Metadata Exploitation in Criminal Investigations
This session is for investigators who need to understand social network communities along with the tools, tricks, and techniques to prevent, track, and solve crimes.

1:00-2:00 p.m.: Session 4 of 6
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
Current and future undercover officers must now face a world in which facial recognition and Internet caching make it possible to locate an online image posted years or decades before. There are risks posed for undercover associated with online social media and online social networking Investigations. This session presents guidelines for dealing with these risks.

2:15-3:15 p.m.: Session 5 of 6
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition
While there are over 300 social networking sites on the Internet, Facebook is by far the most populous, with over 800 million profiles. It has roughly the same population as the US and UK combined, making it the third largest country by population. There are over 250 million images and 170 million status updates loaded on Facebook every day. This session will cover topics including Facebook security and account settings, Facebook data retention and interaction with law enforcement, and common fraud schemes involving Facebook.

3:30-4:30 p.m.: Session 6 of 6
What Investigators Need to Know about Emerging Technologies Used to Hide on the Internet
Criminal investigators and analysts need to understand how people conceal their identity on the Internet. Technology may be neutral, but the ability to hide ones identity and location on the Internet can be both a challenge and an opportunity. Various methods of hiding ones identity and location while engaged in activates on the Internet, provides an opportunity for investigators to engage in covert online research while also providing a means for criminals to engage in surreptitious communication in furtherance of nefarious activities. As technologies, such as digital device fingerprinting, emerge as ways to attribute identity this becomes a topic about which every investigator and analyst may become familiar.

Seminar #2
8:30-4:30 p.m.

Understanding ISS Technologies and Products Deployed in Telecommunications Networks and Monitoring Centers for Law Enforcement and Intelligence Analysts

Presented by: Dr. Jerry Lucas, President, TeleStrategies

This one day pre-conference seminar covers the spectrum of ISS Technologies and Products deployed in today's fixed wire, mobile wireless and Internet Service Provider networks and LEA Monitoring and Intelligence Gathering Centers. This all day seminar is ideal for those law enforcement, public safety and intelligence analysts who need an understanding of the ISS technologies to be discussed in the conference sessions and the ISS products displayed at the exhibit hall as well as an understanding of the buzz words and jargon used by telecom operator engineers and their vendors.

08:30-10:45 a.m.
Introduction to Telecom Infrastructure, Interception and Related ISS Products
What do LEAs need to know about telecommunications networks infrastructure, basic LI elements (access, delivery and collection function), LEA Monitoring Center Functions and where are ISS products deployed for monitoring and intercept.

11:00-2:00 p.m.
Understanding Mobile Wireless Infrastructure, Interception and Related ISS Products
Infrastructure basics, back office infrastructure, IM, data and where are ISS products deployed for monitoring and intercept.

2:15-4:30 p.m.
Understanding the Internet, Interception and Related ISS Products

What Investigators Have To Know about IP call Identifying Information, Investigations Involving E-Mail, Facebook, Twitter, Skype, Instant Messaging, Chat Rooms and what can be done to address Internet intercept deploying ISS infrastructure and where are ISS products deployed for monitoring and intercept.

Seminar #3
8:30-4:30 p.m.

Practitioners Guide to Internet Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1 day seminar is to take the attendees from the basics of understanding the internet, how to find data, through to a full understanding of best practice of an internet investigator, having awareness and knowledge of all the tools available to achieve this.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methods will be given throughout the seminar.

8:30-9:30 a.m.
The World Wide Web and the Internet

9:45-10:45 a.m.
Recognizing Traffic Data

11:00-12:00 p.m.
WiFi and Mobile Data

1:00-2:00 p.m.

Emerging Technologies, Masking Tech and Tools

2:15-3:15 p.m.

Advanced Techniques in Tracing Suspects

3:30-4:30 p.m.
Open Source Intelligence Training (OSINT)

Seminar #4
1:00-2:00 p.m.

The Dark Side of the Internet - TOR & Bitcoins

Presented by Ross Bowerman, Detective Sergeant, UK Police

Seminar #5
2:15-4:30 p.m.

Smartphone Application Challenges Encountered and Opportunities Presented to Law Enforcement

Presented by Michael Williamson, Detective Inspector, Force Intelligence Bureau, Crime and Safer Communities, UK

A users overview of Smartphone applications, what they can do, implications, challenges and opportunities for law enforcement in obtaining results and coordinating our response to the overwhelming new apps appearing daily.

Seminar #6
9:45-10:45 a.m.

Understanding Browser and Device "Fingerprinting" to Identify Criminals and Terrorists

Presented by: Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies

Every communications device has a set of digital characteristics (a so-called "fingerprint") that can be used by law enforcement to identify, track and isolate that device on a given network. This session will look at the possibilities of device fingerprinting, including: MAC/physical properties, IP network configuration, operating system profiles and application-level information such as java environment variables, cookies and application-resident data. Where possible, each will be illustrated with case studies and examples to show how law enforcement can leverage the device characteristics to identity criminal behavior, track suspects and collect evidence.

Seminar #7
11:00-12:00 p.m.

Understanding Encryption Technologies, Services Used by Criminals and Covert IT Intrusion Techniques

Presented by: Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies

The Internet is migrating from an open platform of interconnected devices, to a world of highly encrypted, tightly integrated systems. This webinar will look at the technologies that application developers, social-media companies and enterprises are adopting that effectively lockout law enforcement and intelligence analysts from intercepting and decoding content. The presenter will look at in detail the encryption protocols, techniques and standards that the Internet community is adopting, and consider the implications to traditional intercept and content decoding systems - including application fingerprinting, exploitation approaches and practical considerations for law enforcement.

1. Encryption Basics

2. Basic eCommerce Encryption Options

3. Special Encryptions and Anonymous Communications Services Frequently used by Criminals

4. Defeating Encryption and Covert IT Intrusion Techniques

5. HTTP 2.0 and Future Encryption Developments

Seminar #8
8:30-10:45 a.m.

Beyond Google: What to Do When Google (Bing and Yahoo) Do Not Answer Your Questions in a Useful Way

Presented by Stephen Arnold, ArnoldIT

The purpose of this tutorial is to provide recommendations for specific online search tactics tailored to law enforcement and intelligence professionals. In this two hour session, Stephen E Arnold will walk through "how to's" for four specific cases/situations in which free open source online services can help handle the types of questions investigators and analysts often have in different languages.

Seminar #9
11:00-12:00 p.m.

Smart Systems Substance or Shadow, Blind Spots or Shadow. Blind Spots in Mainstream Intelligence Systems

Presented by Stephen Arnold, ArnoldIT

Despite the high profile of Big Data and surveillance in the
US, the systems used by intelligence and law enforcement
professionals have limitations.
This lecture will seek to answer these key questions for practitioners in intelligence:

• Are next generation systems delivering value to licensees?
• Are sophisticated systems hardened and reliable?
• What are the limitations within which these smart systems operate for the intelligence professional?

Seminar #10
1:00-3:15 p.m.

Visual Analytics: Discovering Real-World Patterns by Exploiting Meta Data Content

Presented by: Christopher Westphal, Raytheon Cyber Products

Seminar #11
3:30-4:30 p.m.

Big Data Analytics for Entity Based Representations: Detecting Networks, Connections, and Correlations

Presented by: Christopher Westphal, Raytheon Cyber Products

Seminar #12
1:00-2:00 p.m.

STIX/TAXII Introduction for Business Development and Cyber Security Professionals

Presented by: Aharon Chernin, Manager, Security Automation, Depository Trust and Clearing Corporation (DTCC)

Seminar #13
2:15-3:15 p.m.

Operationalizing STIX & TAXII, a message from the field

Presented by:Aharon Chernin, Manager, Security Automation, Depository Trust and Clearing Corporation (DTCC)　

(Full Pre-Conference Seminar Agenda Appears After Track 7)

Tuesday, October 7, 2014

Welcoming Remarks

8:15-8:30 a.m.

Tatiana Lucas, ISS World Program Director, TeleStrategies

ISS World Keynote Addresses

8:30-9:00 a.m.

Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World America has Solutions Dr. Jerry Lucas, President, TeleStrategies

ISS World Americas Exhibits

Tuesday, October 7, 2014
10:00 a.m. - 5:00 p.m.

Wednesday, October 8, 2014
9:30 a.m. - 12:30 p.m.

---

Track 1: ISS for Lawful Interception and Criminal Investigations

This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.

Tuesday, October 7, 2014

9:00-9:30 a.m.	Off The Grid: New Technologies That Are Going Dark And How To Address Them Marcus Thomas, EVP Operations and CTO, Subsentio and Former Assistant Director, Operational Technologies Division, FBI
9:30-10:00 a.m.	Industry Technical Standards Development Tony Rutkowski, Executive VP, Yaana Technologies
11:30-12:30 p.m. Session A	Current and Future Standardization Challenges: Encryption, Network Function Virtualization, Cloud Computing and More Alex Leadbeater, Chairman, SA3 LI and EU Data Retention Compliance Manager, BT
11:30-12:00 p.m. Session B	Today’s interception in an encrypted, social and clouded world. David Vincenzetti, CEO, Hacking Team
1:30-2:00 p.m. Session A	LI in Clouds Rudolf Winschuh, Utimaco TS GmbH
1:30-2:30 p.m. Session B	Panel: eWarrants and Mutual Legal Assistance Treaty (MLAT) New Initiatives: a new era? Tony Rutkowski, Yaana Technologies, panel chair Participants: representative from Steptoe & Johnson, the GNI MLAT initiative, DOJ (TBC), White House (TBC), and Facebook (TBC).
3:00-4:00 p.m.	Panel on Today’s and Future Lawful Interception Challenges From Law Enforcement Officer’s Perspectives Charles Cohen, Cohen Training and Consulting, LLC and Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
4:15-5:15 p.m.	Telecoms Metadata Retention Presented by BAE Systems

Wednesday, October 8, 2014

8:30-9:30 a.m. Session A	The USA Freedom Act: What is the Potential Impact on the Communications Industry Panel Moderator Joel M. Margolis, General Counsel and Executive Vice President, Subsentio Panelists Todd McDermott, Vice President, Verint Systems, Inc. Tam Hodgson, Retired Assistant Chief Investigator, Kern County, CA District Attorney's Office
10:30-11:30 a.m. Session A	Industry Technical Standards Developments that Significantly Impact Law Enforcement Tony Rutkowski, Executive VP, Yaana Technologies
10:30-11:00 a.m. Session B	Managing the Relationship between a Telco and a Law Enforcement agency in a Post Snowden world Ray Green, Director, Focus Data
12:15-1:15 p.m.	The Dark Side of the Internet - TOR & Bitcoins Ross Bowerman, Detective Sergeant, Scottish Police College, UK

---

Track 2: ISS for Mass Intercept, Big Data Analytics and Social Network Monitoring

This track is for Intelligence Analysts and Law Enforcement agents who have to "connect the dots" between people, places and other entities by searching through massive amounts of unstructured data from various sources using visual analytics, semantic technologies, data mining, OSINT and other intelligence gathering tools and techniques

Monday, October 6, 2014

8:30-4:30 p.m.	Online Social Media and Internet Investigations Presented by Charles Cohen, Cohen Training and Consulting, LLC Charles Cohen also holds the position of Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA
1:00-3:15 p.m.	Visual Analytics: Discovering Real-World Patterns by Exploiting Meta Data Content Christopher Westphal, Raytheon Cyber Products
3:30-4:30 p.m.	Big Data Analytics for Entity Based Representations: Detecting Networks, Connections, and Correlations Christopher Westphal, Raytheon Cyber Products

Tuesday, October 7, 2014

11:30-12:30 p.m.

How Big Data Analytics is Empowering the Pursuit – and Conviction – of Criminals Steven Tessler, Cyber Engineer, Raytheon Cyber Products

Wednesday, October 8, 2014

8:30-9:30 a.m.	Smartphone Application Challenges Encountered and Opportunities Presented to Law Enforcement Michael Williamson, Detective Inspector, Force Intelligence Bureau, Crime and Safer Communities, UK
11:00-11:30 a.m.	A Holistic Approach to Big Data Surveillance Analytics Mohan Sadashiva, Senior Vice President, Product Management, Narus
12:15-1:15 p.m.	Beyond Google: What to Do When Google (Bing and Yahoo) Do Not Answer Your Questions in a Useful Way Stephen Arnold, ArnoldIT

---

Track 3: Cyber Threat Detection and Information Sharing Training

This track addresses how to detect cyber threats in real-time and share threat information with private enterprises, government agencies as well as other telecom operators. This track is open to telecom operators, private enterprise person with security and investigation responsibilities, all government attendees and ISS vendors.

Tuesday, October 7, 2014

9:00-9:30 a.m.	Fighting Next-Generation Adversaries with Shared Threat Intelligence Jacob West, Chief Technology Officer, Enterprise Products, Hewlett-Packard
9:30-10:00 a.m.	Trend Micro Cyber Threat Detection Solutions Tom Kellermann, Chief Cybersecurity Officer, Trend Micro
11:30-12:30 p.m. Session A	Threat Detection from OSINT: put the web to work for you Dr. Christopher Ahlberg, Co-Founder and Chief Executive Officer, Recorded Future
11:30-12:30 p.m. Session B	Best Practices for Addressing Insider Threat’s Chris Inglis, former Deputy Director, NSA and Advisory Board Member, Securonix
1:30-2:30 p.m.	Beyond Buzzwords: Defining Threat Intelligence, and Why It Matters Eric Olson, Vice President of Product Strategy, Cyveillance
3:00-4:00 p.m.	Active Decomposition: Game Changing Threat Detection and Analysis Mario Vuksan, CEO, ReversingLabs

Wednesday, October 8, 2014

9:00-9:30 a.m. Session A	Unlocking the Value from the Overwhelming Volume of Threat Intelligence with Automation and Collaboration Sean Brady, VP Product Management, Vorstack
8:30-9:30 a.m. Session B	Security Assurance and Continuous Monitoring for NFV/SDN Tony Rutkowski, Executive VP, Yaana Technologies
10:30-11:30 a.m. Session A	Presentation on eSentire Asset Management Protection Mark Sangster, Vice President, Marketing, eSentire
10:30-11:30 a.m. Session B	Defeating the APT Threat with Effective Vulnerability Management Jonathan Trull, CISO, Qualys

Monday, October 6, 2014

1:00-2:00 p.m.	STIX/TAXII Introduction for Business Development and Cyber Security Professionals Aharon Chernin, Manager, Security Automation, Depository Trust and Clearing Corporation (DTCC)
2:15-3:15 p.m.	Operationalizing STIX & TAXII, a message from the field Aharon Chernin, Manager, Security Automation, Depository Trust and Clearing Corporation (DTCC)

---

Track 4: Encrypted Traffic Monitoring and IT Intrusion Product Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Monday, October 6, 2014

11:00-12:00 p.m.

Understanding Encryption Technologies, Services Used by Criminals and Covert IT Intrusion Techniques Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies

Tuesday, October 7, 2014

9:00-10:00 a.m.	Covert IT Operations with OSINT and Custom Tools - Real Scenarios Presented by FinFisher
11:30-12:30 p.m. Session B	Monitoring encrypted and secure communication - Extract actionable intelligence securely and efficiently to stay ahead of security threats. Presented by Talea
1:30-2:30 p.m.	Identifying criminal organizations on social networks by intruding communications devices. Marco Valleri - CTO, Alberto Ornaghi – Software Architect, Fabrizio Cornelli – Senior Software Developer, Hacking Team
3:00-4:00 p.m.	FinFisher™: Maximum Impact - The Evolution of IT Investigation Presented by FinFisher

Wednesday, October 8, 2014

8:30-9:30 a.m. Session A	Virtual Human Intelligence: be inside, stealth, future and technology proof Marco Braccioli, Senior Vice President and Emanuele Marcozzi, Presales Engineer, AREA
8:30-9:30 a.m. Session B	Augmenting traditional LI - Gain access targeted information within an encrypted digital environment Presented by Talea
10:30-11:30 a.m. Session A	Intruding communication devices: live demonstration of latest attack techniques. Marco Valleri - CTO, Alberto Ornaghi – Software Architect, Fabrizio Cornelli – Senior Software Developer, Hacking Team

---

Track 5: LEA, Defense and Intelligence Analyst Training and Product Demonstrations

This training is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Monday, October 6, 2014

8:30-4:30 p.m.

Practitioners Guide to Internet Investigations Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

Tuesday, October 7, 2014

9:00-10:00 a.m. Session A	Cyber Warfare Weapons for Mobile & Desktop devices, Internet backbone, Wireless networks and SSL Decryption. Security solutions for a Non-traceable mobile and Point-to-Point Uncrackable Encryption. Dr (hc) Ankur Srivastava, Founder, Aglaya
9:00-9:30 a.m. Session B	Analyzing Multiple Data Sources in One Application Faizel Lakhani, COO, SS8
9:30-10:00 a.m. Session B	Interception and Intelligence Gathering - Impact of Growing Bandwidth and New IP Applications Faizel Lakhani, COO, SS8
11:30-12:30 p.m.	The Big Deal with Big Data: Converging Metadata with Targeted Interceptions to expose new targets, criminal networks, patterns of behavior, and high probability terror threats Julian Fellows, Executive Business Manager, Aqsacom Oleg Shilo, Product Leader, Aqsacom
1:30-2:30 p.m. Session A	Advancing the Role of the Monitoring Center Faizel Lakhani, COO, SS8
1:30-2:30 p.m. Session B	The New Investigator Toolbox: from Tactical to Open Source Investigations Emanuele Marcozzi, Presales Engineer, AREA

Wednesday, October 8, 2014

10:30-11:30 a.m.

CyberTOOLBELT Product Demonstration Lt. Colonel James Emerson, USMC (Ret), and Tom Brennan, OWASP foundation, CyberTOOLBELT

---

Track 6: Social Network Monitoring and Big Data Analytics Product Demonstrations

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Tuesday, October 7, 2014

1:30-2:30 p.m. Session B	Monitoring, Analyzing, and Understanding Social Media and Online Open Source Intelligence with Leidos' Digital Echo Parker Hine, Leidos
3:00-4:00 p.m. Session A	Deploying Live-ping Location emails to agents in the field Adeel Khamisa, Oculus Info Inc.
3:00-4:00 p.m. Session B	Narus Demo Mohan Sadashiva, Senior Vice President, Product Management, Narus

---

Track 7: ISS for Mobile Signal Intercept, Electronic Surveillance and Technical Surveillance Countermeasures (TSCM)

This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and intercept as well as TSCM.

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, October 7, 2014

9:00-10:00 a.m.	Exploring your mobile networks. Probe solutions for commercial and public safety applications. Presented by Talea
11:30-12:30 a.m.	Nomadic equipment, wearable monitoring and field Command Centre Emanuele Marcozzi, Presales Engineer, AREA
1:30-2:30 p.m.	Live demo: Cyber Warfare Weapons for Mobile & Desktop devices, Internet backbone, Wireless networks and SSL Decryption. Security solutions for a Non-traceable mobile and Point-to-Point Uncrackable Encryption. Dr (hc) Ankur Srivastava, Founder, Aglaya
3:00-4:00 p.m. Session A	Using Portable Wide Band Recorders for Surveillance Purposes Presented by QRCtech
3:00-4:00 p.m. Session B	Keep your data safe. Security suite for government users. Presented by Talea

Wednesday, October 8, 2014

8:30-9:30 a.m.	Grey Force Tracking: Locate Your Teams On The Field Presented by Hear & Know
10:30-11:30 a.m. Session A	Secure Trip: When location enhances travelers and expatriate security Presented by Hear & Know
10:30-11:30 a.m. Session B	Next-Generation Intelligence (Locate, Monitor targets Invisibly) with A.I Remote Control Intelligence using Automation. Dr. Manish Kumar & Sanjeev Kumar Deswal, Wolf Intelligence

---

2014 Pre-Conference Training Seminars

Monday, October 6, 2014

Seminar #1
8:30-4:30 p.m.
　
Online Social Media and Internet Investigations　

Presented by Charles Cohen, Cohen Training and Consulting, LLC
Charles Cohen also holds the position of Commander, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA

8:30-9:30 a.m.: Session 1 of 6
The role of Online Social Media OSINT in Predicting and Interdicting Spree Killings: Case Studies and Analsyis
This session is for criminal investigators and intelligence analysts who need to understand the impact of online social networking on how criminals communicate, train, interact with victims, and facilitate their criminality.

9:45-10:45 a.m.: Session 2 of 6
OSINT and Criminal Investigations
Now that the Internet is dominated by Online Social Media, OSINT is a critical component of criminal investigations. This session will demonstrate, through case studies, how OSINT can and should be integrated into traditional criminal investigations.
　
11:00-12:00 p.m.: Session 3 of 6
Metadata Exploitation in Criminal Investigations
This session is for investigators who need to understand social network communities along with the tools, tricks, and techniques to prevent, track, and solve crimes.

1:00-2:00 p.m.: Session 4 of 6
EXIF Tags and Geolocation of Devices for Investigations and Operational Security
Current and future undercover officers must now face a world in which facial recognition and Internet caching make it possible to locate an online image posted years or decades before. There are risks posed for undercover associated with online social media and online social networking Investigations. This session presents guidelines for dealing with these risks.

2:15-3:15 p.m.: Session 5 of 6
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition
While there are over 300 social networking sites on the Internet, Facebook is by far the most populous, with over 800 million profiles. It has roughly the same population as the US and UK combined, making it the third largest country by population. There are over 250 million images and 170 million status updates loaded on Facebook every day. This session will cover topics including Facebook security and account settings, Facebook data retention and interaction with law enforcement, and common fraud schemes involving Facebook.

3:30-4:30 p.m.: Session 6 of 6
What Investigators Need to Know about Emerging Technologies Used to Hide on the Internet
Criminal investigators and analysts need to understand how people conceal their identity on the Internet. Technology may be neutral, but the ability to hide ones identity and location on the Internet can be both a challenge and an opportunity. Various methods of hiding ones identity and location while engaged in activates on the Internet, provides an opportunity for investigators to engage in covert online research while also providing a means for criminals to engage in surreptitious communication in furtherance of nefarious activities. As technologies, such as digital device fingerprinting, emerge as ways to attribute identity this becomes a topic about which every investigator and analyst may become familiar.

Seminar #2
8:30-4:30 p.m.

Understanding ISS Technologies and Products Deployed in Telecommunications Networks and Monitoring Centers for Law Enforcement and Intelligence Analysts

Presented by: Dr. Jerry Lucas, President, TeleStrategies

This one day pre-conference seminar covers the spectrum of ISS Technologies and Products deployed in today's fixed wire, mobile wireless and Internet Service Provider networks and LEA Monitoring and Intelligence Gathering Centers. This all day seminar is ideal for those law enforcement, public safety and intelligence analysts who need an understanding of the ISS technologies to be discussed in the conference sessions and the ISS products displayed at the exhibit hall as well as an understanding of the buzz words and jargon used by telecom operator engineers and their vendors.

08:30-10:45 a.m.
Introduction to Telecom Infrastructure, Interception and Related ISS Products
What do LEAs need to know about telecommunications networks infrastructure, basic LI elements (access, delivery and collection function), LEA Monitoring Center Functions and where are ISS products deployed for monitoring and intercept.

Understanding ISS:
Why Understanding Telecom Infrastructure is Important for Law Enforcement and Intelligence Analysts

Basic Telecom Building Blocks:
Circuit vs. Soft IP Switching, Signaling (SS7, ISDN, DTMF, etc.), fiber optics (SDH and SONET), Broadband Access (DSL, Cable Modems, Wi-Fi etc.), IP Core Technologies (Routing, ATM, MPLS, etc.) and Network Elements for Intercept.

Telco Back Office Systems:
Billing Systems, Mediation Services for Capturing Call Detail Records and LEA Intercept Request Processing.

Lawful Interception Architectures:
Probes (active and passive), Optical Layer Intercept at 10, 40 and 100 GBPS, Mediation and Data Retention Architectures, CALEA Pen Register and Trap & Trace, LEA Monitoring Center Functions and ISS Products Deployed in Fixed Wire Network Infrastructure.

Typical US DEA Funded LI Systems:
LIMS, T2S2, Warrant Processing, Data Logs, Capacity Requirement (e.g. Targets, Handoff Circuit Capacity, etc.) Central America Project Funding and Enterprise Hardware/Software Requirements

Legal Intercept Options:
What must telecom operators provide with a served subpoenas, Search Warrant, CALEA-Title III, National Security Letter and FISA Warrant.

11:00-2:00 p.m.
Understanding Mobile Wireless Infrastructure, Interception and Related ISS Products
Infrastructure basics, back office infrastructure, IM, data and where are ISS products deployed for monitoring and intercept.

Types of Wireless Network:
Differences among Network Operators, MUNO's, WiFi, WiMAX, Microwave, Satellite, Femtocells and NFC Interfacing.

Mobile Network Infrastructure:
Subsystems (cell sites, sector antennas, back hall, processors at towers, MSO special features (HLR, VLR, etc.) and PSTN Interconnect.

Cellular Network Generations:
Infrastructure Difference Among GSM, GPSS, EDGE, HSPA, North American CDMA, W-CDMA and LTE (CSFB vs. IMS Based) and Difference in Data Service Support.

Smartphones:
Functional Differences between 3G/4G Smartphones and 2G Phones, SMS messaging vs. iPhone text messages regarding intercept and 3G vs. LTE data services capabilities.

Cell Phone CDR's:
What records do cellular operators obtain when the phone is on, what's in a CDR when phone call is initiated and other forensic data of value to LEA's.

Cell Phone Tracking Options:
Cellular Operator Tracking Services available to LEA's, Target Pinging, Location technologies (GPS is National Based vs. RF Spectrum Mapping, GSM Surveillance, A-GSM intercept, WiFi Tracking, IMSI/IMEI Catchers, Spyware and more.

Smartphone Services to Avoid Tracking:
WHATSAPP, TIGER Text, WICKR, VIBER, GroupMe and more.

ISS Intercept Product Options:
Electronics Surveillance (audio, video and GPS), Location Based Mediation Products, Smartphone IT Intrusion and Cellular CDR data mining, Geocoded Photo Metadata, EXIF tags, Special Smartphone Services for Geolocation (Creepy, Instragram, Foursquare, VIBE and more).

2:15-4:30 p.m.
Understanding the Internet, Interception and Related ISS Products

What Investigators Have To Know about IP call Identifying Information, Investigations Involving E-Mail, Facebook, Twitter, Skype, Instant Messaging, Chat Rooms and what can be done to address Internet intercept deploying ISS infrastructure and where are ISS products deployed for monitoring and intercept.

IP Basics:
Why Understanding IP Layering Model, TCP/IP and UDP is important for LEA's and the IC Community, IP addresses (IPv4 vs. IPv6), static vs. dynamic addresses and more.

Internet Players:
The managers (ICANN, IANS and IETF), NSPs vs. ISPs vs. CDNs, How the Internet Players exchange IP Traffic, Private vs. Public peering and IXPs.

ISP Infrastructure:
RAS, RADIUS, DHCP and DNS and why these servers are important to understand.

VoIP Options:
Types of VoIP Services, PSTN interconnect, Gateway Based (Vonage), P2P (Skype & VIBER), Softswitches, SIP and IMS.

E-mail Services:
Client Based E-mail vs. Webmail. What's different about E-mail, SMS, WEB 2.0, HTTPS, HTTPS 2.0, Smartphone messaging and Social Network messages.

Social Network Metadata:
From Tweets, Facebook, E-mail and Smartphones.

Deep Packet Inspection:
What's DPI, Where do telecoms deploy DPI and Where does the Intelligence Community request DPI intercept.

Defeating Encryption:
Encryption options, Public Key Encryption, TOR, Third Party Services Available (Wickr), Encryption Products and how to defeat encryption (Spyware, Remotely Loaded Programs, IT Intrusion and Man-In-The-Middle Attacks)

ISS Products for Intelligence Gathering:
OSINT, Big Data Analytics, Speaker Recognition, Facial Recognition, IP Mediation Devices and Monitoring Centers.

Seminar#3
8:30-4:30 p.m.

Practitioners Guide to Internet Investigations


Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1 day seminar is to take the attendees from the basics of understanding the internet, how to find data, through to a full understanding of best practice of an internet investigator, having awareness and knowledge of all the tools available to achieve this.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methods will be given throughout the seminar.

8:30-9:30 a.m.
The World Wide Web and the Internet

• How it works. Why it works. How data traffic leaves a trace ;
• What the internet is; what is an IP and what protocols are used ( TCP/IP)
• IPv4 and IPv6 – understanding the changes
• mirror servers use and value
• Tracking and evaluating data

9:45-10:45 a.m.
Recognizing Traffic Data

• A practitioner's guide to what data is available. How to harvest and analyze it.
• Best practice to identify suspects and build profiles.
• Data collection and interrogation
• IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id)
• Dynamic approaches to identifying suspects through internet profiles
• What investigators get from tech and service providers, and how to analyze it
• What to ask for with current legislation to achieve best results
• SPOC best practice.
• ISP/ CSP capabilities and opportunities.

11:00-12:00 p.m.
WIFI and Mobile Data

• A practitioner's look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement.
• Dynamic live time tracing
• Geo location services and uses
• Surveillance without DSA and authority

1:00-2:00 p.m.

Emerging Technologies, Masking Tech and Tools

• How suspects are using emerging and new technologies.
• An introduction to where technology is going, and how Law enforcement can use this to our advantages.
• Darknet, (Deepweb) and IRC use
• VOIP, Skype
• Advanced data sniffing and profile building
• TOR systems, applications and ways to coax offenders out of the system.

2:15-3:15 p.m.

Advanced Techniques in Tracing Suspects

• Using innovative and dynamic methods to trace offenders.
• tricks used by suspects and how to combat them
• Covert internet investigations
• Proxy servers and hiding.
• managing collateral intrusion
• Reverse and social engineering
• Thinking outside the box
• Possible missed opportunities
• Profile building and manhunts

3:30-4:30 p.m.
Open Source Intelligence Training (OSINT)

• An in depth look at what tools are available; how to use them, and practical applications.
• safety online when open sourcing
• open source training and awareness basics
• Trace suspects using available tools
• How to identify leads in investigations and data from ISP
• Internet tools to assist in building online profiles on suspects
• A run through of my website dedicated to online tracing tools and how best to use it (LEA ONLY)
• Reverse engineering and social engineering

Seminar #4
1:00-2:00 p.m.

The Dark Side of the Internet - TOR & Bitcoins


Presented by Ross Bowerman, Detective Sergeant, UK Police

Seminar #5


2:15-14:30 p.m.

Smartphone Application Challenges Encountered and Opportunities Presented to Law Enforcement


Presented by Michael Williamson, Detective Inspector, Force Intelligence Bureau, Crime and Safer Communities, UK


A users overview of Smartphone applications, what they can do, implications, challenges and opportunities for law enforcement in obtaining results and coordinating our response to the overwhelming new apps appearing daily.

Seminar #6
9:45-10:45 a.m.

Understanding Browser and Device "Fingerprinting" to Identify Criminals and Terrorists

Presented by: Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies

Every communications device has a set of digital characteristics (a so-called "fingerprint") that can be used by law enforcement to identify, track and isolate that device on a given network. This session will look at the possibilities of device fingerprinting, including: MAC/physical properties, IP network configuration, operating system profiles and application-level information such as java environment variables, cookies and application-resident data. Where possible, each will be illustrated with case studies and examples to show how law enforcement can leverage the device characteristics to identity criminal behavior, track suspects and collect evidence.

Seminar #7

11:00-12:00 p.m.

Understanding Encryption Technologies, Services Used by Criminals and Covert IT Intrusion Techniques

Presented by: Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies

The Internet is migrating from an open platform of interconnected devices, to a world of highly encrypted, tightly integrated systems. This webinar will look at the technologies that application developers, social-media companies and enterprises are adopting that effectively lockout law enforcement and intelligence analysts from intercepting and decoding content. The presenter will look at in detail the encryption protocols, techniques and standards that the Internet community is adopting, and consider the implications to traditional intercept and content decoding systems - including application fingerprinting, exploitation approaches and practical considerations for law enforcement.

1. Encryption Basics

• Shared vs. Public Key Encryption
• Certified Authorities
• Significance of Key Size
• GSM Encryption (A5.1, A5.2 to A5.3)

2. Basic eCommerce Encryption Options

• Encryption used in Financial Transactions
• Role of Web 2.0, HTTPS and SSL/TLS
• Telecom Operator Encryption Service Options

3. Special Encryptions and Anonymous Communications Services Frequently used by Criminals

• Commercial Offerings
• TOR
• Proxy Servers and VPN Services
• P2P Option

4. Defeating Encryption and Covert IT Intrusion Techniques

• How Does Spyware and IT Intrusion Work
• Cooperation with Certificate Authorities
• Defeating GSM Encryption
• Man-in-the-Middle Attack Techniques
• Device Fingerprinting

5. HTTP 2.0 and Future Encryption Developments

• What's Driving the Development of HTTP 2.0? (e.g. Prisim-Proffing the Internet)
• Why will it be a challenge to LEA/IC's (multiple elements per connections, HTTP
  header compression and mandatory encryption)
• Other Dark Email Project Underway

Seminar #8
8:30-10:45 a.m.

Beyond Google: What to Do When Google (Bing and Yahoo) Do Not Answer Your Questions in a Useful Way


Presented by Stephen Arnold, ArnoldIT

The purpose of this tutorial is to provide recommendations for specific online search tactics tailored to law enforcement and intelligence professionals. In this two hour session, Stephen E Arnold will walk through "how to's" for four specific cases/situations in which free open source online services can help handle the types of questions investigators and analysts often have in different languages.

Questions the presentation will address include:

• What are important tips to work around Google filters for general queries?
• When should Bing or Yahoo be used to dig more deeply into open source content?
• How does an investigator/analyst research content in language other than English?
• How does an investigator translate non-English content in real time and for free?
• What free tools are available to determine relationships among and between persons of interest?
• What free and open source information services provide current data about individuals and their activities?
• What free system displays relationships and telephone numbers in the Bing index?
• How can an investigator / analyst maximize time in a critical research task?

Seminar #9
11:00-12:00 p.m.

Smart Systems Substance or Shadow, Blind Spots or Shadow. Blind Spots in Mainstream Intelligence Systems


Presented by Stephen Arnold, ArnoldIT

Despite the high profile of Big Data and surveillance in the
US, the systems used by intelligence and law enforcement
professionals have limitations.
This lecture will seek to answer these key questions for practitioners in intelligence:

• Are next generation systems delivering value to licensees?
• Are sophisticated systems hardened and reliable?

What are the limitations within which these smart systems operate for the intelligence professional?

Seminar #10
1:00-3:15 p.m.

Visual Analytics: Discovering Real-World Patterns by Exploiting Meta Data Content

Presented by: Christopher Westphal, Raytheon Cyber Products

Seminar #11
3:30-4:30 p.m.

Big Data Analytics for Entity Based Representations: Detecting Networks, Connections, and Correlations

Presented by: Christopher Westphal, Raytheon Cyber Products

Seminar #12
1:00-2:00 p.m.

STIX/TAXII Introduction for Business Development and Cyber Security Professionals

Presented by: Aharon Chernin, Manager, Security Automation, Depository Trust and Clearing Corporation (DTCC)

Seminar #13
2:15-3:15 p.m.

Operationalizing STIX & TAXII, a message from the field

Real world experiences using Avalanche to operationalize STIX & TAXII inside both large and small companies. Get a preview of how transparent use of standards can make these complex activities a part of every organizations internal processes.

Presented by:Aharon Chernin, Manager, Security Automation, Depository Trust and Clearing Corporation (DTCC)

Home : Contact Us