Advanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists

27 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists

Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA
(6 classroom hours)

Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)

Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27-year US Federal Law Enforcement Officer
(5 classroom hours)

Jerry Lucas (Ph.D., Physics), President, TeleStrategies

(3 classroom hours)

Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(3 classroom hours)

Andrew Lewman, VP, DarkOWL and Former Executive Director, The TOR Project
(3 classroom hours)

Tuesday, 3 December 2019

Seminar #1
9:00-17:00

Online Social Media and Internet Investigations　
Presented by: Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

The way people choose to communicate, the technologies that facilitate that communication, and the companies that the control the communication have rapidly evolved.  Criminal investigators and analysts need to also evolve.  This training track is designed to be operational, rather than technical.  It combines technical information operational investigators and analysts must understand with specific tools and techniques to recover evidence in a forensically sound manner.

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective

11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators

13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks

14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)

16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)

Seminar #2
9:00-17:00

Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows

11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving

16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site

Seminar #3
9:00-15:45

Concerns and Considerations in Financial Crime Investigations
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.

9:00-10:00
Criminal Essentials: The Needs of a Criminal Network

10:15-11:15
Financial Crime Schemes in Money Laundering

11:30-12:30
The Essentials of Trade Based Money Laundering

13:30-14:30
How Does Money Actually Move?

14:45-15:45
Follow the Money Beyond the Banks

Seminar #4
9:00-10:00

Understanding Mobile 2G/3G/4G Infrastructure and Lawful Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session covers what technical investigators need to know about 2G/3G/4G infrastructure, SIM Cards, Authentication, CDR analysis, SS7 and more.

Seminar #5
10:15-11:15

Understanding 5G Infrastructure and Lawful Intercept Challenges for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session is a technical introduction to 5G; New Radio, Massive MIMO, IoT services, SDN, NFV, Network Slicing and Cloud Service Support and lawful Intercept challenges facing law enforcement and 5G telecom operators.

Seminar #6
11:30-12:30

Understanding Cryptography Used in Encrypted Third Party Services, Bitcoin/Blockchain, TOR, DarkNets and 3G/4G/5G Cellular Services for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session covers the basics of cryptography: Private-Public Keys (RSA, DH etc.), Symmetric-Keys, Hashing, Certificates and where they are deployed in Third Party Encrypted Services (Telegram, etc.), Cryptocurrencies and DarkNets.

Seminar #7
16:00-17:00

SSL/TLS Interception Workshop (TLS1.3 edition)
Presented by: Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology

The presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-the-middle attack employing proxy and other ways how to obtain unencrypted content of the TLS/SSL session. Speakers outline necessary theory (including news about TLS 1.3), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others) and industry-standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session also includes a live demonstration of the MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to the testbed, which consists of real devices (and their traffic), including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.

Thursday, 5 December 2019

Seminar #8
8:30-13:00

Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

08:30-09:15
Breaking Darknets Through Theory and Fundamentals

09:15-10:00
Cases from the Darknet: Technical Walkthroughs

11:30-12:15
Future Directions of Darknets, Investigations and Infrastructure

Seminar #9
12:00-13:00

Understanding "Defeating Encryption" with Quantum Computing for Non-Engineers
Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

This one hour, session is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computing to decrypt your past and future intercepted transmission sessions, this high-level webinar should be a must attend briefing.
And to do this you need to understand how a quantum computing circuit works when designed for the sole purpose of defeating public key encryption.

Seminar #10
12:00-13:00

Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

---

ISS World Asia 2019 Conference Agenda

3-5 December 2019

---

ISS World Asia Exhibit Hall Hours

Wednesday, 4 December 2019
10:00-18:00 

Thursday, 5 December 2019
9:30-12:30

---

Welcoming Remarks and Top Ten Challenges

Wednesday, 4 December 2019

8:15-8:30
Welcoming Remarks
Tatiana Lucas, ISS World Program Director, TeleStrategies

8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Government Intelligence Community and Who at ISS World Asia has Solutions
Dr. Jerry Lucas, President, TeleStrategies

---

Track 1: Lawful Interception and Criminal Investigation Training

This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.

Tuesday, 3 December 2019

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

11:30-12:00
GeoGence -  A New SIGINT dimension - Unrestricted , global, large scale geo monitoring and profiling while ensuring mission safety, reliability and resiliency
VP Sales and Marketing, GeoGence

13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)
Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

Thursday, 5 December 2019

12:00-13:00
Understanding "Defeating Encryption" with Quantum Computing for Non-Engineers
Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

---

Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, 3 December 2019

9:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

10:15-11:15 Session A
Breaking the 'Holy Grail' - exploiting and implanting iOS devices in 2019
Presented by FinFisher

10:15-11:15 Session B
New methods and tools designed for Law Enforcement Agencies for advanced criminal investigation
Presented by Utimaco

11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

12:00-12:30
GeoGence -  A New SIGINT dimension - Unrestricted , global, large scale geo monitoring and profiling while ensuring mission safety, reliability and resiliency
VP Sales and Marketing, GeoGence

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

13:30-14:30 Session A
Data Fusion and Analytics for National Security and Intelligence
Presented by Yaana

13:30-14:30 Session B
WHO was using WHAT application WHERE and WHEN?
Utilizing our mass capture systems and combining Telephony and IP Data provides a rich repository of data to be mined by VASTech's new powerful analytical capabilities and toolsets.
Presented by VASTech

14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

14:45-15:45
Alternative tools for efficient investigations in the age of encryption
Presented by Rohde&Schwarz

14:45-15:45
Practical and creative example of modifying Android OS by HEX editing system files, and having regular applications to achieve surveillance.
Denis Cuculic, CEO ex. Head of Technical Department, PRO4SEC

16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

16:00-17:00 Session A
Lawful Interception in VolTE, VoWiFi and other services
Rupesh Sangoi, Director, Zeel Infotech

16:00-17:00 Session B
SSL/TLS Interception Workshop
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology

Wednesday, 4 December 2019

9:00-10:00 Session A
Collaborative intelligence space to address data gone dark

All kinds of criminals, including terrorists, are taking advantage of encrypted technologies that allow them to operate in shadows, undetected by law enforcement and intelligence agencies. In order to make sense of criminal activity that takes place under the guise of encryption, law enforcement must have the technical wherewithal to analyse massive volume, variety and velocity of data from multiple sources- flexibly, adaptively and easily. Join us to witness a new paradigm of collaboratively deriving intelligence as data continues to go dark, to reveal critical insights about your persons of interest.

Presented by ClearTrail

9:00-10:00 Session B
Internet Records Intelligence: Collection, Storage, Disclosure & Analysis
Presented by Yaana

13:00-14:00 Session A
Digital Toolbox: the investigator's best friend
Presented by AREA

13:00-14:00 Session B
WhatsApp, Telegram, Facebook…how IPS helps you to locate most wanted targets with LI
Presented by IPS

13:00-14:00 Session C
Improving Threat Analytics: Using DPI Sensors for High-Resolution Traffic Intelligence at Extreme Throughput even in the Most Demanding Environments
Sebastien Synold, Product Manager, Qosmos DPI Business Unit, ENEA

14:30-15:30 Session A
Live Demo: Data Retention – powerful analysis on metadata
Presented by ATIS

14:30-15:30 Session B
Use Case: ASIRIS Monitoring Platform. Extraction and data mining on Telegram messenger
Presented by Tomahawk

16:00-17:00 Session A
How to detect the suspect and get the digital footprint of suspect with exponential data growth whether encrypted or not? (Live Demo)
Presented by Sinovatio

16:00-17:00 Session B
Creating intelligence from disperate digital traces
Miroslav Necas, TOVEK

16:00-17:00 Session C
Automatic speaker recognition and speech content categorization with Speech-to-Text
Presented by ATIS

Thursday, 5 December 2019

8:30-9:30 Session A
How to secure your confidential and critical networks with DataDiode including case studies on Lawful Interception, eBorder (APIS) and eGovernment
Governments in Asia are under constant  cyber attacks by highly capable adversaries, air gap networks are difficult to maintain and are not sustainable any more because the government need to import data in real time from outside source. The datadiode is perfect answer to this dilemma: realtime one-way communication. 
Presented by GSN

9:00-9:30 Session B
Guess who is using THAT App in your Country
Presented by AREA

8:30-9:30 Session C
Open-source intelligence from social networks, surface & dark web

Witness an open-source intelligence system that provides actionable insights from social networks (Twitter, Facebook, Instagram, YouTube, Reddit & Tumblr), dark web, RSS feeds & WhatsApp on a single interface. Explore hashtags/keywords, discover top trends & influencers, identify viral messages & sentiments associated with a topic, reveal fake images & extract entities of interest.

Presented by ClearTrail

10:30-11:30 Session A
Automatic speaker recognition and speech content categorization with Speech-to-Text
Presented by ATIS

10:30-11:30 Session B
Actionable insights from IP/PCAP data: 20x better & faster

Conventionally, a technical investigation from intercepted IP / PCAP data has been driven by the availability of clear-text content. However, a surge in encryption across communication channels has made this approach practically irrelevant. The need of the hour is to derive meaningful intelligence from IP data, even in the absence of content. 

Join us & witness how to generate actionable insights from encrypted & unidentified IP data, to identify the intent, extent & behavior of suspects.

Presented by ClearTrail

10:30-11:30 Session C
Empowering field intelligence teams – how Intellexa combines native 3G/4G interception and long range WiFi interception to make field cyber operations more successful than ever
Presented by Advanced Systems

12:00-13:00
Workshop on Evidence Collection and Analysis of Webpages
Cybercrimes such as ransomware, cyberbullying, scam, illicit darknet activities, inappropriate sexual content distribution,  or even phishing have a very unstable nature when it comes to the collection of evidence. Webpages related to these crimes are usually available only for a couple of days, sometimes even hours. The workshop presents methods on how to effectively download, decode, parse and archive such webpages. It focuses on a safe and auditable collection of valuable (meta)data that can be later used as proof. The presentation outlines the theory behind modern web design (HTML, CSS, Java/TypeScript), well-known libraries for scraping, and decoding (e.g., Scrapy, Selenium) and current challenges (such as single-page applications, access to dynamic content, execution of JavaScript). The session includes demonstrations of the collection process and existing tools. Participants will receive our open-source tool, which easily archives a given URL content together with a basic set of metadata.
Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology

---

Track 3: Social Network Monitoring and Cyber Threat Detection Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, 3 December 2019

9:00-10:00
The Role of Context in Threat Intelligence
Akash Rosen, Managing Director (APAC), Resecurity, Inc

13:30-14:30 Session A
Facebook, Instagram, Snapchat: your target is live now. Don’t miss the chance to get it before it is over.
Presented by IPS

14:45-15:45
Using social media monitoring, Natural Language Processing and visualization techniques to detect and analyze extremist and criminal behavior
Presented by Insikt Intelligence

14:45-15:45
It is not only Exploits
Presented by FinFisher

16:00-17:00
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling
Presented by IPS

Wednesday, 4 December 2019

9:00-10:00 Session A
Cross domain communication: available security controls pros/cons
Governments in Asia need to have access to Intelligence systems able to manage the threats in realitme without compromising the security of their highly classified network. We will look at the pro and con of the different technologies available to have cross domain secure communications.
Presented by GSN

9:00-10:00 Session B
Tactical Web Intelligence (WEBINT) & Social Engineering: Gathering Actionable Intelligence via a powerful WEBINT platform
Presented by CWA Webint Applications

14:30-15:30 Session A
CyberRange: virtual environment for cyberwarfare training
as the military or police forces go to the shooting range to maintain their combat capabilities, Cyber Range is where the cyber warriors go to develop and maintain their defensive/offensive cyber capabilities.
Presented by GSN

14:30-15:00 Session B
High-volume and Analyst-lean WEBINT by combining powerful search and collection with AI Based Risk scoring
Presented by Blackscore

16:00-17:00 Session A
Darknet and Social Media Analysis – offline possibilities and market access
Presented by mh SERVICE

16:00-17:00 Session B
Web Intelligence 4.0:  Infusing Face Recognition, Image Analytics and Artificial Intelligence into a next-generation of WEBINT platform
Presented by CWA Webint Applications

Thursday, 5 December 2019

12:00-13:00
Using social media monitoring, Natural Language Processing and visualization techniques to detect and analyze extremist and criminal behaviour
Presented by Insikt Intelligence

---

Track 4: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction

This track is open to all attendees

Tuesday, 3 December 2019

11:30-12:30
Understanding Cryptography used in Third Party Encryption Services, Bitcoin, Blockchain, TOR, DarkNets, 2G/3G/4G/5G and WiFi for Technical Investigators
Dr. Jerry Lucas, President, TeleStrategies

13:30-14:30
Live Demonstration of DarkOwl vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE

Wednesday, 4 December 2019

(This session is for LEA and Government Only)
9:00-10:00
Profile, target and investigate the Darknet
Presented by AREA

16:00-17:00
Cryptocurrency Investigation Workshop
Presented by: Vladimir Vesely (Ph.D., Computer Science, Researcher), Brno University of Technology

The session surveys current methods for blockchain and traffic analysis. The presentation informs about applicable methods for Bitcoin but also for other major cryptocurrencies as well (e.g., Ethereum, Litecoin, Dash, Zcash, Monero, and others). Speaker explains in detail the properties of cryptocurrency forensics, including address clustering, coinjoining of inputs, transaction mixing, and traffic correlation. The session includes a live demonstration of cryptocurrency evidence collection in a ransomware case. Moreover, participants will have a chance to bring their cryptocurrency addresses/transactions for assessment.

Thursday, 5 December 2019

8:30-9:30
Breaking Darknets Through Theory and Fundamentals
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

10:30-11:30
Cases from the Darknet: Technical Walkthroughs
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

12:00-13:00
Future Directions of Darknets, Investigations and Infrastructure
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

---

Track 5: Artificial Intelligence and Facial Recognition, Threat Detection Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, 3 December 2019

11:30-12:30
Machine Learning capabilities in a Command and Control Center for covert field operations and situation awareness
Presented by IPS

14:45-15:45
Case Studies in Metadata Vulnerability Exploitation and Facial Recognition

Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

Wednesday, 4 December 2019

13:00-14:00
Safety 360°
Presented by NTECH LAB

Thursday, 5 December 2019

8:30-9:30
Decoding millions of apps using AI
Presented by XCI

10:30-11:30
Artificial Intelligence doubles the accuracy of the latest generation of speaker identification
Michal Minarovic, VP of Sales, Phonexia

---

Track 6: 5G Lawful Intercept and Forensics Training

This track is open to all attendees

Tuesday, 3 December 2019

10:15-11:15
Understanding 5G Infrastructure and Lawful Intercept Challenges for Technical Investigators
Dr. Jerry Lucas, President, TeleStrategies

16:00-17:00
LIMA 5G ready!
Sander de Jong, Group2000

Wednesday, 4 December 2019

9:00-10:00
Lawful Interception in 5G Mobile Networks
Presented by Utimaco

13:00-14:00
How to face the challenge of 5G?
Presented by Sinovatio

14:30-15:30
Multi-Access Edge Computing (MEC) and LI
Presented by Utimaco

16:00-17:00
5G: Keep Calm & Carry on with LI
Presented by Yaana

---

Track 7: Mobile Signal Intercept and Electronic Surveillance Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, 3 December 2019

9:00-10:00
Understanding Mobile 2G/3G/4G Infrastructure and Lawful Intercept for Technical Investigators
Dr. Jerry Lucas, President, TeleStrategies

9:00-10:00
Mobile Radio Analysis Solutions with 5G for Government
Presented by Rohde&Schwarz

10:15-11:15
Tactical and Strategic Threat Detection and Geolocation
Vincent Lee, Kratos

11:30-12:30
Detecting, locating and neutralizing an IMSI Catcher. From a phone.
Presented by NeoSoft

Wednesday, 4 December 2019

9:00-10:00
Strategic intelligence to follow trends and reveal hidden targets
Presented by Advanced Systems

13:00-14:00 Session A
VSAT Interception with Carrier-in-Carrier (CiC) separation
Presented by Rohde&Schwarz

13:00-14:00 Session B
Cellular Intelligence in Action. Real use cases solved by combining mobile location and traffic data from cellular networks
Presented by Mobilaris

14:30-15:30 Session A
Next-generation IMSI Catcher: overview of latest developments and trends
Presented by NeoSoft

15:00-15:30 Session B
WEBINT Expanded: Go beyond the “Deepweb-Darkweb” mantra by advanced collection from Mobile Messaging Apps, Dating Apps, Crowdsourcing apps, and Blockchain
Presented by Blackscore

Thursday, 5 December 2019

8:30-9:30
GeoGence -  A New SIGINT dimension - Unrestricted , global, large scale geo monitoring and profiling while ensuring mission safety, reliability and resiliency
VP Sales and Marketing, GeoGence

---

Advanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists

27 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists

Tuesday, 3 December 2019

Seminar #1
9:00-17:00

Online Social Media and Internet Investigations　
Presented by: Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA

The way people choose to communicate, the technologies that facilitate that communication, and the companies that the control the communication have rapidly evolved.  Criminal investigators and analysts need to also evolve.  This training track is designed to be operational, rather than technical.  It combines technical information operational investigators and analysts must understand with specific tools and techniques to recover evidence in a forensically sound manner.

Too often, investigators and analysts overlook or underutilize these valuable resources.  Social networking sites are virtual communities.  As in any large community, criminal organizations, fraud, violet crime, and victimization exist.  Investigators need to understand these communities along with the tools, tricks, and techniques to prevent, track, and solve crimes. 

This training gives attendees an up-to-date understanding of technologies used to obfuscate online identity and physical world location, how social networking sites work, and how members act and interact.  Attendees will be given information and tools that they can use immediately to collect evidence associated with online communication, crimes facilitated by that communication, and how to integrate that information into criminal investigations and criminal intelligence analysis.

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation
Both criminals and investigators can use proxies and Virtual Private Networks to obfuscate their true identities and locations.  This session will give a detailed explanation of how IP:port, Web-based proxies, and VPNs work, who they can be used, and their vulnerabilities.  Proxies are VPNs also represent the foundation on which onion routing was built.  Anyone who wants to understand Tor, onion routing, and other anonymity tools must first understand proxies and VPNs.

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective
Tor is most commonly used to hide one’s identity.  But, it can also be used by an insider to breach a firewall or Internet filter, and is a gateway to what is commonly called the Darknet.  While TOR is the most common onion router, it is definitely not the only one.  And, while Tor Hidden Service servers are the most well-known portion of the Darknet, there are other areas accessible through other tools. 

This session is not intended to make attendees experts, but rather to demystify the topic.  It will give investigators and analysts the foundation that they need to understand these tools and communities—how they started, how they evolved, how they are exploited by criminals, and how they can be used by investigator and analysts.

11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators
This session will build on concepts discussed in the previous two hours, but is not necessary to have attended either.   The session will explore specific case studies involving Dark Markets, how they functioned, and how they were interdicted.  Attendees will be given an overview of how Network Investigative Techniques have been, and can be, deployed to de-anonymize crimes occurring in in the back alleys of the Internet. 

13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks
A cell phone is no longer a cell phone.  It is an extremely precise sensor device that facilitates the collection of information that is retained and aggregated both client-side (on the handset) and server-side (on various companies’ servers).  This session will explore how precise location information is obtained from a combination of GPS, crowdsourced Wi-Fi triangulation, cellular trilateration, and Beacon mesh networks.  Attendees will then learn how to recover information that is being collected by iOS and Android OS devices in a forensically sound manner.

14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)
While evidence of criminality and victimization can be recovered through open source investigative techniques, many of the commercial tools marketed to criminal investigators and analysts are expensive.  This sometimes places them outside the reach of police departments.  And, social media companies are increasingly blocking API connections for commercial tools that allow the tools to be used for, “surveillance”.  For these reasons, it is increasingly important for criminal investigators and analysts to build an inexpensive cyber-OSINT toolbox.  This session will explore the evolution of online social networking, what information is being collected on both social media company servers and client-side endpoints, and how it can be used in investigations and intelligence collection activities.

16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)
This session will discuss the rapidly evolving ecosystem of online social media and how people are changings how they choose to communicate.  It will then detail and demonstrate free and inexpensive cyber-OSINT tools that criminal investigators and analysts can use to start build a cyber-OSINT toolbox.   Attendees will leave with software and Web-based tools that they can immediately use to conduct investigation and intelligence collection activities.

Seminar #2
9:00-17:00

Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

How it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.

10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows

What data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.

11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking

A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.

14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving

Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.

16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site

"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.

Seminar #3
9:00-15:45

Concerns and Considerations in Financial Crime Investigations
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.

The purpose of financial crime can be to generate or protect criminal profit. Locally or internationally, criminals face a continuous challenge of building structure to protect against the efforts of law enforcement and make their profits useable without fear of getting caught. Criminals will therefore build business and financial structures to mask their activities as well as launder money.  

In this 1 day seminar we will discuss the tools and methods criminals use and the law enforcement response. Each presentation describes different elements of financial crime and business models used by criminals as well as law enforcement methods and tactics to identify and disrupt them.  We will discuss the essentials in criminal networks, key players, money laundering, and trade based money laundering.  We will describe how information can be found as money is moved around the world and how investigators can make best use of this knowledge.  This training is aimed primarily at the investigator and analyst, but also has application to the law enforcement, intelligence, and financial regulatory community.

9:00-10:00
Criminal Essentials: The Needs of a Criminal Network

10:15-11:15
Financial Crime Schemes in Money Laundering

11:30-12:30
The Essentials of Trade Based Money Laundering

13:30-14:30
How Does Money Actually Move?

14:45-15:45
Follow the Money Beyond the Banks

Seminar #4
9:00-10:00

Understanding Mobile 2G/3G/4G Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session presents what technical investigators need to know about 2G/3G/4G technology infrastructure, Including:

• Lawful Interception of Voice, Data and Messaging Differences in GSM, UMTS and LTE Networks
• SIM Card Basics: Information Available (IMSI, Authentication Key, etc.) and Cryptography Algorithms (A3, A5 and A8)
• Tracking Targets Using CDR's, SS7 Interconnect and IMSI Cathers and more.

Seminar #5
10:15-11:15

Understanding 5G Infrastructure and Lawful Intercept Challenges for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session is a technical introduction to 5G; New Radio, Massive MIMO, IoT services, SDN, NFV, Network Slicing and Cloud Service Support and lawful Intercept challenges facing law enforcement and 5G telecom operators.

• Infrastructure differences with 4G-LTE and 5G from a lawful interception perspective
• Understanding 4G Advanced Pro and 5G Core transition
• New Radio Access Technologies, Supporting (IoT, M2M, D2D and WiFi-5G Interconnection) including small cells, new unlicensed spectrum and Massive MIMO.
• Understanding IMSI Encryption Impact on LI and SUPI and SUCI replacement

Seminar #6
11:30-12:30

Understanding Cryptography Used in Encrypted Third Party Services, Bitcoin/Blockchain, TOR, DarkNets and 3G/4G/5G Cellular Services for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

In today's digital world almost every transmission is encrypted or soon to be. As such, criminals and terrorists rely on encryption. Today's encryption can't be broken so law enforcement and the intelligence community must know how to work around encryption.

This seminar covers:

1. Public Key Infrastructure (PKI): Basics of RSA, DH and ECC, differences and what applications deploy each and why.
2. Symmetric Keys: Why symmetric keys vs. PKI, relationship with PKI and differences (AES vs. DES vs. RC4) and by exchange.
3. Hashing: What is it and how it works, what applications use hashing and standards (SHA-256, etc.)
4. Certificate Authorities (CA): Why CA's, PKI and Trust and the key standard X.509 explained.
5. Crypto Tunneling: SSL/TLS, VPN Tunnels, IPSec and IKE.
6. Third Party Encrypted Services: The basics cryptography of Gmail, Telegram, WhatsApp and other third party encryption email services.
7. Bitcoin/Blockchain and other Altcoins: Bitcoin/Blockchain Cryptography, use of ECC & SHA-256, Altcoins (Monero, Ethereum, etc.) and how they differ from Bitcoin/Blockchain.
8. TOR and TOR Hidden Services; Cryptography in TOR, TOR Hidden Services and other Dark Webs (Freenet, I2p, Zeronet, etc.)
9. Cellular Encryption: SIM cards and cryptography, Algorithms (A3, A5 and A8), Ki Authentication and 5G public-private key introduction for IMSI encryption.
10. Defeating (or Getting Around) Encryption Examples: MiTM Attacks, Defeating TOR, IT Intrusion Basics, Defeating Facebook's WhatsApp and Decrypting seized Apple iPhones.
11. IETF and Future Cryptography Challenges: TLS 1.3, Free Certificates, HTTP2 and other IETF initiatives.
12. Quantum Computing: The target for decryption (e.g. PKI), quantum computing parameters to monitor (the number of entangled qubits, error correction, etc.) and why quantum computing is superior to today's digital computing for running Shor's (Defeating Encryption Algorithm) and when to expect nation states to reach defeating encryption reality.

Seminar #7
16:00-17:00

SSL/TLS Interception Workshop (TLS1.3 edition)
Presented by: Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology

The presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-the-middle attack employing proxy and other ways how to obtain unencrypted content of the TLS/SSL session. Speakers outline necessary theory (including news about TLS 1.3), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others) and industry-standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session also includes a live demonstration of the MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to the testbed, which consists of real devices (and their traffic), including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.

Thursday, 5 December 2019

Seminar #8
8:30-13:00

Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

08:30-09:15
Breaking Darknets Through Theory and Fundamentals

In this session we'll tackle fun topics such as math, research, and the basic building blocks of all darknets. They all work on the same few premises and can be investigated and broken using similar techniques.

09:15-10:00
Cases from the Darknet: Technical Walkthroughs

We'll walk through a few cases which where started and conducted on the darknets. Successful investigations of child abuse, money laundering, and attempted homicide are featured. 

11:30-12:15
Future Directions of Darknets, Investigations and Infrastructure

We'll walk through live darknets and a light forensic analysis of how they work, how they can be investigated, and why the future isn't any one darknet, but combining technologies. 

Seminar #9
12:00-13:00

Understanding "Defeating Encryption" with Quantum Computing for Non-Engineers
Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

This one hour, session is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computing to decrypt your past and future intercepted transmission sessions, this high-level webinar should be a must attend briefing.
And to do this you need to understand how a quantum computing circuit works when designed for the sole purpose of defeating public key encryption.

Seminar #10
12:00-13:00

Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police