AGENDA for 14-16 June 2022
ISS World Europe is the world's largest gathering of Regional Law Enforcement, Intelligence and Homeland Security Analysts, Telecoms as well as Financial Crime Investigators responsible for Cyber Crime Investigation, Electronic Surveillance and Intelligence Gathering.
ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety, Government and Private Sector Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network, the Internet and Social Media.
Track 1: Lawful Interception and Criminal Investigation Training
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
Track 6: Mobile Signal Intercept Training and Product Demonstrations
Track 7: Electronic Surveillance Training and Product Demonstrations
Track 8: 5G Lawful Intercept, Tracking and Forensics Product Training
Plus Special Training Seminars lead by Law Enforcement Officers and Ph.D. Scientists
ISS World Europe 2022 Program Agenda
Training Seminars Led by Law Enforcement Officers and Ph.D., Computer Scientists
20 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists
Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police
(6 classroom hours)Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)Jerry Lucas (Ph.D., Physics), President, TeleStrategies
(2 classroom hours)Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies
(3 classroom hours)Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(2 classroom hours)
Tuesday, 14 June 2022
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:20
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation09:25-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Operational Perspective10:35-11:25
How Criminals exploit Darknet Services and Dark Markets: A Deep Dive for Criminal Investigators11:30-12:20
Tor, onion routers, Deepnet, and Darknet: Investigative Strategies & Case Studies13:20-14:10
Device Geolocation through GPS, Wi-Fi Triangulation, Cell site Trilateration, BLE Beacons, and Ultra-Wideband: What Investigators Need to Know14:15-15:05
Collecting Evidence from Online Communication: Building a Cyber-OSINT Toolbox
Seminar #2
08:30-15:05(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows
10:35-11:25
WIFI, geolocation, and Mobile Data traces and tracking11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solving14:15-15:05
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resourcesSeminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception.
Seminar #4
09:25-10:15Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the transition to 5G stand alone. (Full description below Track 9)
Seminar #5
10:35-11:25Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
Seminar #6
11:30-12:20Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThursday, 16 June 2022
Seminar #7
13:00-14:00(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PolicePre-Conference Sessions Description At The End of Agenda PostinG
Wednesday, 15 June 2022
Welcoming Remarks
8:15-8:30 Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00
Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Europe has Solutions
Dr. Jerry Lucas, President, TeleStrategies
ISS World Europe Exhibit Hours:
Wednesday, 15 June 2022
10:00-18:15
Thursday, 16 June 2022
10:00 -13:00
Track 1: Lawful Interception and Criminal Investigation Training
This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.
Tuesday, 14 June 2022
15:25-16:05 Session B
Accelerating investigation workflows with specially designed IT-forensic laboratories
Presented by mh Service GmbH16:00-17:00
ETSI/3GPP LI/LD Standards Update
Alex Leadbeater, 3GPP SA3-LI and ETSI TC Cyber Chairman and Head of Global Obligations Future and Standards, BT Security
Martin Kissel, ETSI TC LI Chairman and Coordinator Lawful Interception, Telefónica Germany
Carmine Rizzo, ETSI TC LI Technical Officer and 3GPP SA3-LI Secretary, ETSI
Wednesday, 15 June 2022
09:00-10:00
Lawful Interception and Communication Data, Current & Future Challenges: Mobile, Cyber Security, Virtualization and AI - An industry view
Alex Leadbeater, 3GPP SA3-LI and ETSI TC Cyber Chairman and Head of Global Obligations Future and Standards, BT Security13:45-14:30
Introducing Siren 12.1 - the new European ALLINT Intelligence and Law Enforcement Analyst Platform
In these sessions Dr. Giovanni will introduce the Siren platform version 12.1 - an all-intelligence platform which is in use across the world for cases ranging from Opensource Intelligence (OSINT) to Signal Intelligence (SIGINT), All-Intelligence (ALLINT), Cybersecurity, Policing, Financial Fraud and others. Architecturally, the Siren platform is the only platform in the world which extends the well-known Elasticsearch big data engine with investigative functions and graph/link analysis capabilities. In this presentation Dr. Giovanni will explain how that makes a fundamental difference in a world where big data investigations are required.
Among the subjects being explored will be investigations that correlate the content of mobile devices with background data records as well as other use cases in industry and the public sector alike.
Dr. Giovanni Tummarello, Founder and Chief Product Officer, Siren15:00-15:40 Session A
Achieve the required performance - while keeping cost down and minimizing development time
Emiliano Rodríguez, VP EMEA Sales, Napatech15:00-15:40 Session B
Interception Challenges on VoLTE Network for LEA's
Presented by InterProbe16:30-17:15
Vertical Applications and Usage Areas of IMSI CATCHERs
Presented by Interdata
Thursday, 16 June 2022
08:30-09:10 Session A
Password Cracking in Practice
As more and more traffic and data on the Internet are being protected end-to-end, decrypting information becomes more critical than ever before. The presentation outlines password-cracking use-cases, employed formats, current GPU/FPGA performance limits, and existing (non-)commercial cracking tools. Speaker will show how to: a) automatically extract hashes from encrypted documents; b) prepare and evaluate password keyspace (e.g., generate passwords using Markov chains / rule-based grammars and handling of passwords containing national characters); c) orchestrate various cracking strategies (e.g., a combination of dictionaries). Participants will be provided with tips and tricks on how to use Hashcat more effectively and how to distribute password cracking task on their infrastructure.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology11:00-11:40 Session A
Forensic analysis of smartwatches, mobile phones and clouds
Presented by Compelson11:00-11:40 Session B
Tremendous impact of 3Vs on enhanced intelligence gathering and data insights
Presented by InterProbe11:45-12:30
Intercepting and Collecting Web Evidence in the Times of TLS1.3 and HTTP3.0
The end-to-end HTTPS encryption and the volatile nature of web content make any interception and collection of data on the Internet a challenge. The presentation introduces methods addressing both of these phenomena – intercepting TLS/SSL connections with the help of man-in-the-middle attack employing proxy and automatically creating snapshots of problematic web pages. Speakers outline necessary theory (including news about TLS 1.3, HSTS, HTTP3.0), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others), and industry-standard tools for traffic analysis (such as Wireshark, Fiddler proxy, SSL-Split) and decoding (e.g., Selenium, Scrapy). The session will include a live demo of MitM attack on HTTPS connection enhanced with covert extraction of form data, which would be later used to periodically web scrape and archive protected content.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology
Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 14 June 2022
08:30-09:20 Session A
Beyond Data Diodes: Digitizing domains in intelligence and law enforcement with next generation cross domain solutions
Presented by Infodas09:25-10:15 Session A
Carrier in Carrier Analysis: Determine the impact of Carrier in Carrier technology on your satellite monitoring capabilities
Presenting the challenges posed by Carrier in Carrier technologies and VASTech’s approach to the analysis of Carrier in Carrier signals and the separation of Symmetrical and Asymmetrical Carrier in Carrier Signals.
Presented by VASTech10:35-11:25
A revolutionary solution for Intelligence Analysis Management (IAM): Spectra, pioneering technology in IAM to uncover hidden connections from big data
Information no longer just serves us, instead, it has shaped into a new realm, and needs special services to be fully acknowledged and comprehended. SPECTRA's Intelligence Analysis Management (IAM), an OPPSCIENCE ecosystem of technologies with multiple solutions for Big Data processing and analysis, provides and generates efficient knowledge in real-time. A single access point to all existing data converged into a unified knowledge, enabling trusted decisions in critical contexts.
Presented by OPPSCIENCE11:30-12:20 Session A
LI mediation, only a black box or can it bring additional value?
Presented by Matison
13:20-14:10 Session B
Simplify investigation with one platform
Presented by ATIS14:15-15:05 Session A
Standard Operating Procedures - Using FTK for Process driven Analysis
Presented by Exterro14:15-15:05 Session C
Memento Labs arsenal for criminals’ deep monitoring - LIVE DEMO
Presented by Memento Labs15:25-16:05 Session A
Beyond standalone cyber-intelligence: leveraging adequate darknet collection and processing to bring differentiating value in an integrated intelligence approach
Presented by Corexalys15:25-16:05 Session B
Commercial SIGINT – unrestricted, global and large-scale accurate geo-monitoring and profiling of connected devices
Presented by GeoGence15:25-16:05 Session C
Next Generation Data Fusion Monitoring Center: new ways of gathering intelligence
Evolved from a legacy LI Monitoring Center, next generation systems must provide investigators and analysts with powerful analytical tools, able to bring intelligence insights out of the data lake. Moving from device-centric to data-centric approach.
Gian Marco Pazzola, Senior Pre-Sales Engineer, RCS S.p.A.15:25-16:05 Session D
Combating terrorism, espionage and crime by combining mobile network metadata, mass positioning, and intelligent profiling in real-time
Mohsen Tavakol, Chief Executive Officer, Xolaris
16:10-17:00 Session A
Catch the spyware! A non-intrusive approach to spot potential infections of mobile devices over the air
Presented by Rohde Schwarz16:10-17:00 Session B
Revolution in Audio Investigations
At this session, you will discover an extremely efficient way to investigate audio recordings with Phonexia Orbis Investigator. Get ready to see the world’s most advanced voice biometrics in action!
Presented by Phonexia16:10-17:00 Session C
Introduction to CTG: ETSI and DR&D Solutions
Presented by CTG16:10-17:00 Session D
Generating CDRs for WhatsApp, Telegram, Viber, Signal, and other Encrypted VoIP Applications
Presented by ClearTrail
Wednesday, 15 June 2022
09:00-10:00 Session A
A new dawn of AI, analytics and intelligence: Are you ready for it?
Presented by NSO Group09:00-10:00 Session B
A holistic approach to video analytics – how one platform can solve you surveillance, intelligence and investigation needs
Presented by IDEMIA13:00-13:40 Session A
Intelligence IoT: Networked Tactical Intelligence
Presented by Ateros13:00-13:40 Session B
The investigator toolbox: from Electronic Surveillance to Cyber Intelligence
Specialized digital tools to get the task done
Presented by AREA13:00-13:40 Session C
Next-generation, Cyber-centric Counter-UAS Technologies for Sensitive Environments – Maintaining Safety, Control, and Continuity
Join Marina Aibinder, D-Fend Solutions’ Sales Director CIS, to discuss:
- The emerging drone threat in sensitive environments, including the growing risk from easy accessibility, and the different dangers and threats from different drones.
- The shortcomings of traditional legacy C-UAV solutions, both detection and mitigation, and the alternative of a new, smart, cyber-centric, takeover, control-based approach to address the needs of law enforcement, public safety, government, private sector, and intelligence communities
- Optimized operational deployments addressing different environments, sectors, and scenarios
- Openness, integration, and a layered defense to maintain safety, control, and continuity
Marina Aibinder, D-Fend Solutions’ Sales Director CIS, D-Fend
13:00-13:40 Session D
VASTech Orca - rule the ocean of metadata
Presenting VASTech’s solution for fusing telecommunications, IP, and location data from fibre cables, mobile networks, and satellite signals. Using metadata to answer the important questions of Who, What, Where, and When?
Presented by VASTech13:45-14:30 Session B
GeoGence – National level, non-intrusive and independent accurate geo-monitoring and profiling covering all device types and networks (3/4/5G and WIFI) globally
Presented by GeoGence15:00-15:45 Session A
Understanding Facebook and Other Social Media Data - Expectations, Analytics, and Intelligence
This session Kevin Metcalf, a former federal agent turned prosecutor and founder of the National Child Protection Task Force will help LEAs understand what to request from platforms such as Facebook and Instagram, what data to expect to be returned, and how to analysis it.
Kevin Metcalf, SS8 Networks15:00-15:40 Session B
Encryption vs. You: 3 Ways to Combat Threats at a Nationwide Scale
Presented by ClearTrail15:45-16:25 Session A
Every piece of data tells a story – combine and analyze data from any source in your digital investigation.
Mark Uldahl, CTO, XCI A/S15:45-16:25 Session B
Simplify investigation with one platform
Presented by ATIS15:45-16:25 Session C
Revolution in Audio Investigations
At this session, you will discover an extremely efficient way to investigate audio recordings with Phonexia Orbis Investigator. Get ready to see the world’s most advanced voice biometrics in action!
Presented by Phonexia15:45-16:25 Session D
Advanced data exfiltration on modern smartphones: inside the targets compromised
Presented by MOLLITIAM CYBERINTELLIGENCE16:30-17:15 Session A
Solution for Intelligence - decision making
Col. P. Eng. Igor Toth, (ret.), Tovek16:30-17:15 Session B
Human weakness vs Device weakness
RCS offers innovative cyber tools designed to support legal investigation community to bypass encryption. The multifaceted conveyance approaches will be compared, highlighting the strengths and weaknesses starting from field experiences and tradecraft.
Paolo Funciniti, Pre Sales Engineer, RCS S.p.A.16:30-17:15 Session C
Tomorrow's Forensics Today - Bringing the Front line into the Forensic Workflow using strategic review
Presented by Exterro16:30-17:15 Session D
Evolving OSINT: Challenges and Opportunities
Presented by Strategic OSINT
Thursday, 16 June 2022
08:30-09:10 Session A
A light in the darkness of Encrypted Communications
Presented by AREA08:30-09:10 Session B
Convergence of intelligence and security technologies enhancing law enforcement and national security missions
Mohsen Tavakol, Chief Executive Officer, Xolaris
09:15-10:00
Grayshift's best practice in mobile forensics
Kevin Chandler, Grayshift11:00-11:40 Session A
Supercharged IPDR extraction and analysis - Advanced Internet Activity Analytics
Presented by Trovicor Intelligence11:00-11:40 Session B
Enlighten the DarkWeb: Memento Labs presents MoniTOR - LIVE DEMO
Presented by Memento Labs11:00-11:40 Session C
Unravelling drug trafficking operations with investigative analytics
Presented by Cognyte11:00-11:40 Session D
Tomorrow's Forensics Today - Bringing the Front line into the Forensic Workflow using strategic review
Presented by Exterro11:45-12:30 Session A
Deep Packet Inspection and In-Transit Data Manipulation Systems Overview
Presented by Packet Forensics
Track 3: Social Network Monitoring, Artificial Intelligence and Analytics Product Training
Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees, unless marked otherwise.
Tuesday, 14 June 2022
08:30-09:20 Session A
Massive Social Media data collection and analysis for Counter-Terrorism Intelligence Activities
Presented by IPS08:30-09:20 Session B
Fleeing Facebook: how to keep up with new and constantly evolving platforms
Alternative social media platforms such as Parler, Gab, Discord, 8Kun and Telegram are emerging, gaining popularity and disappearing again at a rapid pace. Learn how to address this challenge in your investigations.
Presented by Fivecast08:30-09:20 Session C
Information Overkill: Finding the Relevant Pieces of the Puzzle across Multiple Data Sources and Identifying Targets to Discover Real Identities with OSINT.
Presented by INNOSYSTEC and IPS09:25-10:15 Session A
WhatsApp, Telegram, Facebook...how IPS helps you to locate most wanted targets with LI
Presented by IPS09:25-10:15 Session B
Detecting digital influence across social media thanks to semantic intelligence
Presented by Deveryware
10:35-11:25
Investigate, prevent and mitigate risks of riots, terrorism, and crimes through a country-wide geo analytical AI.
Massive detecting and tracking crowds with alerting anomaly situations. Targeted finding a second hidden phone number, companions, and similar persons by behavior. Geofense and Massive Profiling.
Presented by Butterfly Effect11:30-12:20 Session A
Videoma Intelion: massive and automatic management and analysis of video and audio in police operations and intelligence investigations.
Videoma Intelion is the new suite of security products presented by ISID at ISS. Videoma is a technological tool of reference in the field of security for multimedia content management, which expands its capabilities of automatic analysis of video, image and audio, as well as the automation of the processes of investigators and analysts. We have solutions adapted to any of the usual sources of video, image and audio, from CCTV, communication interceptions, social networks, open sources, TV or radio.
ISID provides the most advanced technologies for automatic transcription of voice to text, facial or voice biometrics, license plate reading, among others, which allow the automatic processing of large amounts of video or audio without the need for manual review, which saves a great saving of effort and time.
Presented by ISID
13:20-14:10 Session A
Desinformation detection in real time
František Vrabel, CEO, Semantic Visions13:20-14:10 Session B
From Multiple Sources-Analytics to the Real Targets: How to Manage an Incredible Volumes of Data Discovering Behaviours and Relations of Targets with LI.
Presented by IPS and INNOSYSTEC14:15-14:40 Session A
Detecting Information Bias: Using OSINT to Monitor the Russian Military Actions
Presented by Hensoldt14:15-14:40 Session B
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling.
Presented by IPS14:40-15:05 Session B
Cyber Threat Intelligence to accelerate online investigations
Presented by IPS15:25-16:05 Session A
WEBINT - A borderless solution for borderless crimes
Presented by Cognyte15:25-16:05 Session B
AI-enabled Government Intelligence for multilingual content using Language Weaver Machine Translation
Claudiu Stiube, Senior Principal Solutions Consultant, RWS
16:10-17:00 Session A
Investigating future threats with fusion and AI/ML analytics
Presented by Cognyte16:10-17:00 Session C
Target-Centric Analysis with ShadowDragon OSINT Tools
Presented by Shadow Dragon
Wednesday, 15 June 2022
9:00-10:00
Location & Open Source Intelligence: Real Life Case Studies & Live Demonstration
Presented by Cobwebs13:00-13:40 Session A
Follow the Money and Detect Threatening Networks: Combining cutting edge tools from Cobwebs & Moody’s Analytics take your investigative capabilities to the next level
Presented by Cobwebs and Moody's Analytics13:00-13:40 Session B
Modern security challenges - Staying stealthy and understanding the cyber
landscape threats, utilizing a holistic operational security approach
Presented by CANDIRU13:00-13:40 Session C
Massive Distributed Active WEBINT to counter influence operations
Bad actors often use accounts on different platforms for social engineering and other malicious purposes. In this talk we explain best practices for countering influence operations using Massive Distributed Active WEBINT.
Presented by S2T Unlocking Cyberspace13:45-14:30 Session A
Title TBA
Presented by ENIGMA13:45-14:30 Session B
Augmented Analytics: Preventing threats through using automated anomalies detection
Presented by Innosystec13:45-14:30 Session C
Mass Disinformation Operations: how to detect and assess ops with OSINT & SOCMINT tools and techniques
Presented by FutureSpace15:00-15:45 Session A
Brevis-Analyzing Social Networks
Presented by MKCVI15:00-15:45 Session B
trovicor: New perspectives for Strategic Investigation – Latest Innovations!
Presented by Trovicor Intelligence15:00-15:45 Session C
How Social Network Harvester supports your investigations on social media in the time of GDPR regulations
Presented by Freezing Data15:00-15:45 Session D
Cyber Agent Technology (CAT), automation for CYBER HUMINT data collection, collaboration and reporting
Cyber-humint investigations typically pose a challenge when it comes to capturing private or closed-group conversations. It is imperative the data is captured in time and in a suitable format for reporting and collaboration. CAT automates this time-consuming and laborious process and enables users to focus on the investigation.
Presented by Volto Labs15:45-16:25 Session A
Using OSINT with visual link analysis to enhance your investigations
Presented by Maltego16:30-17:15 Session A
Unraveling a Criminal syndicate using Lawful Intercept PCAP files
This session will demonstrate how extracting encrypted application metadata from a PCAP file can begin to unravel a criminal syndicate by associating social media posts with specific devices, mapping communication networks, and validating known dark web and cryptocurrency activity.
Presented by Sandvine16:30-17:15 Session B
The rise of alternative Social Media as a mainstream platform for radical movements as well as for VIP / Executives threats
Presented by Webhose.io16:30-17:15 Session C
Transforming OSINT, Cyber and POI investigations with the power of Maltego
Presented by Maltego16:30-17:15 Session D
Practical aspects of using OSINT systems in shifting environments - when hybrid warfare shifts more to kinetic conflict
Presented by Hensoldt
Thursday, 16 June 2022
08:30-9:10 Session A
Information overkill: finding the relevant pieces of the puzzle across multiple data sources to detect and prevent terror and crime.
Presented by Innosystec08:30-9:10 Session B
Combatting threats across the full spectrum of OSINT mediums & sources with consolidated platforms
Presented by OSINT Combine8:30-9:10 Session C
Anonymity vs. You
Smart Methods to Identify Virality, Bots & Personally Identifiable Information
Presented by ClearTrail09:15-10:00 Session B
Human Trafficking: How OSINT Tools Can Fight Its Many Forms
Social Links’ Veronika Wildenberg is joining forces with Larry Cameron from the Anti-Human Trafficking Intelligence Initiative to raise awareness on the growing global issue of human trafficking, and demonstrate a range of practical ways in which the intelligence community can effectively counteract such activities.
Presented by Social Links09:15-10:00 Session C
Effective Investigations in Social Networks with Social Network Harvester (SNH)
Presented by Freezing Data09:15-10:00 Session D
Critical Infrastructure Protection: Conducting a National Security Investigation Online:
This session will demonstrate how to monitor Indicators of Compromise across an entire nation-state’s critical infrastructure, identifying compromised sites, determining the bad actors behind the compromise, and mapping out the critical sectors being probed by the bad actors.
Presented by Sandvine11:00-11:40 Session C
Introducing Siren 12.1 - the new European ALLINT Intelligence and Law Enforcement Analyst Platform
In these sessions Dr. Giovanni will introduce the Siren platform version 12.1 - an all-intelligence platform which is in use across the world for cases ranging from Opensource Intelligence (OSINT) to Signal Intelligence (SIGINT), All-Intelligence (ALLINT), Cybersecurity, Policing, Financial Fraud and others. Architecturally, the Siren platform is the only platform in the world which extends the well-known Elasticsearch big data engine with investigative functions and graph/link analysis capabilities. In this presentation Dr. Giovanni will explain how that makes a fundamental difference in a world where big data investigations are required.
Among the subjects being explored will be investigations that correlate the content of mobile devices with background data records as well as other use cases in industry and the public sector alike.
Dr. Giovanni Tummarello, Founder and Chief Product Officer, Siren11:45-12:30
Transforming low precision telecom location data into high accuracy dynamic crowd geodata with Machine Learning and OSINT.
Qualitative and quantitative investigations of riots and crowd events. Transforming low precision telecom location data into high accuracy dynamic crowd geodata with Machine Learning and OSINT.
Presented by Butterfly Effect
13:00-14:00
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
Track 4: Threat Intelligence Gathering and Cyber Security Product Training
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees
Tuesday, 14 June 2022
10:35-11:25 Session A
Maximize Geolocation Intelligence to Investigate the Past & Prevent Future Crimes
Presented by Rayzone Group10:35-11:25 Session B
From Network Access to Ransomware Attack - the Path from the Cybercrime Underground to the Surface
Presented by KELA
11:30-12:20 Session B
Improving mission success with the IntelligenceReveal portfolio for communications intelligence and multi-source analysis.
Jez Nelmes, Product Manager, BAE Systems Digital Intelligence11:30-12:30 Session C
Riots in Colombia: crowd control on the internet
Presented by MOLLITIAM CYBERINTELLIGENCE14:15-15:05
Why software is not enough: building next generation, hardenized smartphones for communication security
Presented by Feedback Italia15:25-16:05
OSINT Case Study: Tracing International Money Launderers
OSINT specialist at Belgium’s Federal Judicial Police, Christof De Windt, will be joined by Social Links’ Alexandra Samuseva to demonstrate a full investigation. This authentic case will detail the techniques and tools used to identify two frauds who had money laundered in Europe then rechanneled to accounts in Africa.
Presented by Social Links16:10-17:00
Obtaining valuable information from information from the latest versions of Windows
Presented by MOLLITIAM CYBERINTELLIGENCE
Wednesday, 15 June 2022
09:00-10:00 Session A
Construct, Visualize and Analyze Digital Trails through Big Data
Presented by Rayzone Group09:00-10:00 Session B
Overview of the current global cyber threat landscape
Matt Willsher, Government Presale Specialist, BAE Systems Digital Intelligence13:00-13:40
Protecting Mobile Infrastructure and Networks from External Threat Actors
Presented by ENEA AdaptiveMobile Security13:45-14:30
Demo: Extending Suricata Visibility with Next-Generation DPI-Based Cyber Sensors
In this live demonstration, discover a new generation of DPI-based cyber sensors that leverage years of experience in cyber defense environments to extend the threat detection capabilities of Suricata and raise the performance of government-run Security Operations Centers (SOCs).Deep Packet Inspection (DPI) technology has long been used to provide granular detail of network traffic, but the malicious use of encryption and advanced evasive techniques have posed a challenge for Suricata-based IDS/IPS that uses conventional DPI and related monitoring technologies. The latest generation of DPI-based cyber sensors have been enriched with flow analytics and advanced data mining techniques to deliver critical visibility into encrypted and evasive traffic.
Discover how you can use next-gen DPI to:
- Get maximum visibility into all encrypted traffic to support:
- Triage for decryption
- Advanced analytics for anomaly detection
- Forensics
- Detect and extract maximum data about traffic using evasive techniques, including
- VPNs
- Anonymizers
- Covert communications channels
- Complex tunneling
- Domain fronting
- Traffic spoofing
- File spoofing, and more
Sebastien Synold, Product Manager, Qosmos DPI Business Unit, ENEA
15:45-16:30
A Deep Dive in to Mobile Exploitation - A Full Chain overview
Presented by SecFenceThursday, 16 June 2022
8:30-9:10
A Deep Dive in to Mobile Exploitation - A Full Chain overview
Presented by SecFence9:15-10:00 Session A
Babylon - unique solution for secure cellular
Presented by HighSecLabs9:15-10:00 Session B
The Human Factor in Cybersecurity
Presented by Rayzone Group9:15-10:00 Session C
Encrypted Mobile Communication
Presented by Protelion GmbH11:00-11:40
Shaping the ultimate communication protection strategy: custom-hardened, tamper-proof laptops for uncompromised security
Presented by Feedback Italia
Track 5: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction
This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities
Note: Some sessions are only open to LEA and Government. These sessions are marked accordingly.
Tuesday, 14 June 2022
13:20-14:10
Live Demonstration of DarkOwl Vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE15:25-16:05
Tracing Al-Qaeda's Terrorist Financing Campaigns with Blockchain Intelligence
Presented by ChainalysisWednesday, 15 June 2022
13:00-13:40
Darknet and Social Media Analysis - Offline Possibilities and Market Access
including open sources such as Pastebin, Telegram and more
Presented by mh Service GmbH13:45-14:30
De-anonymizing cryptocurrency transactions to fight crime and terror
Presented by Cognyte
(ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Thursday, 16 June 2022
9:15-10:00
Workshop on Correlating Blockchain Activity with Real-Life Events and Users
The session starts with the outline of current methods for blockchain and traffic analysis. Speaker explains in detail the properties of cryptocurrencies, including address clustering, coin-joining of inputs, transaction mixing, and traffic correlation. It then focuses on employing previously described methods to obtain intel about dark marketplace operators, vendors, and buyers. To address cryptocurrency forensics, we have developed a set of tools (exclusively available to law enforcement agencies) that are capable of correlating things happening in real-life with the blockchain. Moreover, participants will have a chance to bring their cryptocurrency addresses/transactions for assessment.
Vladimir Vesely (Ph.D., Computer Science) and Jan Pluskal, Researchers, Brno University of Technology
Track 6: Mobile Signal Intercept Product Training and Demonstrations
This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.
This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 14 June 2022
8:30-9:20 Session B
Understanding Mobile 2G, 3G, 4G and 5G NSA Infrastructure, Intercept and Cryptography
Dr. Jerry Lucas, President, TeleStrategies9:25-10:15
Detect & Prevent Communication Interception Systems in Real-Time
Presented by Rayzone Group10:35-11:25
VSAT Networks: Tactical and Strategic Threat Detection and Geolocation
Presented by Kratos11:30-12:20
SCPC/VSAT Interception in CiC/CuC Scenarios
Presented by Rohde Schwarz14:15-15:05
Magic Locator: A Revolutionary AI Based Locator Technology Product as an Alternative to IMSI Catchers
Presented by Septier16:10-17:00
Mobile tracking & geodata-driven investigations
Mathieu Lafforgue, Marwane Akram, Intersec
Wednesday, 15 June 2022
9:00-9:30
Cutting through satellite traffic noise to discover actionable insights
Presented by Cognyte9:30-10:00
Tactical intelligence solutions for evolving technologies and threats
Presented by Cognyte13:45-14:30
Lawful Access to Location with Intersec GeoSafe LI
Mathieu Lafforgue, Amer Bdeoui, Intersec15:00-15:40
Stay ahead of the multi-band wireless curve for vehicular, portable, and airborne investigations
Presented by Octasic
15:45-16:25
Magic Locator: A Revolutionary AI Based Locator Technology Product as an Alternative to IMSI Catchers
Presented by Septier
Thursday, 16 June 2022
08:30-09:10
Why secure hardware alone is just not enough: Bittium Tough Mobile 2
Presented by Bittium
Track 7: Electronic Surveillance Training and Product Demonstrations
This track is for law enforcement investigators and the government intelligence community who are responsible for deploying video, audio and GPS surveillance products and only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.
Tuesday, 14 June 2022
08:30-09:20
A new paradigm for covert audio surveillance in large areas
Presented by Commesh09:25-10:15
New ways of using ethernet traffic in a target-oriented approach with tactical solutions
How LI systems collecting data, and how can we move that to a tactical level in a target-oriented manner. Tools for Collecting, organizing, and analyzing data and the tools that is needed for an operator to achieve that goal.
Glenn Moeller, CTO, Seginova Aps13:20-14:10
Streaming Visual Intelligence from IoT
NightHawk, a cyber intelligence platform delivering E2E intelligence gathering and covert operations unique capabilities. The NightHawk can be operated remotely or by proximity to the targeted device. The session will enable law enforcement and intelligence agencies a glimpse into how to gather unique intelligence, analyze, track targets and events worldwide in the NightHawk platform.
Presented by Interionet
Wednesday, 15 June 2022
13:45-14:30 Session A
Introduction to the new Line Arrays and how to use Multiple Arrays in complex and challenging acoustic environments.
Vibeke Jahr, COO and Founder, Squarehead Technology13:45-14:30 Session B
Old school in a new form. Tomorrow's trends for surreptitious and covert vehicle entry solutions
Presented by nQ fabrica15:00-15:40
Vertical Applications and Usage Areas of IMSI CATCHERs (Border Security)
Presented by Interdata15:45-16:30
Compact, yet mighty.
Flexible and intelligent, tactical electronic surveillance fully scalable enabling platform LEMF with synchronized multimedia on a single panel.
Presented by AREA16:30-17:15
Border Security and Force Protection Analytics using Passive RF - Update
Presented by Packet ForensicsThursday, 16 June 2022
08:30-09:10
DEMO: IMSI Type Drone Catcher
Presented by Interdata
Track 8: 5G Lawful Interception Product Training
This track is open to all conference attendees unless marked otherwise.
Note: Some sessions are only open to LEA and Government. These sessions are marked accordingly.
Tuesday, 14 June 2022
9:25-10:15
Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies
13:20-14:10
Conquer 5G SA and 3D geolocation challenges for continued mission success
Presented by Octasic14:15-15:05
Impact of 5GC on LEAs Usage of Cell Site Simulators & Alternative Solutions
Whether used for finding missing persons, locating fugitives, or investigating serious crimes, cell site simulators (CSS) are a core tool used, legally, every day, by law enforcement investigators around the world. When 5G is fully deployed, the privacy and security enhancements will negatively impact the CSS mission. In this session, Vice President of National Government Solution, Kevin McTiernan, will go over the 5G privacy and security enhancements, the impacts that they will have on the CSS mission and the options available to law enforcement agencies to operate their CSSes unobstructed.
Kevin McTiernan, SS8 Networks15:25-16:05
How 5G technology and design choices are changing LI requirements
The introduction of 5G technology by Mobile Network Operators has a much broader impact on Law Enforcement than the apparent need for lawful interception support of their 5G services. This session provides a comprehensive overview of the direct and indirect effects that the introduction of 5G technology will have on Law Enforcement.
Max Posthuma de Boer, Product manager, Group 2000
Thursday, 16 June 2022
11:00-11:40
Advanced geolocation with mobile carriers, enhanced by 5G
Mathieu Lafforgue, Amer Bdeoui, Intersec11:45-12:30
Conquer 5G SA and 3D geolocation challenges for continued mission success
Presented by Octasic
Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists
Tuesday, 14 June 2022
Seminar #1
08:30-15:05Online Social Media and Internet Investigations
Presented by:Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police08:30-09:20
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation09:25-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Operational Perspective10:35-11:25
How Criminals exploit Darknet Services and Dark Markets: A Deep Dive for Criminal Investigators11:30-12:20
Tor, onion routers, Deepnet, and Darknet: Investigative Strategies & Case Studies13:20-14:10
Device Geolocation through GPS, Wi-Fi Triangulation, Cell site Trilateration, BLE Beacons, and Ultra-Wideband: What Investigators Need to Know14:15-15:05
Collecting Evidence from Online Communication: Building a Cyber-OSINT ToolboxSeminar #2
08:30-15:05(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceThe aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet,
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.08:30-09:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigatorsHow it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.
09:25-10:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadowsWhat data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.
10:35-11:25
WIFI, geolocation, and Mobile Data traces and trackingA detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.
11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxiesHow suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solvingUsing innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.
14:15-15:05
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resources"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how. PART 2 on the final day with free tools to download and keep
Seminar #3
08:30-09:20Understanding Mobile 2G, 3G, 4G & 5G NSA Infrastructure and Law Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategiesThis session addresses the infrastructure evolution of 2G to 3G to 4G to 5G NSA and the impact on lawful interception. Specifically;
Network Architecture Evolution from 2G to 3G, 3G to 4G, 4G to 5G regarding radio technology (TDMA, CDMA, OFDM and MIMO), network core from CSFB to VoLTE and SS7 to Diameter.
Encryption, Target Identification and Location: SIM and eSIM cards, IMSI and Target ID, encryption algorithms (A3, A5, A8 and Ki) and basically how user authentication and traffic encryption is accomplished.
Target Location Tracking with CDR analysis, MAC address farming, MITM attacks, SS7 access, IMSI catchers and IT intrusion.
4G to 5G Transition Specifics Understanding 5G Non Stand Alone (NSA) vs. SA 5G, the IMSI catcher issue (myth vs. realities), 5G Cryptography (ECC, SUPI, SUCI), 5G target location enhancement and LTE/NR Internetworking and Co-existance.
5G Spectrum What can 5G deliver with mid vs. high frequency spectrum and what new spectrum bands are soon to be auctioned off
SA 5G Infrastructure Features: NFV, SDN, Edge/Cloud Computing and Network Slicing
Seminar #4
09:25-10:15Understanding 5G Stand Alone NFV, Edge Computing and Network Slicing
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesCellular market analysts collectively have identified 5G services deployed in over 400 cities spread over 30 or so countries. The one common feature of all these operations is that they are providing 5G services with a 4G/5G hybrid network infrastructures or so called non-Stand Alone (NSA) architecture. This session addresses the trasition to 5G standalone.
In reality lawful interception of non-standalone is not any different from 4G interception regarding new LI feature additions. The next LI challenge will be for 5G SA. This webinar addresses the technical challenges facing law enforcement, 5G operators and ISS vendors. Specifically the four transitions are:
- 5G Network Challenges Identifiers: How are law enforcement going to grab 1gbps traffic streams; backhaul to monitoring centers and filter non-important traffic of interest.
- 5G Edge Cloud Computing: How do you intercept on a 5G operators IT systems, deal with proprietary system protocols, e2e encryption and localized content
- 5G Virtual Network Core: How complicated will this be regarding LI, VoIP on virtual devices and what LI barriers has the IETF created
- 5G Network Slicing: Is this 5G feature restricted to private enterprises or will 5G MVNO’s provide public mobile wireless services, How will law enforcement interconnect with 5G OSS provisioning systems and what is the LI point of interconnection?
Seminar #5
10:35-11:25Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesYou can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.
This session:
- Analyses the top third party encrypted serves (Telegram, Silent Circle, WhatsApp, Skype, Viber,TOR, TOR/HS); the cryptography deployed; why criminals and terrorists choose one over the other; and related LI challenges.
- Presents the common techniques for defeating the encryption deployed in these services, and their success/weakness, including:
- Man in the Middle Attacks
- IT Intrusion (Installing Malware)
- Exploiting bugs in SSL/TLS
- Connecting the “metadata” dots between known targets and communication patterns
- Case studies working around third party encryption case studies, e.g. how was it done!
- TOR / DarkNets (TOR/HS)
- Bitcoin Traceback
- Mobile phone/encryption cracking
- Future Directions in cryptography presenting new challenges for law enforcement and the government intelligence community.
Seminar #6
11:30-12:20Locating and Tracking Devices by MAC Addresses and App-Based SDKs plus Privacy Measures by Apple & Google
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategiesThursday, 16 June 2022
Seminar #7
13:00-14:00(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Open Source Tools, Part 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK PoliceA must see presentation of the best and most dynamic tools available to the investigator- and they’re all free. A download link will be provided during this session with 100 tools to take away