Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists

31 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists

Charles Cohen, Cohen Training and Consulting, LLC, also holds the position of Captain, Office of Intelligence & Investigative Technologies, Indiana State Police, USA
(6 classroom hours)

Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(8 classroom hours)

Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer
(6 classroom hours)

Jerry Lucas (Ph.D., Physics), President, TeleStrategies


(4 classroom hours)

Matthew Lucas (Ph.D., Computer Science), Vice President, TeleStrategies
(3 classroom hours)

Vladimir Vesely, (Ph.D, Computer Science), Researcher, FIT-BUT, Brno University of Technology
(2 classroom hours)

Stephen Arnold, Managing Partner, Arnold.IT
(2 classroom hours)

Tuesday, 5 June 2018

Seminar #1
08:30-15:05

Online Social Media and Internet Investigations　

Presented by: Charles Cohen, Cohen Training and Consulting, LLC;
Charles Cohen also holds the position of Captain, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA

8:30-9:20
Proxies, VPNs, and Dark Web:  Identity Concealment and Location Obfuscation

9:25-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator’s Perspective

10:35-11:25
Tor, onion routers, Deepnet, and Darknet:  A Deep Dive for Criminal Investigators

11:30-12:20
Cellular Handset Geolocation:  Investigative Opportunities and Personal Security Risks

13:20-14:10
Collecting Evidence from Online Social Media:  Building a Cyber-OSINT Toolbox (Part 1)

14:15-15:05
Collecting Evidence from Online Social Media:  Building a Cyber-OSINT Toolbox (Part 2)


Seminar #2
9:00-17:00

Practitioners Guide to Internet Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

8:30-9:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

9:25-10:15
Recognising Traffic Data and digital profiling via social networks and devices - digital shadows

10:35-11:25 
WIFI, geolocation, and Mobile Data traces and tracking

11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solving

14:15-15:05
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site

Seminar #3
8:30-9:20

Cryptocurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis

Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies

This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses:

Seminar #4
13:20-14:10

Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations

Presented by: Matthew Lucas, (Ph.D Computer Science), VP, TeleStrategies

TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.

• How TOR hides IP addresses/identity/location
• TOR hosting, What is .ONION and content analysis

Seminar # 5
14:15-15:05

Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand

Presented by: Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later.

When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network
encryption.

Wednesday, 6 June 2018

Seminar #6
16:45-17:45

Advanced Analytic Techniques for Danonymizing Digital Currency Transactions

In this session, Stephen E Arnold reviews the changes in Dark Web user messaging caused by increasing pressure on traditional Dark Web sites. Innovations from Portugal Anonymous and developers of encrypted chat apps have been active. In fact, Briar and Matrix are two new but unproven systems now available. The options for secure communication for Surface Web and Dark Web users are increasing. This lecture presents information on these investigative challenges by describing a method for obtaining access to streams of one-to-one messages and processing the intercepted data.

The specific topics addressed are:

1.   What’s changed in Dark Web messaging since June 2017 when the “Dark Web Notebook” was published

2.   The mechanism, including network diagrams, for inserting investigators into the message flow of chat based on IRC techniques and rapidly-evolving peer-to-peer distributed messaging. A case example of a procedure developed in Qatar is reviewed.

3.   The types of content which the messaging techniques permit

4.   How the message types “work around” surveillance of traditional Dark Web sites such as drug markets

5.   Identification of open source and commercial services which enable these surveillance and analysis methods

6.   The challenges of the rapidly changing message types

7.   Outlook for 2019 

The lecture is designed for a person with familiarity with online surveillance and general familiarity with computer-assisted analyses.

Presented by: Stephen Arnold, Managing Partner, Arnold.IT

Thursday, 7 June 2018

Seminar #7
08:30 - 13:00

Concerns and Considerations in Financial Crime Investigations

Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer

8:30-9:30
Today's Money Laundering Schemes Financial Crime Investigators Need to Know

10:30-11:30
The Business of Banking: What Financial Crime Investigators Need to Know

12:00-13:00
How Money Actually Moves Beyond the Banks: What Financial Crime Investigators Need to Know


Seminar #8
12:00-13:00

Understanding Defeating Encryption with Quantum Computing for Non-Engineers

Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

Countless news articles have been written about quantum computers, the magic of entangled qubits and all the new business opportunities that will be created with these general-purpose computing machines.  But what is not addressed in these articles is you don’t need a general purpose quantum computer to defeat today’s cryptography.  While these general-purpose machines are likely a decade away from deployment, an application specific quantum circuit designed for one purpose only, e.g. defeating today’s public key encryption may be but a few years away.

Seminar 9
16:45-17:45

TLS/SSL Decryption Workshop

Presented by: Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology

The presentation introduces methods how to decrypt TLS/SSL connection. Focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speaker will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective.

Seminar 10
12:00-13:00

Cryptocurrency Forensics Utilizing a Multi-currency Blockchain Explorer

Presented by: Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology

Demonstration of a multi-currency blockchain explorer

Seminar #11
10:30-11:30

Dark Web Messaging Today and Outlook for 2019

Presented by: Stephen Arnold, Managing Partner, Arnold.IT

in this lecture, Stephen E Arnold, author of the 2015 monograph “CyberOSINT: Next Generation Information Access” presents specific information about the methods for revealing a bad actor’s “true identity.” Traditional investigative techniques remain important, but this lecture focuses on the tactics required when an investigator has little or no specific information about the individual or individuals involved in a particular activity; for example, human trafficking, weapons sales, child pornography, etc. 

In the lecture, these topics will be addressed:

1.   Why unmasking anonymous persons of interest is an essential task when an investigator must "follow the money"

2. A review of the "funnels method" identified in Stephen E Arnold's cyberOSINT and Dark Web research. The method makes use of a range of traditional and advanced analytic techniques, including clustering, link analysis, and handle (alias) search. Content from Surface Web, proprietary, and Dark Web sources can be examined in a federated system.

3.   The look at determining who is involved in a specific activity is explained and illustrated by examining how a specific commercial services can capture, analyze, and output a list of suspects. The case examples focus on associates, user names and aliases, and digital currency transaction data.

4.   Blockchain analysis makes it possible to obtain items of information which can be used to track a particular transaction from party to party; for example, a purchaser of 4 ANPP or LSD to the seller of the contraband using Bitcoin or other digital currencies.

5.   The process for taking data from generating a list of suspects, analyzing their hidden network activity, and then looking for behavioral “fingerprints” within Surface Web and other indexes is explained. Examples of this “matching” is presented.

6.   The systems explained do not work in isolation. In this section of the lecture, the integration of multiple automated methods are assembled into an “unmasking process.”

7.   The final section of the talk identifies the specific steps required to implement one or more of the methods described in the lecture.

The information in this program is designed for an investigator or an intelligence officer with some knowledge of large-scale surveillance systems and the use of commercial products such as IBM i2, Palantir Technologies, and specialized firms focused on the tasks required for unmasking identities. As noted, the digital tools do not replace a training analyst, investigator, or intelligence officer.

Pre-Conference Sessions Description At The End of Agenda PostinG

---

Wednesday, 6 June 2018

Welcoming Remarks

8:15-8:30	Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00	Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Europe has Solutions Dr. Jerry Lucas, President, TeleStrategies

---

ISS World Europe Exhibit Hours:

Wednesday, 6 June 2018: 10:00 - 18:00

Thursday, 7 June 2018: 9:30 - 12:30

---

Track 1: Lawful Interception and Criminal Investigation Training

This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.

Tuesday, 5 June 2018

9:25-10:15	Hushmeeting: creating an iron-clad and quantum-safe communication environment Preventing attacks, detecting intruders and collaborating within a backdoor-free and malware-proof communicaiton framework. Real use cases and attacking scenarios Mirko Minuzzo, Feedback Italia
10:35-11:25	Global Forensics Challenges: Extraterritorial, Virtualisation & Obfuscation Presented by Yaana Technologies
13:20-13:50	AI at Eyedea Recognition: from reading human-unreadable image text to state-of-the-art video-anaytic tools Martin Urban, Ph.d, Eyedea Recognition, s.r.o.
14:15-15:05	Artificial intelligence at work: making the most out of your multilingual audio data  Building powerful OSINT & COMINT solutions with leading-edge speech processing technologies. Presented by Vocapia
15:25-17:20	ETSI/3GPP LI/RD Standards Update Alex Leadbeater, Chairman, 3GPP SA3 LI and EU Data Retention Compliance Manager, BT Group Gerald McQuaid, ETSI TC LI Chairman and Special Requirements Advisor, Vodafone Group Carmine Rizzo, ETSI TC LI Technical Officer and 3GPP SA3LI Secretary, ETSI
15:25-16:15 Session A	Revolution in Accuracy and Speed of Voice Biometrics How will the new generation of Speaker Identification technology based exclusively on deep neural networks affect the hardware resources’ efficiency, accuracy and speed? Presented by Phonexia
15:25-16:15 Session B	Lawful Interception in 5G Mobile Networks This session will elaborate the needs and the challenges of lawful interception in current and future wireless networks. Network operators and law enforcement agencies will get practical advice and hear best practice techniques for the implementation of LI in 5G networks. Rene Nitzinger, Utimaco TS GmbH

Wednesday, 6 June 2018

9:00-10:00	Current and Future Standardization Challenges: Encryption, Network Function Virtualization, Cloud Computing and More Alex Leadbeater, Chairman, SA3 LI and EU Data Retention Compliance Manager, BT
11:30-12:00	Legal Monitoring of Internet-of-Things (IOT) This presentation gives a quick introduction to IOT technologies and market potential of IOT. It will explore requirements and challenges in regards to legal compliance and attendees will get knowledge about different interception scenarios to cover cloud-based IOT or cellular IOT. Rudolf Winschuh, Utimaco TS GmbH
14:00-14:30	Man in the middle (Bridge, Reset, Close, SSL self signed, SSL CA signed, HTTPS stripping) Roman Khokhlov, NORSI-TRANS
15:30-16:30	Vlatacom Solution for Secure Information Sharing Over the Cloud The platform is designed to operate as a personal device for safe, secure and secret communication. Messages exchanged using the device are files of different types, they are encrypted with a strong encryption algorithm and then concealed by applying stenography methods. Two separate hardware blocks, secure and communication - ensure that encryption part of the device is never exposed to external influences that can come through the internet. Moreover, the cryptographic key is never exposed to host device operating system. The device as a collaborative medium uses public cloud services, but it can also be used in the standalone mode when it is not necessary to be connected to the Internet. Presented by Vlatacom Institute
16:45-17:15 Session A	Challenges facing Operators and LEA's: Interception of 10K+ targets on 100G networks and beyond Considering advances in access technology that are enabling end users internet access reaching 1Gbps, with network capacity consisting of numerous 100Gbps links, more stringent intercept requirements and increasing numbers of intercept targets, we are discussing the challenges facing users of intercept solutions and network operators that are obliged to implement LIMS solution inside their networks. As both parties have seemingly opposite requirements, where LEA’s would like to increase the functionality, while operators would like to drive down the cost, we will dive into the topic of how to provide interception of 10K+ targets on 100G networks and beyond while keeping the price in check. Presented by Matison - Sedam IT d.o.o.
16:45-17:45 Session B	Nuance Security Engine: the entry gate to the Future of Voice Biometrics and Voice Mining Presented by Nuance

Thursday, 7 June 2018

8:30-9:30	Discover Insights at Scale with Integrated Analytics Les Klein Data Field CTO, Pivotal, DELL
8:30-9:30	Carrier - in Carrier VSAT Interception (LEA and Government Attendees Only) Presented by Rohde&Schwartz
8:30-9:30	Experience from Voice Biometrics and Speech Analytics Deployments Experience from applications of Speaker Identification and Content Analysis in governmental solutions. Typical sizing, process flow and required implementation time of public safety projects. How will the new generation of Phonexia Voice Biometrics impact the system efficiency? Presented by Phonexia
9:00-9:30	100% Signal Visibility within next generation Optical Networks Presented by Lumacron
10:30-11:00	Lampyre: Universal platform for visual data analysis Vladimirsky Eugene, NORSI-TRANS
11:00-11:30	How to do National-Scale Communications Record-keeping in 2018 and Beyond Presented by Packet Forensics
12:00-13:00	Understanding Defeating Encryption with Quantum Computing for Non-Engineers Countless news articles have been written about quantum computers, the magic of entangled qubits and all the new business opportunities that will be created with these general-purpose computing machines.  But what is not addressed in these articles is you don’t need a general purpose quantum computer to defeat today’s cryptography.  While these general-purpose machines are likely a decade away from deployment, an application specific quantum circuit designed for one purpose only, e.g. defeating today’s public key encryption may be but a few years away. This webinar is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computers to decrypt your past and future intercepted transmission sessions, this high level webinar should be a must attend briefing. Dr. Jerry Lucas, President, TeleStrategies

---

Track 2: Defeating Encryption with IT Intrusion Products and Quantum Computing

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Tuesday, 5 June 2018

8:30-9:20	Efficient Cryptanalysis: Brute-Force And More Presented by SciEngines
10:35-11:25	Cyber Solutions for The Fight Against Crime Presented by FinFisher
11:30-12:20	Strategic and Tactical Wi-Fi Surveillance Presented by FinFisher
14:15-15:05	Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later. When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network  encryption.   Presented by: Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

Wednesday, 6 June 2018

9:00-10:00	Cyber Intelligence in Our Increasingly Privacy & Security Conscious Environment Presented by Wintego
11:30-12:30 Session A	Real-Life practical IT Intelligence Operations Presented by FinFisher
11:30-12:00 Session B	Encryption and Modern Cyber Intelligence Learn about solutions for encryption mitigation in the contemporary cyber intelligence world Sapir Daban, Verint
14:00-15:00 Session A	Skyfall – Revolutionary system for Remote Access and Control of Private Networks Presented by ThetaByte Technologies
15:30-16:30 Session B	Cyber Intelligence Solutions – How to uncover illicit activities Presented by Merlinx (Previously Equus Technologies)
16:45-17:45	TLS/SSL Decryption Workshop The presentation introduces methods how to decrypt TLS/SSL connection. Focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speaker will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective. Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology

---

Track 3: LEA, Defense and Intelligence Analyst Training and Product Demonstrations

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Tuesday, 5 June 2018

10:35-11:25	Cellebrite Analytics, Harness the Power of Digital Data Alexander Schuetterle, VP Advanced Solutions EMEA, Cellebrite
11:30-12:20	The last mile…alternative approaches for closing in your target. Location information of targets are usually obtained through lawful interception and data retention platforms, while IMSI catchers are used to zoom in for the last mile. Within this session a case study is being discussed which describes the need for alternative methods to obtain more accurate location information of your target and ways how to make more effective use of IMSI Catchers. Presented by Group 2000 Nederland B.V.
13:20-14:10	Leveraging CDR analysis in today's criminal investigation Presented by Ockham Solutions
15:25-16:15	Internet Records Intelligence: Acquisition and Analytics Presented by Yaana Technologies
16:20-17:20 Session A	Upcoming Speech Analytics Technologies in the context of AI and Big Data for Intelligence and Criminal investigations Presented by Nuance
16:20-17:20 Session B	Ethical and Sustainable Solutions in a World of Encryption The passive monitoring solutions are completely handicapped, when it comes to reconstructing or analysing encrypted IP data. Agencies have no choice but to opt for Trojans and other Intrusive techniques to gather cues about suspect’s Internet activities. They end up investing in such “need of the hour” approaches which are neither sustainable nor commercially viable.  What if there is a way to transform your passive monitoring approach to generate vital intelligence cues and build powerful evidence from encrypted traffic? Join us to explore a world of transformed investigative solutions that brings sustainability within the LI space and make it future ready, now. Presented by: Manohar Katoch- AVP Business Development, ClearTrail Technologies

Wednesday, 6 June 2018

9:00-10:00 Session A	Lawful Interception in 2018. VoLTE and encrypted services like Facebook, WhatsApp and Telegram. How Social Media Intelligence benefits investigators in a holistic vision Presented by IPS
9:00-10:00 Session B	LIVE DEMO: Biometric Voice Recognition System to identify people in phone calls, videos and social media Presented by ATIS
9:00-10:00 Session C	The Matrix Concept – producing actionable intelligence based on innovative gathering and analysis tools The overload of available data and the ever increasing amount of sensors that law enforcement and intelligence agencies had equipped themselves poses new challenges and also new opportunities. Rayzone Group proud the present it’s analysis and investigation platform, based on it’s MATRIX concept in order to utilize those opportunities and withstand the challenges. The ability to connect completely different types of sources opens new possibilities to produce valuable and actionable intelligence. Presented by Rayzone Group
11:30-12:30 Session A	Digital Toolbox: the investigator's best friend Presented by AREA
11:30-12:00 Session B	Money Laundry Use Case: Banking Data Analysis Live demonstration analyzing banking data using trovicor’s Intelligence Platform Presented by Trovicor
11:30-12:30 Session C	How cognitive computing can bolster Cyber Threat Intelligence (LIVE DEMO) DIGITAL SIGNAL INTELLIGENCE  DSINT is a versatile software platform, based on Artificial Intelligence Technology, able to mix and match: several data sources , Analytical capabilities, Visualization functions. The unique combination of these functions within the same  tool allows for more efficient organization, visionary innovation and more accurate prediction time. Presented by CY4GATE
12:00-12:30 Session B	Challenging the status quo - Investigations in an encrypted world Alexander Müller & Irina Palade, Rohde&Schwarz
12:00-12:30 Session D	Recognizing Radicalized Entities Operating in Critical Infrastructure Facilities      Dive into a case study that combines multiple intelligence disciplines to identify and neutralize a terror plot in a European Airport   Ms. Tom Sadon, Verint
14:00-15:00 Session A	Language Technology Solutions for Big Data Analytics & Intelligence. How to understand your target in any language Arnaud Simon, Director of Solutions Consultancy, SDL
14:00-15:00 Session B	Generate powerful evidence from PCAP, CDR/IPDR and Social Media, all from a single interface Agencies have to deal with variety of data like PCAP, CDR/IPDR and Open Source Data etc. coming from different sources. A typical investigation of such data involves manual correlation using different tools that eventually leads to disconnected intelligence and doesn't provide a single view of a "Person of Interest". What if you could bring data, tools and systems together on a single interface? Experience a seamless Investigation Workbench that assists investigators to collaboratively discover evidence, profile suspects, build stories and solve cases rapidly. Presented by: Jitendra Verma- Director Business Development, ClearTrail Technologies
14:30-15:00 Session C	Apps and cloud interception In this talk we will explain the concept of the Magen cutting edge mobile interception platforms, which create comprehensive target profiles through application, cloud, and dark net collection mechanisms.  Presented by Ke-la Group
15:30-16:30 Session A	Relational & Predictive: Future of Intelligence Analytics Presented by Advanced Systems
15:30-16:00 Session B	Encryption and Modern Cyber Intelligence Learn about solutions for encryption mitigation in the contemporary cyber intelligence world Sapir Daban, Verint
16:00-16:30 Session B	Recognizing Radicalized Entities Operating in Critical Infrastructure Facilities      Dive into a case study that combines multiple intelligence disciplines to identify and neutralize a terror plot in a European Airport   Ms. Tom Sadon, Verint
16:45-17:45 Session A	Best Practices to Deploying Forensic Tools   Forensic and lawful intercept tools are very important in order to protect your network but they are only as good as the data they receive. When using a SPAN or Mirror port you can not ensure that your tools are getting 100% of the data. With a Network TAP you can guarantee that 100% of your network traffic gets to your tools. In this presentation we will go over two case studies showing how a Network TAP provides 100% visibility and will help you get the most out of your forensic and lawful intercept tools. Presented by Garland Technology
16:45-17:45 Session B	Data Fusion and Analytics for National Security and Intelligence Presented by Yaana Technologies

Thursday, 7 June 2018

10:30-11:00 Session A	Enriching Target’s Profiles with OSINT data Demonstration using CDRs and OSINT to develop detailed target’s profiles Presented by Trovicor
10:30-11:30 Session B	SDN Delivers Services Differentiation   Presented by STORDIS GmbH
12:00-13:00	L.I. Targeting respecting privacy Presented by AREA

---

Track 4: Social Network / Dark Web Monitoring and Analytics Product Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Tuesday, 5 June 2018

8:30-9:20 Session A	Facilitating the Analyst’s Work through Automation of Deep and Dark Web Harvesting Volker Pauli, Manager, Sales Engineering, Kofax Deutschland AG
8:30-8:55 Session B	Signs of Online Radicalization Jihadism 2018- what does it look like? A review of the online signs of radicalization, how to listen to them, what role social media plays. Explore how radical Islam incitement evolves into terror activities Paz Ben Nun, Verint
8:30-9:20 Session C	Identity search, timeline extraction and social network analysis on Facebook and Instagram Presented by Harmari by LTAS
9:25-10:15 Session A	Unmasking and Linking Bad Actors Across OSINT, SOCINT and DARKINT Imagine finding all of the secret information bad actors never thought would be exposed.  Now imagine finding this information faster than every before, by fusing all data sources pertaining to your investigation into one unified portal, including historical identity record data you never knew existed.  In this session, we will show you how to leverage a curated datalake of over ten billion identity records accumulated across the full Internet surface over several years, and to unmask bad actors and uncover deep rooted links for your investigations. By bringing together the right data sources and configuring the system tuned to your mission, you can drill down and find unexpectedly rich identity information such as date of births, addresses, IPs, nicknames and intriguing data such as personal tastes and preferences.    Presented by 4iQ
9:25-10:15 Session B	Investigative methods to exploit DeepWeb content; analyzing SOCMINT and OSINT data Chris Westphal, Chief Analytic Officer, DataWalk
10:35-11:00 Session A	Propaganda 4.0: is fake news really so new? A journey through the tools of OSINT Presented by Gamma Group
10:35-11:25 Session C	Real-life use cases for analyzing unstructured data to investigate terror & criminal activities Presented by Voyager Labs
11:00-11:25 Session A	Gamma Eye: "Combining gadgets with hi-tech. Collect and process intell to help create operational overview" Presented by Gamma Group
11:30-12:20 Session A	AI Powered Web Intelligence Presented by Cobwebs Technologies
14:15-15:05	Profile, target and investigate the Darknet. Reinventing traditional HUMINT in the Digital Era Presented by AREA
15:25-16:15	Are closed profiles in Social Networks as private as you expect? Advanced OSINT capabilities for analysts One of the main challenges of the LEA and intelligence analysts is the search for profiles in social networks and the ability to extract insights from this information. But, what happens if the digital profile is closed or if the information about the target is scarce? Our technology and methodology help analysts with this task. Our demonstration will illustrate how we can gather information e.g. an extended list of the target’s hidden friends. FS ENTITIES, our product, extracts the digital profiles of social networks, giving deeper knowledge about both the behaviour and digital environment of these targets. Presented by Future Space
16:20-17:20 Session A	Social Media Text Mining Presented by Insikt Intelligence
16:20-17:20 Session B	The Israeli experience in the cyber domain and lessons learned by the Israeli Cyber Security establishment Presented by SIBAT - Israel MOD
16:20-16:50	Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure Presented by IPS
16:50-17:20	How to monitor Public Sentiment with a platform able to listen, analyze and react to propaganda campaigns on Social Media Presented by IPS

Wednesday, 6 June 2018

9:00-10:00 Session A	HIWIRE – Full Cycle WEBINT and OSINT collection with Deep Access Presented by WIP
9:00-10:00 Session B	WebMine2Go – Human Intelligence in Machine A new and different approach for successful use of Open Source and Online Social Networking for Cyber Crime Investigation & Intelligence Gathering Presented by ThetaByte Technologies
9:00-10:00 Session C	Build Bridges from OSINT & Breached Data to Profiling Presented by Indafo
11:30-12:30 Session A	"Different Intelligence Sources (OSINT, Dark Web, SIGINT, HUMINT) combined under a single analytical platform - Gamma's innovative approach" Presented by Gamma Group
11:30-12:30 Session B	DataWalk: the next generation analytical platform to address Human Trafficking Human trafficking crimes are recognized as some of the most complex to investigate and prosecute. Data analysis is a key investigative technique to identify the victims and perpetrators of this abhorrent crime. During this presentation we will show how DataWalk (a next-generation analytical platform) can facilitate the rapid collection and exploitation of data from various sources toward identifying organizations associated with human trafficking and human smuggling. Chris Westphal, Chief Analytic Officer, DataWalk
11:30-12:30	Practical use of blockchain analytics for getting digital evidence of criminal acts Blockchain is an immutable database, containing lots of data. The workshop demonstrates how Crystal blockchain analytical tool makes use of that data for real life investigations. Attendees of the workshop will get access to the tool on their own notebooks, to look into blockchain data with us and ask any questions. You will be able to follow our example, or look at your own case. Our experts will be out there in the hall to help you. Presented by Bitfury
14:00-15:00 Session A	New ways to uncover answers hidden in the sea of unstructured data, using cutting edge platforms based on Artificial Intelligence The way terrorists, gang members and other criminals connect, interact, recruit and spread propaganda has changed in today’s digital world. The internet has opened a new 5th dimension of warfare, and law enforcement agencies must stay one step ahead of the game.  Solutions based on artificial intelligence, machine learning, behavior pattern analysis and augmented analytics allow those responsible for our safety to regain control and supercharge their investigative efforts.  We’ll be discussing these solutions in a riveting session using real-life use cases as examples. Presented by Voyager Labs
14:00-15:00 Session B	Generating holistic intelligence by blending WEBINT with other data sources Presented by S2T
15:30-16:30 Session A	Full target tracking: mixed operations among clearweb, darkweb and mobile monitoring Presented by InTheCyber
16:45-17:45 Session A	The Israeli experience in the cyber domain and lessons learned by the Israeli Cyber Security establishment Presented by SIBAT - Israel MOD

Thursday, 7 June 2018

8:30-9:30 Session A	Cognitive Search Analytics - The Next Generation of Intelligence Presented by WIP
8:30-9:30 Session C	Forensic Investigations in Telecom Data Lakes: from CDR Analysis to Coherent Data Mining Presented by Baltinfocom
10:30-11:30 Session A	Handling Multi-language OSINT & COMINT with Artificial Intelligence As Intelligence Agencies need for real-time information for quick decision-making increases, they face huge challenges in terms of data collection and usage. How can they handle the exponential amounts of foreign-language information collected from various sources in different formats (text, image, audio) whereas they lack language skills and expertise? This session will include live product demonstrations. Emmanuel Tonnelier, Director, Defence and Intelligence Solutions, SYSTRAN
10:30-11:30 Session C	Getting the Right Information to the Right People, at the Right Time, using the Right Format (LIVE DEMO) OSCAR provides an innovative solution for  producing and sharing the intelligence to the decision makers using multitouch multiuser software. We turned our pluriannual experience in the intelligence domain and enterprises security into an Advanced Multimedia Information Cockpit that excels the analysts’ production. Presented by CY4GATE
12:00-13:00 Session A	Real-life use cases for analyzing unstructured data to investigate terror & criminal activities Today, analysts and investigators face the challenge of constrained resources and the pressure to handle multiple cases simultaneously, whilst the amount of open source data being created all around them is constantly on the rise.  Investigators have access to enormous amounts of publicly available unstructured data that could hold the key to cracking a case, but while this data is accessible to all, it is not understandable by all.  How does one tap into this data and make sense of it as quickly and effectively as possible? We will be using real life use cases as examples of how new cutting edge AI-based technology can be used to harness open source data and generate valuable insights to enhance and accelerate investigations. Presented by Voyager Labs
12:00-13:00 Session B	The Art of OSINT: Insight and Benefit  Modern intelligence, data volumes and Dark Web insights. The power and threats of life "online". How to work with OSINT data and what are analytical tools to upgrade arsenal with. Presented by Avnon
12:00-13:00 Session C	Data Storage and Processing Technology for LI at Scale Eyal Kaplan & Stephen Lernihan, DELL

---

Track 5: Mobile Signal Intercept and Electronic Surveillance Training and Product Demonstration

This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, 5 June 2018

8:55-9:20	Tactical Intelligence: Airborne and Urban Concepts of Operation Collecting intelligence from hard to reach areas & urban centers is a huge challenge for security organizations. We will explore use cases and performance for various tactical intelligence platforms, including Airborne and Urban concepts of operation. Alon Shamir, Verint
9:25-10:15	A, B, C  X, Y, Z of Location for National Security Description: Polaris Wireless brings you the latest on cutting edge location technologies. Explore the best practices and advanced technologies available today to pinpoint location in 3 Dimensions (X,Y and elevation(Z)) of any mobile device, anywhere in the country, in real-time. Discover how this high-accuracy location information for mobile devices can strengthen your national security initiatives. Presented by Polaris Wireless
10:35-11:25 Session A	WLAN Intelligence & investigation – methods, tools and services Presented by S.E.A
10:35-11:25 Session B	Mass satellite interception and its cyber protection challenges Imre Toltesi Dr. Carinex and Kamil Yuksel, Profen
11:30-12:20 Session A	Command and Control Center for covert field operations using Audio, Video and GPS feeds Presented by IPS
11:30-12:20 Session B	WHO, WHAT, WHERE, and WHEN?  Using VASTech’s Mass Monitoring Analytics to answer these key questions. Presenting use cases of VASTech’s intelligence analysis capabilities that enables intelligence agencies to identify, track, and expose persons of interest. Presented by VASTech
13:20-14:10 Session A	Discover how a unified platform connected to all MNOS for GSM retrieving and GPS from beacons can improve lawful location and your investigation Presented by Deveryware
13:20-14:10 Session B	Changing the world of geolocation for all generations using big data approach Presented by WaveGuard
14:15-15:05 Session A	Efficient methods for lawful interception in diverse mobile networks Presented by Iskratel
14:15-15:05 Session B	Counter-drone solutions for urban environments Presented by D-Fend Solutions
15:25-16:15	WHO, WHAT, WHERE, and WHEN?  Using VASTech’s Mass Monitoring Analytics to answer these key questions. Presenting use cases of VASTech’s intelligence analysis capabilities that enables intelligence agencies to identify, track, and expose persons of interest. Presented by VASTech
15:25-16:15	Unleashing the power of WiFi - an end-to-end approach to WiFi Intelligence Presented by WiSpear
16:20-17:20	VSAT Networks: Usage, Detection, Monitoring and Geolocation VSAT terminals are becoming a major connectivity node for cellular backbones, remote operations, hot spots and IoT among other application, which tools are available to detect and monitor network usage and behavior? Automatically scanning the visible orbital arc, detecting, characterizing and recording all received signals is now possible. The available toolbox goes beyond the simple detection and analysis of these networks, how it is possible to geo-locate VSAT terminals? Presented by Kratos Defense

Wednesday, 6 June 2018

9:00-10:00	IMSI Catcher, 2G/3G/4G Interception, New Challenges and Solutions Presented by NeoSoft AG
11:30-12:00	Tactical Tools Against Encrypted Protocols Presented by Advanced Systems
14:00-15:00	Deep Insight from Public Wireless Signals Presented by Packet Forensics
15:30-16:30	Electronic Lock and Alarm Defeat Capability Presentation Presented by Providence
16:45-17:45 Session A	Tactical Mobile Radio Analysis on GSM, UMTS, LTE and WiFi Presented by Rohde&Schwarz
16:45-17:45 Session B	WHO, WHAT, WHERE, and WHEN?  Using VASTech’s Mass Monitoring Analytics to answer these key questions. Presenting use cases of VASTech’s intelligence analysis capabilities that enables intelligence agencies to identify, track, and expose persons of interest. Presented by VASTech

Thursday, 7 June 2018

8:30-9:30 Session A	Alternative use of highly directional Microphone Arrays from Squarehead Presented by Squarehead
8:30-9:00 Session B	Router based interception – novel perception of remote interception from targeted networks (LIVE DEMO) Based on a novel perception of remote data interception, Rayzone Group developed infrastructure-based attack of targeted network. The System synergistically combines the capabilities and advantages of tactical and strategic interception systems to support authorities in overcoming threats effectively and efficiently. The system enables infiltration into a router. Once infiltrated, all the traffic is monitored by the system remotely. Presented by Rayzone Group
8:30-9:00 Session C	Carrier-in-Carrier VSAT Interception Presented by Rohde&Schwarz
9:00-9:30 Session B	Global SIGINT interception – creating leads for investigation based on global digital footprint (LIVE DEMO) Everyone leaves a digital footprint. Each use of any internet-based service leaves digital trace. This includes surfing the web (through browser or in-app), checking the weather thought mobile application,  sending a message, any many more. Rayzone Group has developed a unique global SIGINT interception system that collects all those digital traces and creates profiles for each internet user, based on their digital footprint. Presented by Rayzone Group
10:30-11:30	Tactical Wi-Fi Interception - Identify, Acquire, Intercept. In this session we will go over the challenges, limitations and operational solutions in tactical WiFi interception missions. We will cover the following: identifying targets, acquiring them and manipulating Wi-Fi enabled devices to extract intelligence. Presented by Jenovice
12:00-13:00 Session A	NanoLive, The next generation of covert camcorders Presented by Pro4Tech
12:00-13:00 Session B	Portable IMSI capture Use Cases and range extension Portable, Tri Protocol IMSI capture presentation with associated Use Cases including remote operation over IP Mesh networks. Andrew Johnson, DTC Phil Peacock, DTC

---

Track 6: Investigating DarkNets and Associated Bitcoin/Altcoin Transactions

This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities

Some Track 6 sessions open to all government and commercial cyber crime investigators.

Tuesday, 5 June 2018

8:30-9:20	Cybercurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
9:25-9:50	C3 – Cross Crypto Currency analysis: move forward with cryptocurrency intelligence  How to track illicit money flows among blockchain cryptocurrencies Presented by Neutrino.nu
9:50-10:15	Cryptocurrency intelligence: pattern analysis for crypto-money flows and illicit activities on the darknet  Presented by Neutrino.nu
10:35-11:25	Blockchain technology - challenges and opportunities for cybercrime investigations Marc Taverner, VP Business Development,, Bitfury
13:20-14:10	Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
13:20-14:10	Bitcoin in Practice: Buying, Selling, Sending and Receiving This is an introductory session to the practical uses of Bitcoin. By the end of this session you should be comfortable with using and interpreting block explorers, methods of purchasing and storing bitcoin, and the basic structure of Bitcoin transactions. This will include a demonstration of Elliptics’ Bitcoin analytics software. ·  The blockchain - how to access and interpret it ·  Using a block explorer ·  How Bitcoin is used in practice: buying and selling, sending and receiving ·  Bitcoin addresses and transactions   Presented by Elliptic
14:15-15:05	Advanced Bitcoin Concepts and an Introduction to Bitcoin Investigations Assuming an understanding of basic Bitcoin concepts, such as addresses and transactions, this session will cover more advanced topics, such as mixing and address clustering. By the end of this session you should have an understanding of why these concepts are useful, their impact on tracing payments, and how they work in practice. We will also look at the basics of Bitcoin investigations; how to identify evidence, types of investigations, and contacting exchanges to identify Bitcoin users.   ·  Address clusters ·  Mixers ·  An introduction to Bitcoin analytics software ·  Identifying Bitcoin evidence ·  Types of Bitcoin investigations ·  Identifying wallet holders ·  Case study: ransomware Presented by Elliptic
15:25-16:15	Cryptocurrency Forensics Utilizing a Multi-currency Blockchain Explorer Demonstration of a multi-currency blockchain explorer, which offers: unified environment – it is a web application that allows you to perform same cryptocurrency forensic task (transaction tracking, address checking and clustering, metadat collection) over multiple blockchains (for instance tracking the same user on Bitcoin and also Litecoin blockchain); so far we support BTC, LTC, ZEC, DASH, and BCH; identity matching – we have a database of 6 million various cryptoaddresses collected by web scraping of public Internet and TOR; clustering – the similar concept of revealing identities as provided by Chainalysis (i.e., common-spent, behavioral) leveraging own graph database; exports – customizable exports of relevant metadata in order to help with the evidence collection; address alarms – configurable alarms for different cryptoaddresses, so the user is informed as soon as there is any transaction containing a given address; Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology
16:20-17:20	Case Studies and Emerging Threats In the Criminal Use of Virtual Currencies The dark web economy is booming, thanks largely to the emergence of virtual currencies that enable quick, pseudonymous transfer of value across borders. In this session, we will explore a number of case studies showing how Bitcoin is being used to facilitate criminal activity and how blockchain analysis techniques have been used to counter this. We will also explore the new generation of cryptocurrencies, such as Monero and Zcash, which promise much higher levels of anonymity, and which are already gaining traction on the dark web. Luke Wilson, Vice President of Business Development-Investigations, Elliptic

Wednesday, 6 June 2018

14:00-17:45	Special Half Day DarkNet Seminar  by Andrew Lewman, Vice President, DarkOWL and Former Exectuve Director, The TOR Project 14:00-15:00 Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What’s possible? Presented by: Andrew Lewman, Vice President, DarkOWL 15:30-16:30 Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned. Presented by: Andrew Lewman, Vice President, DarkOWL 16:45-17:45 Session A Future directions - what’s next in dark net infrastructure, dark markets and investigation implications Presented by: Andrew Lewman, Vice President, DarkOWL
15:30-16:00	C3 – Cross Crypto Currency analysis: move forward with cryptocurrency intelligence  How to track illicit money flows among blockchain cryptocurrencies Presented by Neutrino.nu
16:00-16:30	Cryptocurrency intelligence: pattern analysis for crypto-money flows and illicit activities on the darknet  Presented by Neutrino.nu
16:45-17:45 Session B	Advanced Analytic Techniques for Deanonymizing Digital Currency Transactions Stephen Arnold, Managing Partner, Arnold.IT

Thursday, 7 June 2018

8:30-9:30	What Investigators Need to Know about Blockchain Architectures Supporting Altcoins or Cyber Currencies Other than Bitcoin (e.g. Ethereum, Monero, Litecoin, Dash, Ripplo, etc.). Roberto Capodieci, Blockchain Zoo
10:30-11:30 Session A	What Investigators Need to Know about Blockchain 2.0 & 3.0 Application Developments Roberto Capodieci, Blockchain Zoo
10:30-11:30 Session B	Dark Web Messaging Today and Outlook for 2019 Stephen Arnold, Managing Partner, Arnold.IT
12:00-13:00 Session A	What Financial Crime Investigators need to Know about Blockchain  Investigation Techniques. Roberto Capodieci, Blockchain Zoo

---

Track 7: Financial Crime: Prevention, Detection and Investigation

This track is for law enforcement and private enterprise investigators who are responsible for money laundering, fraud prevention, detection and investigation and other cyber crime activities.

Track 7 open to all government and private enterprise financial crime investigators.

Wednesday, 6 June 2018

14:00-17:45

Special Half Day DarkNet Seminar  by Andrew Lewman, Vice President, DarkOWL and Former Exectuve Director, The TOR Project 14:00-15:00 Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What’s possible? Presented by: Andrew Lewman, Vice President, DarkOWL 15:30-16:30 Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned. Presented by: Andrew Lewman, Vice President, DarkOWL 16:45-17:45 Session A Future directions - what’s next in dark net infrastructure, dark markets and investigation implications Presented by: Andrew Lewman, Vice President, DarkOWL

Thursday, 7 June 2018

08:30-13:00

Special "Best Practices for Financial Crime Investigators" Sessions Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC. 8:30-9:30 Today's Money Laundering Schemes Financial Crime Investigators Need to Know 10:30-11:30 The Business of Banking: What Financial Crime Investigators Need to Know 12:00-13:00 How Money Actually Moves Beyond the Banks: What Financial Crime Investigators Need to Know

---

Training Seminars Led by Law Enforcment Officers and Ph.D Computer Scientists

Tuesday, 5 June 2018

Seminar #1
8:30-15:05

Online Social Media and Internet Investigations　

Presented by: Charles Cohen, Cohen Training and Consulting, LLC;
Charles Cohen also holds the position of Captain, Cyber Crimes Investigative Technologies Section, Indiana State Police, USA

8:30-9:20
Proxies, VPNs, and Dark Web:  Identity Concealment and Location Obfuscation

9:25-10:15
Tor, onion routers, Deepnet, and Darknet: An Investigator’s Perspective

10:35-11:25
Tor, onion routers, Deepnet, and Darknet:  A Deep Dive for Criminal Investigators

11:30-12:20
Cellular Handset Geolocation:  Investigative Opportunities and Personal Security Risks

13:20-14:10
Collecting Evidence from Online Social Media:  Building a Cyber-OSINT Toolbox (Part 1)

14:15-15:05
Collecting Evidence from Online Social Media:  Building a Cyber-OSINT Toolbox (Part 2)


Seminar #2
8:30-15:05

Practitioners Guide to Internet Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

8:30-9:20
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

How it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.

9:25-10:15
Recognising Traffic Data and digital profiling via social networks and devices - digital shadows

What data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and  service providers, and how to analyze it. Investigator capabilities and opportunities.

10:35-11:25 
WIFI, geolocation, and Mobile Data traces and tracking

A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.

11:30-12:20
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.

13:20-14:10
Advanced Techniques in Tracing Suspects, and lateral problem solving

Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.

14:15-15:05
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site

"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.

Seminar #3
8:30-9:20

Cryptocurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis

Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies

This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses:

• Bitcoin Basics for Technical Investigators
• Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
• How Criminals and Terrorists Use TOR and Dark Web
• Bitcoin Cryptography Demystified (For Non-Math Majors)
• Popular Altcoins used by Criminals and the New Challenges Facing Law Enforcement

Seminar #4
13:20-14:10

Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations

Presented by: Matthew Lucas, (Ph.D Computer Science), VP, TeleStrategies

TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.

• How TOR hides IP addresses/identity/location
• TOR hosting, What is .ONION and content analysis

Seminar # 5
14:15-15:05

Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand

Presented by: Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later.

When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network
encryption.

Wednesday, 6 June 2018

Seminar #6
16:45-17:45

Advanced Analytic Techniques for Danonymizing Digital Currency Transactions

In this session, Stephen E Arnold reviews the changes in Dark Web user messaging caused by increasing pressure on traditional Dark Web sites. Innovations from Portugal Anonymous and developers of encrypted chat apps have been active. In fact, Briar and Matrix are two new but unproven systems now available. The options for secure communication for Surface Web and Dark Web users are increasing. This lecture presents information on these investigative challenges by describing a method for obtaining access to streams of one-to-one messages and processing the intercepted data.

The specific topics addressed are:

1.   What’s changed in Dark Web messaging since June 2017 when the “Dark Web Notebook” was published

2.   The mechanism, including network diagrams, for inserting investigators into the message flow of chat based on IRC techniques and rapidly-evolving peer-to-peer distributed messaging. A case example of a procedure developed in Qatar is reviewed.

3.   The types of content which the messaging techniques permit

4.   How the message types “work around” surveillance of traditional Dark Web sites such as drug markets

5.   Identification of open source and commercial services which enable these surveillance and analysis methods

6.   The challenges of the rapidly changing message types

7.   Outlook for 2019 

The lecture is designed for a person with familiarity with online surveillance and general familiarity with computer-assisted analyses.

Presented by: Stephen Arnold, Managing Partner, Arnold.IT

Thursday, 7 June 2018

Seminar #7
08:30-13:00

Concerns and Considerations in Financial Crime Investigations

Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC. Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides  training to improve detection and investigations of fraud, money laundering and counter terror finance.

The purpose of financial crime can be to generate or protect criminal profit. Locally or internationally, criminals face a continuous challenge of building structure to protect against the efforts of law enforcement and make their profits useable without fear of getting caught. Criminals will therefore build business and financial structures to mask their activities as well as launder money. 

In this 1 day seminar we will discuss the tools and methods criminals use and the law enforcement response. Each presentation describes different elements of financial crime and business models used by criminals as well as law enforcement methods and tactics to identify and disrupt them.  We will discuss the essentials in criminal networks, key players, money laundering, and trade based money laundering.  We will describe how information can be found as money is moved around the world and how investigators can make best use of this knowledge.  This training is aimed primarily at the investigator and analyst, but also has application to the law enforcement, intelligence, and financial regulatory community.

8:30-9:30
Today's Money Laundering Schemes Financial Crime Investigators Need to Know

10:30-11:30
The Business of Banking: What Financial Crime Investigators Need to Know

12:00-13:00
How Money Actually Moves Beyond the Banks: What Financial Crime Investigators Need to Know


Seminar #8
12:00-13:00

Understanding Defeating Encryption with Quantum Computing for Non-Engineers

Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

Countless news articles have been written about quantum computers, the magic of entangled qubits and all the new business opportunities that will be created with these general-purpose computing machines.  But what is not addressed in these articles is you don’t need a general purpose quantum computer to defeat today’s cryptography.  While these general-purpose machines are likely a decade away from deployment, an application specific quantum circuit designed for one purpose only, e.g. defeating today’s public key encryption may be but a few years away.

This webinar is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computers to decrypt your past and future intercepted transmission sessions, this high level webinar should be a must attend briefing.

"Keep it simple but not that simple" - Albert Einstein

Meantime in order to make this lead time assessment for quantum safe cryptography deployment you need to track performance metrics of key components of quantum computing technology.  And to do this you need to understand how a quantum computing circuit works when designed for the sole purpose of defeating public key encryption only.  

This "30,000 foot view" Webinar (10 sessions, 5 minutes each) Addresses:

1. What potentially makes quantum computers more powerful than today's electronic computers: qubit superpositioning, entanglement & interference (light on quantum mechanics)
   
   
2. A one-to-one functional comparison of a general-purpose computer with an application specific quantum circuit designed to do but one thing, defeat today's public key encryption (light on computer technology)
   
   
3. Qubit gates and circuits explained (light on mathematics)
   
   
4. The encryption busting, Shor’s Factoring Algorithm explained (again, light on mathematics)
   
   
5. A Step-by-Step walk through of what goes on within a quantum circuit designed to process a small public encryption key as numerical input, probablistic measurements along the way through the delivery of numerical private key as output thereby defeating encryption (light on physics and mathematics as well)
   
   
6. Quantum computer challenges with decrypting large public keys (e.g. RSA 2048 class) and the performance metrics (number of entangled qubits, logic gates, longevity, etc.) cyber security specialists need to be monitoring.
   
   
7. Leading quantum computer hardware options supported by IBM, Microsoft & Google vs. defeating encryption only, application specific quantum circuit architectures.
   
   
8. Why annealing quantum computers boasting of having thousands of qubits are not today able to successfully run Shor Type (e.g. defeating encryption) algorithms.
   
   
9. Quantum Safe Cryptography Options (QSA & QKD) and deployment readiness challenges.
   
   
10. Webinar Audience Questions and/or Comments

Seminar 9
16:45-17:45

TLS/SSL Decryption Workshop

Presented by: Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology

The presentation introduces methods how to decrypt TLS/SSL connection. Focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speaker will demonstrate how to decrypt intercepted traffic using open-source tools like Wireshark and NetFox Detective.

Seminar 10
12:00-13:00

Cryptocurrency Forensics Utilizing a Multi-currency Blockchain Explorer

Presented by: Vladimir Vesely, Researcher, FIT-BUT, Brno University of Technology

Demonstration of a multi-currency blockchain explorer, which offers:

• unified environment – it is a web application that allows you to perform same cryptocurrency forensic task (transaction tracking, address checking and clustering, metadat collection) over multiple blockchains (for instance tracking the same user on Bitcoin and also Litecoin blockchain); so far we support BTC, LTC, ZEC, DASH, and BCH;
• identity matching – we have a database of 6 million various cryptoaddresses collected by web scraping of public Internet and TOR;
• clustering – the similar concept of revealing identities as provided by Chainalysis (i.e., common-spent, behavioral) leveraging own graph database;
• exports – customizable exports of relevant metadata in order to help with the evidence collection;
• address alarms – configurable alarms for different cryptoaddresses, so the user is informed as soon as there is any transaction containing a given address;

Seminar #11
12:00-13:00

Dark Web Messaging Today and Outlook for 2019

Presented by: Stephen Arnold, Managing Partner, Arnold.IT

in this lecture, Stephen E Arnold, author of the 2015 monograph “CyberOSINT: Next Generation Information Access” presents specific information about the methods for revealing a bad actor’s “true identity.” Traditional investigative techniques remain important, but this lecture focuses on the tactics required when an investigator has little or no specific information about the individual or individuals involved in a particular activity; for example, human trafficking, weapons sales, child pornography, etc. 

In the lecture, these topics will be addressed:

1.   Why unmasking anonymous persons of interest is an essential task when an investigator must "follow the money"

2. A review of the "funnels method" identified in Stephen E Arnold's cyberOSINT and Dark Web research. The method makes use of a range of traditional and advanced analytic techniques, including clustering, link analysis, and handle (alias) search. Content from Surface Web, proprietary, and Dark Web sources can be examined in a federated system.

3.   The look at determining who is involved in a specific activity is explained and illustrated by examining how a specific commercial services can capture, analyze, and output a list of suspects. The case examples focus on associates, user names and aliases, and digital currency transaction data.

4.   Blockchain analysis makes it possible to obtain items of information which can be used to track a particular transaction from party to party; for example, a purchaser of 4 ANPP or LSD to the seller of the contraband using Bitcoin or other digital currencies.

5.   The process for taking data from generating a list of suspects, analyzing their hidden network activity, and then looking for behavioral “fingerprints” within Surface Web and other indexes is explained. Examples of this “matching” is presented.

6.   The systems explained do not work in isolation. In this section of the lecture, the integration of multiple automated methods are assembled into an “unmasking process.”

7.   The final section of the talk identifies the specific steps required to implement one or more of the methods described in the lecture.

The information in this program is designed for an investigator or an intelligence officer with some knowledge of large-scale surveillance systems and the use of commercial products such as IBM i2, Palantir Technologies, and specialized firms focused on the tasks required for unmasking identities. As noted, the digital tools do not replace a training analyst, investigator, or intelligence officer.