---

ISS World MEA Exhibits Schedule:

Tuesday, 13 March 2018
10:00-18:00

Wednesday, 14 March 2018
9:30-12:30

---

Training Seminars Led by Law Enforcement Officers and Ph.D Scientists
23 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists

Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(9 classroom hours)

Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer
(6 classroom hours)

Jerry Lucas (Ph.D., Physics), President, TeleStrategies


(5 classroom hours)

Matthew Lucas (Ph.D., Computer Science), Vice President, TeleStrategies
(3 classroom hours)

Monday, 12 March 2018

Seminar #1

9:00-17:00

Practitioners Guide to Internet Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

09:00-10:00
The Internet, and how suspects leave a Digital Footprint

10:15-11:15
Recognizing Traffic Data and digital profiling

11:30-12:30
WIFI, geolocation, and Mobile Data traces

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving

16:00- 17:00
Open Source Tools, resources and techniques

Seminar #2
09:00-17:00

Concerns and Considerations in Financial Crime Investigations

Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer

09:00-10:00
Criminal Essentials: The Needs of a Successful Illicit Network

10:15-11:15
Illicit Schemes: Money Laundering and Terror Finance: Similarities and Differences

11:30-12:30
Trade Based Money Laundering Techniques: Red Flags for Investigators 


13:45-14:45
World Finance Basics 1: How Investigators Can "Follow the Money": FedWIRE, Clearing Houses, and SWIFT

15:00-16:00
World Finance Basics 2: Hawala, Red SIMS, and Alternate Remittance Systems

16:15-17:15
Financial Investigation Case Planning: Application of Critical Thinking to your Case

Seminar #3
09:00-12:30

Understanding ISS Technologies and Products Deployed in Telecommunications Networks for Lawful Interception and Mass Surveillance

Presented by: Dr. Jerry Lucas, President, TeleStrategies

This half-day seminar covers how criminals and terrorists communicate over today's public telecommunications wireline and wireless networks, over the top Internet services and social networks. This seminar is ideal for law enforcement, interior security, public safety and others who need to understand the ISS technologies and products used to lawfully intercept electronic communications and conduct mass network surveillance as discussed at ISS World Conference sessions and by exhibitors.

9:00-10:00
Introduction to Wireline and IP Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance

10:15-11:15
Understanding Mobile Wireless Infrastructure, and Related ISS Products for Lawful Interception and Mass Surveillance

11:30-12:30
Understanding Internet Infrastructure and Related ISS Products for Mass Intelligence Gathering and Surveillance

Seminar #4
9:00-10:00

Cryptocurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis

Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies

This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses:

Seminar #5
14:45-15:45

Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations

Presented by: Matthew Lucas, (Ph.D Computer Science), VP, TeleStrategies

TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.

• How TOR hides IP addresses/identity/location
• TOR hosting, What is .ONION and content analysis

Seminar # 6
16:00-17:00

Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand

Presented by: Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later.

When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network
encryption.

Wednesday, 14 March 2018

Seminar #7
8:30-9:30

Practitioners Guide to Understanding Cyber Attacks on Banks - Exploring Vulnerabilities from The Perspective Of The Hacker

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

This one hour session will explore the viewpoints of both the banks perception of vulnerabilities, and that of the attacker. A follow-up session at 10:30 will address Practitioners Guide to Defending Banks Against Cyber Attacks.

Seminar #8
10:30-11:30

Practitioners Guide to Defending Banks Against Cyber Attacks – Identifying And Protecting Vulnerabilities To Frustrate The Thief, and Integrity Proof The Systems

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

This one hour session will explore the protection of weak points and future proofing banks against cyber attacks.

Seminar #9
12:00-13:00

Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

Seminar #10
12:00-13:00

Understanding Defeating Encryption with Quantum Computing for Non-Engineers

Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

Countless news articles have been written about quantum computers, the magic of entangled qubits and all the new business opportunities that will be created with these general-purpose computing machines.  But what is not addressed in these articles is you don’t need a general purpose quantum computer to defeat today’s cryptography.  While these general-purpose machines are likely a decade away from deployment, an application specific quantum circuit designed for one purpose only, e.g. defeating today’s public key encryption may be but a few years away. (Full Description of this webinar below Track 7)

(Full Pre-Conference Seminar Agenda Appears After Track 7)

---

Tuesday, 13 March 2018

Welcoming Remarks

8:15-8:30

Tatiana Lucas, ISS World Program Director, TeleStrategies

Keynote

8:30-9:00

Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Middle East has Solutions Dr. Jerry Lucas, President, TeleStrategies

---

Track 1: Lawful Interception and Criminal Investigation Training

This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure.

Tuesday, 13 March 2018

9:00-10:00	Current and Future Standardization Challenges: Encryption, Network Function Virtualization, Cloud Computing and More Alex Leadbeater, Chairman, SA3 LI and EU Data Retention Compliance Manager, BT
11:30-12:00	Legal Monitoring of Internet-of-Things (IOT) This presentation gives a quick introduction to IOT technologies and explores requirements and challenges in regards to legal compliance Presented by Utimaco TS GmbH
12:00-12:30	Multi-source Intelligence Collection & Big Data Analysis Presented by Sinovatio
14:00-14:30	User Behavior Profiling from Multiple Sources Digital crimes take place every day leaving evidence on various type of devices. The traditional method however, is to collect and analyze each device one-by-one. This session instead suggests a method to pan out all collected data from various devices (computer, mobile, cloud etc.) in order to see all the relevant data from a suspect with a holistic approach. Kim Jong Hyun, Douzone Bizon
14:30-15:00	Network Data Analytics: Using Active Network Intelligence to Quickly Respond to Emerging Regulatory Needs Monitoring network data traffic, dealing with network encryption, and taking meaningful action can feel like trying to hold back the tide.  Sandvine will present how to achieve scale, techniques for finding gold in a mountain of data, and automating actions using Active Network Intelligence. Presented by Sandvine
15:30-16:00	Lightning Network for Bitcoin - What it is and How it Works Presented by Yaana Technologies
16:00-16:30	Speech to Text and Voice Biometrics for Audio Mining solutions and Extraction of Actionable Intelligence This presentation gives a quick introduction to Nuance Speech technologies (Speaker ID, Transcription, Language ID and Keyword Spotting)  and its applicability for Security and Intelligence. A Speech to Text / Transcription live demo will be provided for Arabic language. Presented by Nuance

Wednesday, 14 March 2018

8:30-9:00

Update on Voice Data Mining for LEA, Military and Police The presentation will provide update on the latest news in the field of Voice Biometrics and Speech Analytics for purposes of governmental sector. Attendees will gain knowledge about best practices and trends from both technological and customer perspective.  Marek Slavik, Phonexia

12:00-13:00

Defeating Encryption with Quantum Computers: Myths vs. Realities for Cyber Security Decision Makers Quantum Computers will defeat key components of today’s cryptography.  It’s not a question of “if”, it’s a question of “when”.  This seminar addresses: How quantum computers will defeat today’s PKI, Symmetric Key Encryption and Blockchain 2.0 Hashing and when.  Light on quantum physics and math. Not all quantum computers are being designed to defeat encryption and why “nation state” quantum computer are. What are the “quantum safe” options specifically QKD and QSA and how realistic and/or expensive. Presented by:  Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

---

Track 2: Defeating Encryption with IT Intrusion Products and Quantum Computers

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Monday, 12 March 2018

10:15-11:15	Cyber Solutions for The Fight Against Crime Presented by FinFisher
11:30-12:30	Real-Life practical IT Intelligence Operations Presented by FinFisher
13:30-14:30	Ethical and Sustainable Solutions in a world of Encryption Manohar Katoch, AVP, Business Development, ClearTrail Technologies
16:00-17:00	Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later. When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network  encryption. Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

Tuesday, 13 March 2018

9:00-10:00

The end of Zero-Days and what to do about it To evade strong encryption in communication LEA may be forced to get access for digital investigations by using zero-day exploits. Initiatives like bug bounties and Google Project Zero together with an higher awareness for secure programming by the big software vendors the availability of such exploits will become harder even next to impossible and market prices are already skyrocketing. Malware analysis capability may become a key factor for LEA to evade that issue. Using own expertise for finding new vectors based on own malware forensics or using cheaper half day exploits for legal purposes will be a key factor for future investigations. RME will dive into the topic and explain how to close the gap and how to increase the lifecycle for remote forensic or tactical access tools in digital operations. Mr. André Reichow-Prehn, Head of Programme Cyber, Product Unit Cyber Solutions, Rheinmetall Electronics GmbH

11:30-12:30

Strategic and Tactical Wi-Fi Surveillance Presented by FinFisher

---

Track 3: LEA, Defense and Intelligence Analyst Training and Product Demonstrations

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Monday, 12 March 2018

13:30-14:30	Cellebrite Analytics, Harness the Power of Digital Data Alexander Schuetterle, VP Advanced Solutions EMEA, Cellebrite
14:45-15:45	Mobile Acquisition Uncovered: The Past, Present and Future of Mobile Device Investigations As manufacturers continue to improve device security and encryption, we ask: Where will the most valuable data reside? What can you do to both acquire and analyse it effectively? This session discusses the past, present, and future of mobile investigations and explains how these trends may shape your investigations. In particular, we will explore alternative acquisition methods and will de-mystify mobile forensic acquisition tools and techniques so that you will be better equipped to get more value from your toolset. Martin Barrow, Sales Engineer, Magnet Forensics
16:00-17:00	Hushmeeting: creating an iron-clad and quantum-safe communication environment Preventing attacks, detecting intruders and collaborating within a backdoor-free and malware-proof communicaiton framework. Real use cases and attacking scenarios Presented by Feedback Italia

Tuesday, 13 March 2018

9:00-10:00 Session A	Lawful Interception in 2018. VoLTE and encrypted services like Facebook, WhatsApp and Telegram. How Social Media Intelligence benefits investigators in a holistic vision Presented by IPS
9:00-10:00 Session B	LIVE DEMO: Biometric Voice Recognition System to identify people in phone calls, videos and social media Presented by ATIS
11:30-12:30 Session A	Latest updates on Forensic Investigator Toolbox Presented by AREA
11:30-12:00 Session B	How to quickly and efficiently identify suspects Live demonstration analysing complex data generated from multiple monitoring centers  Presented by Trovicor
14:00-15:00 Session A	Language Technology Solutions for Big Data Analytics & Intelligence. How to understand your target in any language Patrick Vanderper, SDL
14:00-15:00 Session B	Generate Powerful evidence from Internet Data, CDR/IPDR & Social Media Data from a Single Interface. Agencies have to deal with variety of data like PCAP, CDR/IPDR and Open Source Data etc. coming from different sources. A typical investigation of such data involves manual correlation using different tools that eventually leads to disconnected intelligence and doesn't provide a single view of a "Person of Interest". Moreover, the communications are moving to encrypted channels, which further limits the target’s visibility. What if you could bring data, tools and systems together on a single interface? Experience a seamless Investigation Workbench that assists investigators to collaboratively discover evidences, profile suspects, build stories and solve cases rapidly. Jitendra Verma- Director Business Development, ClearTrail Technologies
14:30-15:00 Session C	Lampyre: Universal platform for visual data analysis Oleg Kozhanov, NORSI-TRANS
15:30-16:30 Session A	Relational & Predictive: Future of Intelligence analytics Presented by Advanced Systems
15:30-16:00 Session B	Taking Lawful Interception and Monitoring into the 21st Century Presented by AQSACOM
15:30-16:30 Session C	A detailed understanding of the traffic on optical fibres ; performingmetadata + content analysis and exposing their intelligence value. Presented by VASTech

Wednesday, 14 March 2018

9:00-9:30	Massive Investigation, with a care for privacy: Carrier Grade Nat disambiguation and Rich IPDRs Analysis Presented by AREA
10:30-11:00	Anomaly Detection: Recognizing pattern changes in targets' activities Presented by Trovicor
12:00-13:00	Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

---

Track 4: Social Network / Dark Web Monitoring and Analytics Product Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees

Monday, 12 March 2018

10:15-11:15	Artificial Intelligence (AI) and the future of Web Intelligence (WEBINT) Presented by CWA Webint Applications
11:30-12:00	Extremist communication: what is out there, how to collect it, what it does, how to make sense of it and how to counter it – OSINT from a practitioners view Presented by Gamma Group
12:00-12:30	Evidence-based, operational mission management – from the simple to the sophisticated Presented by Gamma Group
13:30-14:30 Session A	SNS Network Analysis Presented by Esafenet
13:30-14:30 Session B	Live Demonstration of SnapTrends: Real-Time Location-Based Social Media Intelligence Presented by Snaptrends
14:45-15:45 Session A	Advanced analytics and identification through processing of social networks, audio sources and video surveillance Presented by everis
14:45-15:45 Session B	VASTech Mass Monitoring Analytics: Who was where and when ; if you touch the network, you leave footprints. A demonstration through use cases of the new powerful intelligence analytical capabilities and toolset from VASTech that identify, track and expose local and foreign targets on mobile networks. Presented by VASTech
16:00-17:00 Session A	How to monitor and influence Public Sentiment with a platform able to listen, analyse and react through propaganda campaigns on Social Media Presented by IPS
16:00-17:00 Session B	Digital Investigations in dark net Presented by AREA

Tuesday, 13 March 2018

9:00-10:00 Session A	Voice Analytics Patrick Pray, Pegasus
9:00-10:00 Session B	Connecting dots using all information, voice, IP data, location, movement, behavior, biometric, A egis, the one stop solution for you Presented by Semptian
11:30-12:30 Session A	Bridging discipline gaps in the hunt for perpetrators: Bringing together Metadata, OSINT, SOCMINT, SIGINT, Dark Web, Surveillance techniques and various other capabilities to support law enforcement Presented by Gamma Group
11:30-12:30 Session B	10 Best Practices on All Media Monitoring A live demo of National Intelligence System for Mobile/Twitter/Facebook/Youtube/News/Forums/Any website. Monitor your targets' messages, profiles, locations, behaviors, relationships, and more Bear Xu, CEO, Knowlesys International Limited
14:00-15:00 Session A	Dark Web – Can Governments afford not knowing? Hunting criminals on the dark side. Presented by Gamma Group
14:00-15:00 Session B	GoldenSpear Deep WEBINT – Reaching the Deepest corners of the Deep Web and the Darkest corners of DarkNet Presented by S2T
14:00-15:00 Session C	Advanced analytics and identification through processing of social networks, audio sources and video surveillance Presented by everis
15:30-16:00 Session A	Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure Presented by IPS
15:30-16:30 Session B	Intelligence Analysis on Big Data Presented by Sinovatio
15:30-16:30 Session C	Tactical Web Intelligence (WEBINT) and Social Engineering: a sneak-peak into the power of hollistic WEBINT platform Presented by CWA Webint Applications
16:45-17:45 Session A	Build Bridges from OSINT & Breached Data to Profiling Presented by Indafo
16:45-17:45 Session B	Fortion MediaMining : An advanced solution for OSINT and social media analysis Mohamed Khaled Khelif, AIRBUS

Wednesday, 14 March 2018

8:30-9:30	Data Fusion and Analytics for National Security and Intelligence Presented by Yaana Technologies
10:30-11:30	Voice Analytics Patrick Pray, Pegasus
12:00-13:00	VASTech Mass Monitoring Analytics: Who was where and when ; if you touch the network, you leave footprints. A demonstration through use cases of the new powerful intelligence analytical capabilities and toolset from VASTech that identify, track and expose local and foreign targets on mobile networks. Presented by VASTech

---

Track 5: Mobile Signal Intercept and Electronic Surveillance Training and Product Demonstration

This track is for Law Enforcement, Interior Security and the Government Intelligence Community who must work with cellular and mobile satellite operators regarding mobile location, electronic surveillance and RF intercept.

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Monday, 12 March 2018

11:30-12:30	A, B & C  X, Y & Z of Location for National Security Polaris Wireless brings you the latest on cutting edge location technologies. Explore the best practices and advanced technologies available today to pinpoint location (X,Y coordinates) and elevation (Z) of any mobile device, anywhere in the country, in real-time. Discover how this high-accuracy location information for mobile devices can strengthen your national security initiatives. Presented by Polaris Wireless
13:30-14:30	Command and Control Center for covert field operations using Audio, Video and GPS feeds Presented by IPS
14:45-15:45	Al-Sensor Integration and Mobile Location Finding Technologies Presented by Darkblue Technologies
16:00-16:50	Satellite Signal Analysis - Expanding Traditional Approaches Presented by Mathesis

Tuesday, 13 March 2018

9:00-10:00 Session A	IP enabled Covert Surveillance Tobias Jensen, Domo Tactical Communications
9:00-10:00 Session B	Drone Threat Mitigation Edgardo Gonzales, Expert Team Frankie Chan, Expert Team
11:30-12:30 Session A	IMSI Catcher, 2G/3G/4G Interception, New Challenges and Solutions Presented by NeoSoft AG
11:30-12:00 Session B	Tactical tools against encrypted protocols Presented by Advanced Systems
14:00-15:00 Session B	Challenges in Tactical IP Network Monitoring Presented by EXFO Homeland Security
15:30-16:30 Session A	Web-I-Qs DarkCloud darknet datasets, together withmh-SERVICE’s Forensic Cube enables extensive targeted Dark Net web-crawling, searches, insights and alerts. The DarkCloud darknet dataset is now available to law enforcement, local government and corporate clients, enabling them to perform their own searches in millions of pages from the Tor hidden services, and use it to learn, prevent, detect and investigate.  Annemarie Brockmöller from Web-I-Q/mh-SERVICE
15:30-16:30 Session B	Cellular Intelligence in Action-Real use cases solved by combining mobile location and traffic data from cellular networks Sven Amalendu Parasnis, Mobilaris
16:45-17:45	A, B & C  X, Y & Z of Location for National Security Polaris Wireless brings you the latest on cutting edge location technologies. Explore the best practices and advanced technologies available today to pinpoint location (X,Y coordinates) and elevation (Z) of any mobile device, anywhere in the country, in real-time. Discover how this high-accuracy location information for mobile devices can strengthen your national security initiatives. Presented by Polaris Wireless

Wednesday, 14 March 2018

8:30-9:30 Session B

From office to the field your Investigation is reaching a new level of expertise with Real Time Location Data Presented by Deveryware

---

Track 6: Investigating DarkNets and Associated Bitcoin Transactions

This track is for law enforcement and private enterprise investigators who have to monitor and investigate the DarkNet along with Bitcoin transactions associated with criminal activities

Track 6 open to all government and commercial cyber crime investigators.

Monday, 12 March 2018

9:00-10:00	Cryptocurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain AnalysisThis 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses: • Bitcoin Basics for Technical Investigators • Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining • How Criminals and Terrorists Use TOR and Dark Web • Bitcoin Cryptography Demystified (For Non-Math Majors) • Popular Altrcoins used by Criminals and the New Challenges Facing Law Enforcement Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
10:15-11:15	How to use investigative blockchain analytics and get comprehensive data for bitcoin transactions **LEA and Government Attendees Only** Willem-Jan Bruin, Director Western Europe - Enterprise-Grade Blockchain Solutions, Bitfury
11:30-12:30	Dark Markets and Bitcoin Laundering This session will focus on the illicit use of Bitcoin, ranging from dark market vendors and shops, to the popular methods used for laundering Bitcoin. By the end of the session you will have an understand of the wide range of  illicit uses for Bitcoin, different methods in which funds can be laundered, in what geographic regions this laundering occurs in, and the popularity of different methods of laundering. ·  Illicit uses of Bitcoin ·  Flows of illicit funds ·  Methods of Bitcoin laundering ·  Popularity of services, and geographic location of these services Presented by Elliptic
13:30-14:30 Session A	What Investigators Need to Know about Blockchain Architectures Supporting Altcoins or Cyber Currencies Other than Bitcoin (e.g. Ethereum, Monero, Litecoin, Dash, Ripplo, etc.). Roberto Capodieci, Blockchain Zoo
14:45-15:45 Session B	Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies
14:45-15:45 Session A	What Investigators Need to Know about Blockchain 2.0 & 3.0 Application Developments and How Criminals Will Likely Exploit Unexpected Weaknesses as well as Support New Criminal Activities. Roberto Capodieci, Blockchain Zoo
16:00-17:00 Session A	What Financial Crime Investigators need to Know about Blockchain  Investigation Techniques. Roberto Capodieci, Blockchain Zoo

Tuesday, 13 March 2018

9:00-10:00	Bitcoin in Practice This is an introductory session to the practical uses of Bitcoin. By the end of this session you should be comfortable with using and interpreting block explorers, methods of purchasing and storing bitcoin, and the basic structure of Bitcoin transactions. This will include a demonstration of Elliptics’ Bitcoin analytics software. ·  The blockchain - how to access and interpret it ·  Using a block explorer ·  How Bitcoin is used in practice: buying and selling, sending and receiving ·  Bitcoin addresses and transactions Presented by Elliptic
11:30-12:30	Advanced Bitcoin Concepts and an Introduction to Bitcoin Investigations Assuming an understanding of basic Bitcoin concepts, such as addresses and transactions, this session will cover more advanced topics, such as mixing and address clustering. By the end of this session you should have an understanding of why these concepts are useful, their impact on tracing payments, and how they work in practice. We will also look at the basics of Bitcoin investigations; how to identify evidence, types of investigations, and contacting exchanges to identify Bitcoin users.  ·  Address clusters ·  Mixers ·  An introduction to Bitcoin analytics software ·  Identifying Bitcoin evidence ·  Types of Bitcoin investigations ·  Identifying wallet holders ·  Case study: ransomware Presented by Elliptic
14:00-17:45	Special Half Day DarkNet Seminar  by Andrew Lewman, Vice President, DarkOWL and Former Exectuve Director, The TOR Project 14:00-15:00 Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What’s possible? Presented by: Andrew Lewman, Vice President, DarkOWL 15:30-16:30 Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned. Presented by: Andrew Lewman, Vice President, DarkOWL 16:45-17:45 Future directions - what’s next in dark net infrastructure, dark markets and investigation implications Presented by: Andrew Lewman, Vice President, DarkOWL

Wednesday, 14 March 2018

10:30-11:30 Session A

Case Studies and Emerging Threats In the Criminal Use of Virtual Currencies **(Only Open to Government and Law Enforcement Attendees)** The dark web economy is booming, thanks largely to the emergence of virtual currencies that enable quick, pseudonymous transfer of value across borders. In this session, we will explore a number of case studies showing how Bitcoin is being used to facilitate criminal activity and how blockchain analysis techniques have been used to counter this. We will also explore the new generation of cryptocurrencies, such as Monero and Zcash, which promise much higher levels of anonymity, and which are already gaining traction on the dark web. Luke Wilson, Vice President of Business Development-Investigations, Elliptic

---

Track 7: Financial Crime: Prevention, Detection and Investigation

This track is for law enforcement and private enterprise investigators who are responsible for money laundering, fraud prevention, detection and investigaiton and other cyber crime activities.

Track 7 open to all government and private enterprise financial crime investigators.

Monday, 12 March 2018

9:00-16:00

Concerns and Considerations in Financial Crime Investigations Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer 09:00-10:00 Criminal Essentials: The Needs of a Successful Illicit Network 10:15-11:15 Illicit Schemes: Money Laundering and Terror Finance: Similarities and Differences 11:30-12:30 Trade Based Money Laundering Techniques: Red Flags for Investigators 13:45-14:45 World Finance Basics 1: How Investigators Can "Follow the Money": FedWIRE, Clearing Houses, and SWIFT 15:00-16:00 World Finance Basics 2: Hawala, Red SIMS, and Alternate Remittance Systems 16:15-17:15 Financial Investigation Case Planning: Application of Critical Thinking to your Case

11:30-12:30

Dark Markets and Bitcoin Laundering This session will focus on the illicit use of Bitcoin, ranging from dark market vendors and shops, to the popular methods used for laundering Bitcoin. By the end of the session you will have an understand of the wide range of  illicit uses for Bitcoin, different methods in which funds can be laundered, in what geographic regions this laundering occurs in, and the popularity of different methods of laundering. ·  Illicit uses of Bitcoin ·  Flows of illicit funds ·  Methods of Bitcoin laundering ·  Popularity of services, and geographic location of these services Presented by Elliptic

Tuesday, 13 March 2018

9:00-10:00 Session B	Bitcoin in Practice This is an introductory session to the practical uses of Bitcoin. By the end of this session you should be comfortable with using and interpreting block explorers, methods of purchasing and storing bitcoin, and the basic structure of Bitcoin transactions. This will include a demonstration of Elliptics’ Bitcoin analytics software. ·  The blockchain - how to access and interpret it ·  Using a block explorer ·  How Bitcoin is used in practice: buying and selling, sending and receiving ·  Bitcoin addresses and transactions Presented by Elliptic
11:30-12:30 Session B	Advanced Bitcoin Concepts and an Introduction to Bitcoin Investigations Assuming an understanding of basic Bitcoin concepts, such as addresses and transactions, this session will cover more advanced topics, such as mixing and address clustering. By the end of this session you should have an understanding of why these concepts are useful, their impact on tracing payments, and how they work in practice. We will also look at the basics of Bitcoin investigations; how to identify evidence, types of investigations, and contacting exchanges to identify Bitcoin users.  ·  Address clusters ·  Mixers ·  An introduction to Bitcoin analytics software ·  Identifying Bitcoin evidence ·  Types of Bitcoin investigations ·  Identifying wallet holders ·  Case study: ransomware Presented by Elliptic
14:00-17:45	Special Half Day DarkNet Seminar  by Andrew Lewman, Vice President, DarkOWL and Former Exectuve Director, The TOR Project 14:00-15:00 Indexing the dark net – how do you catalog and search something that is not meant to be easily scrubbed? What’s possible? Presented by: Andrew Lewman, Vice President, DarkOWL 15:30-16:30 Case studies / examples in dark net investigations – de-anonymizing examples / approaches / best practices / lessons learned. Presented by: Andrew Lewman, Vice President, DarkOWL 16:45-17:45 Future directions - what’s next in dark net infrastructure, dark markets and investigation implications Presented by: Andrew Lewman, Vice President, DarkOWL

Wednesday, 14 March 2018

8:30-9:30	Practitioners Guide to Understanding Cyber Attacks on Banks - Exploring Vulnerabilities from The Perspective Of The Hacker  This one hour session will explore the viewpoints of both the banks perception of vulnerabilities, and that of the attacker.  A follow-up session at 10:30 will address Practitioners Guide to Defending Banks Against Cyber Attacks.  Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
10:30-11:30 Session A	Practitioners Guide to Defending Banks Against Cyber Attacks – Identifying And Protecting Vulnerabilities To Frustrate The Thief, and Integrity Proof The Systems This one hour session will explore the protection of weak points and future proofing banks against cyber attacks. Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
10:30-11:30 Session B	Case Studies and Emerging Threats In the Criminal Use of Virtual Currencies **(Only Open to Government and Law Enforcement Attendees)** The dark web economy is booming, thanks largely to the emergence of virtual currencies that enable quick, pseudonymous transfer of value across borders. In this session, we will explore a number of case studies showing how Bitcoin is being used to facilitate criminal activity and how blockchain analysis techniques have been used to counter this. We will also explore the new generation of cryptocurrencies, such as Monero and Zcash, which promise much higher levels of anonymity, and which are already gaining traction on the dark web. Luke Wilson, Vice President of Business Development-Investigations, Elliptic

---

Training Seminars Led by Law Enforcement Officers and Ph.D Scientists
23 classroom training hours, presented by Law Enforcement Officers and Ph.D. Scientists

Monday, 12 March 2018

Seminar #1

9:00-17:00

Practitioners Guide to Internet Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1 day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00
The Internet, and how suspects leave a digital footprint

How it works. Why it works. How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data

10:15-11:15
Recognizing Traffic Data and digital profiling

What data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyse it. Investigator capabilities and opportunities.

11:30-12:30
WIFI, geolocation, and Mobile Data traces

A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers . Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.

14:45-15:45
Advanced Techniques in Tracing Suspects and lateral problem solving

Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.

16:00-17:00
Open source tools, resources and techniques

"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.

Seminar #2
09:00-17:00

Concerns and Considerations in Financial Crime Investigations

Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27 year US Federal Law Enforcement Officer

09:00-10:00
Criminal Essentials: The Needs of a Successful Illicit Network

10:15-11:15
Illicit Schemes: Money Laundering and Terror Finance: Similarities and Differences

11:30-12:30
Trade Based Money Laundering Techniques: Red Flags for Investigators 


13:45-14:45
World Finance Basics 1: How Investigators Can "Follow the Money": FedWIRE, Clearing Houses, and SWIFT

15:00-16:00
World Finance Basics 2: Hawala, Red SIMS, and Alternate Remittance Systems

16:15-17:15
Financial Investigation Case Planning: Application of Critical Thinking to your Case

Seminar #3
09:00-12:30

Understanding ISS Technologies and Products Deployed in Telecommunications Networks for Lawful Interception and Mass Surveillance

Presented by: Dr. Jerry Lucas, President, TeleStrategies

This half-day seminar covers how criminals and terrorists communicate over today's public telecommunications wireline and wireless networks, over the top Internet services and social networks. This seminar is ideal for law enforcement, interior security, public safety and others who need to understand the ISS technologies and products used to lawfully intercept electronic communications and conduct mass network surveillance as discussed at ISS World Conference sessions and by exhibitors.

9:00-10:00
Introduction to Wireline and IP Infrastructure and Related ISS Products for Lawful Interception and Mass Surveillance

• Wireline Interception Points
• PSTN Interception: Content, CDRs and MetaData
• Lawful Interception: Telecom to Monitoring Center
• Mass Metadata Surveillance and SS7
• IP Network Basics: Why IP Layers needs to be understood
• Internet Access: Landline, Mobile, WiFi and others
• Deep Packet Inspection (DPI) and Intelligent Probes
• Optical Network Probe Intercept

10:15 - 11:15
Understanding Mobile Wireless Infrastructure, and Related ISS Products for Lawful Interception and Mass Surveillance

• Wireless Providers with Intercept Mandates and those with none
• Why Understand 2G, 3G, 4G and 4.5G Architecture need to be understood for Interception
• Wireless phone ID's and SIM cards
• Wireless Call Detail Record (CDR) Mining
• Wireless Data Services Option and Smartphone
• Cellular Roaming and Target Tracking with SS7
• Tracking and Location with IMSI Scanners and CDR Feeds
• Other Wireless Intercept: Satellite, Wi-Fi, WiMax and more
• No. 1 Future Wireless Intercept Challenge: True 4G and 5G
• ISS Products for Wireless Tracking Intercept and Mass Surveillance

11:30-12:30
Understanding Internet Infrastructure and Related ISS Products for Mass Intelligence Gathering and Surveillance

• Understanding IP Layering Architecture for Lawful Interception
• IP Addressing, IPv4 vs. IPv6, Address Reuse and DNSs
• Internet Infrastructure Supporting Email, Chat, IM, Skype and Blogging
• Internet Searching, How Google searches, Wikis and Search tools Law Enforcement Need to Understand
• Why Law Enforcement Needs to Know About how Crypto systems work, Public Key Cryptography, Certificate Authorities and Man In The Middle Attacks
• Basic Surveillance Techniques: Packet Sniffers, Web Bugs, Spyware, Phishing, Carnivore, Key Logging and More

Seminar #4
9:00-10:00

Cryptocurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis

Presented by: Dr. Matthew Lucas, Vice President, TeleStrategies

This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses:

• Bitcoin Basics for Technical Investigators
• Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
• How Criminals and Terrorists Use TOR and Dark Web
• Bitcoin Cryptography Demystified (For Non-Math Majors)
• Popular Altrcoins used by Criminals and the New Challenges Facing Law Enforcement

Seminar #5
14:45-15:45

Investigation Techniques for Unmasking TOR Hidden Services and Other Dark Web Operations

Presented by: Matthew Lucas, (Ph.D Computer Science), VP, TeleStrategies

TOR networks are notoriously effective at hiding the online identity of criminals, terrorists and others who are up to no good. The other side that receives less attention are TOR hidden services. These are services that leverage TOR's anonymizing capabilities to mask the identity of criminally-hosted online services - forming the basis of just about all illegal gambling sites, drug markets, child exploitation material, firearm sales, terrorism propaganda, and more.

• How TOR hides IP addresses/identity/location
• TOR hosting, What is .ONION and content analysis

Seminar # 6
16:00-17:00

Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand

Presented by: Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later.

When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network
encryption.

Wednesday, 14 March 2018

Seminar #7
8:30-9:30

Practitioners Guide to Understanding Cyber Attacks on Banks - Exploring Vulnerabilities from The Perspective Of The Hacker

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

This one hour session will explore the viewpoints of both the banks perception of vulnerabilities, and that of the attacker.  A follow-up session at 10:30 will address Practitioners Guide to Defending Banks Against Cyber Attacks. 

- What is the current typical attack
- Vulnerabilities leak points, and weak points 
- Hacking the Bank by traditional social engineering
- Man in the middle/mobile (MITM)
- Man in the Browser (MITB) attacks
- DDOS, Zeus, Zbot, and other exploits
- BHO poisoning (browser helper objects)
- DNS poisoning
- Pineapple and Rasberry Pi devices
- Clickjacking
- Formgrabbers
- Cloning and contactless card vulnerabilities
- PCI-DSS attacks and vulnerabilities
- The hackers point of view

Seminar #8
10:30-11:30

Practitioners Guide to Defending Banks Against Cyber Attacks – Identifying And Protecting Vulnerabilities To Frustrate The Thief, and Integrity Proof The Systems

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

This one hour session will explore the protection of weak points and future proofing banks against cyber attacks.

-PCI-DSS security and tightening
-WiFi encryption to avoid MITM
-Pen testing
-Dynamic virus signatures and monitoring
-End user verification and login
-Customer vulnerabilities and verification
-Quantum Dawn and Waking Shark II (wargaming) benefits
-Future proofing and horizon scanning
-Playing the hacker at his own game.

Seminar #9
12:00-13:00

Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations

Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

Seminar #10
12:00-13:00

Understanding Defeating Encryption with Quantum Computing for Non-Engineers

Presented by: Jerry Lucas, (Ph.D, Physics) President, TeleStrategies

Countless news articles have been written about quantum computers, the magic of entangled qubits and all the new business opportunities that will be created with these general-purpose computing machines.  But what is not addressed in these articles is you don’t need a general purpose quantum computer to defeat today’s cryptography.  While these general-purpose machines are likely a decade away from deployment, an application specific quantum circuit designed for one purpose only, e.g. defeating today’s public key encryption may be but a few years away.

This webinar is for cyber security executives and specialists who have the responsibility of assessing the lead time they have before deploying quantum safe cryptography solutions but don't have a technical background. If you believe nation state security agencies are developing quantum computers to decrypt your past and future intercepted transmission sessions, this high level webinar should be a must attend briefing.

"Keep it simple but not that simple" - Albert Einstein

Meantime in order to make this lead time assessment for quantum safe cryptography deployment you need to track performance metrics of key components of quantum computing technology.  And to do this you need to understand how a quantum computing circuit works when designed for the sole purpose of defeating public key encryption only.  

This "30,000 foot view" Webinar (10 sessions, 5 minutes each) Addresses:

1. What potentially makes quantum computers more powerful than today's electronic computers: qubit superpositioning, entanglement & interference (light on quantum mechanics)
   
   
2. A one-to-one functional comparison of a general-purpose computer with an application specific quantum circuit designed to do but one thing, defeat today's public key encryption (light on computer technology)
   
   
3. Qubit gates and circuits explained (light on mathematics)
   
   
4. The encryption busting, Shor’s Factoring Algorithm explained (again, light on mathematics)
   
   
5. A Step-by-Step walk through of what goes on within a quantum circuit designed to process a small public encryption key as numerical input, probablistic measurements along the way through the delivery of numerical private key as output thereby defeating encryption (light on physics and mathematics as well)
   
   
6. Quantum computer challenges with decrypting large public keys (e.g. RSA 2048 class) and the performance metrics (number of entangled qubits, logic gates, longevity, etc.) cyber security specialists need to be monitoring.
   
   
7. Leading quantum computer hardware options supported by IBM, Microsoft & Google vs. defeating encryption only, application specific quantum circuit architectures.
   
   
8. Why annealing quantum computers boasting of having thousands of qubits are not today able to successfully run Shor Type (e.g. defeating encryption) algorithms.
   
   
9. Quantum Safe Cryptography Options (QSA & QKD) and deployment readiness challenges.
   
   
10. Webinar Audience Questions and/or Comments