---

ISS World MEA Exhibits Schedule:

Tuesday, 10 March 2020
10:00-18:00 

Wednesday, 11 March 2020
9:30-12:30

---

Advanced HI-Tech Cyber Investigation Training Seminars Led by former Law Enforcement Officers and Ph.D Computer Scientists

30 classroom training hours, presented by former Law Enforcement Officers and Ph.D. Scientists

Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police
(6 classroom hours)

Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police
(7 classroom hours)

Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC and retired 27-year US Federal Law Enforcement Officer
(5 classroom hours)

Jerry Lucas (Ph.D., Physics), President, TeleStrategies

(3 classroom hours)

Matthew Lucas (Ph.D., Computer Science), Vice President, TeleStrategies

(3 classroom hours)

Vladimir Vesely (Ph.D., Computer Science) Researcher, Brno University of Technology
(3 classroom hours)

Andrew Lewman, VP, DarkOWL and Former Executive Director, The TOR Project
(3 classroom hours)

Monday, 9 March 2020

Seminar #1
9:00-17:00

Online Social Media and Internet Investigations　
Presented by: Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective

11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators

13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks

14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)

16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)

Seminar #2
9:00-17:00

Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows

11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving

16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site

Seminar #3
9:00-10:00

Understanding Mobile 2G/3G/4G/5G Infrastructure and Lawful Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session covers what technical investigators need to know about 2G/3G/4G infrastructure, SIM Cards, Authentication, CDR analysis, SS7, Cellular encryption and more.

Seminar #4
10:15-11:15

Understanding 5G Network Core (NFV, SDN, EDGE Computing and Network Slicing) for Law Enforcement Investigators
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

This session presents the challenges telecom operators and law enforcement face with the transition from a 4G/LTE to a 5G Core.

Seminar #5
11:30-12:30

Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

This 101-training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators

Seminar #6
13:30-14:30

Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

You can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time.

Seminar #7
16:00-17:00

SSL/TLS Interception Workshop (TLS1.3 edition)
Presented by: Jan Pluskal (Researcher) and Matej Gregr (Ph.D., Computer Science, Researcher), Brno University of Technology

The presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-the-middle attack employing proxy and other ways how to obtain unencrypted content of the TLS/SSL session. Speakers outline necessary theory (including news about TLS 1.3), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others) and industry-standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session also includes a live demonstration of the MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to the testbed, which consists of real devices (and their traffic), including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.

Tuesday, 10 March 2020

Seminar #8
14:30-17:00

Concerns and Considerations in Financial Crime Investigations - PART I (PART II Continued on Wednesday, 11 March 2020)
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.

14:30-15:30
Criminal Essentials: The Needs of a Criminal Network

16:00-17:00
Financial Crime Schemes in Money Laundering

Wednesday, 11 March 2020

Seminar #9
8:30-13:00

Special Half Day DarkNet Seminar
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

08:30-09:15
Breaking Darknets Through Theory and Fundamentals

09:15-10:00
Cases from the Darknet: Technical Walkthroughs

11:30-12:15
Future Directions of Darknets, Investigations and Infrastructure

Seminar #10
8:30-13:30

Concerns and Considerations in Financial Crime Investigations - PART II
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.

8:30-9:30
The Essentials of Trade Based Money Laundering

10:30-11:30
How Does Money Actually Move?

12:30-13:30
Follow the Money Beyond the Banks

Seminar #11
12:00-13:00

Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

(Full Pre-Conference Seminar Agenda Appears After Track 7)

---

ISS World MEA Exhibits Schedule:

Tuesday, 10 March 2020
10:00-18:00 

Wednesday, 11 March 2020
9:30-12:30

---

Tuesday, 10 March 2020

Welcoming Remarks

8:15-8:30

Tatiana Lucas, ISS World Program Director, TeleStrategies

Keynote

8:30-9:00

Top Ten Internet Challenges Facing Law Enforcement and the Intelligence Community and Who at ISS World Middle East and Africa has Solutions Dr. Jerry Lucas, President, TeleStrategies

---

Track 1: Lawful Interception and Criminal Investigation Training

This track is for Telecom Operators and Law Enforcement/Intelligence/Defense Analysts who are responsible for specifying or developing lawful intercept network infrastructure. Note, some session are LEA/Government Only and marked accordingly in "RED"

Monday, 9 March 2020

16:00-17:00
SSL/TLS Interception Workshop (TLS1.3 edition)
an Pluskal (Researcher) and Matej Gregr (Ph.D., Computer Science, Researcher), Brno University of Technology

16:00-17:00
Lawful Interception in VolTE, VoWiFi and next generation Services.
Find out how you can utilize you can existing monitoring centre to receive next generation voice & video.
Rupesh Sangoi, Director, Zeel Infotech

Tuesday, 10 March 2020

9:00-10:00 Session B
SIGINT in 5G - How to catch an IMSI
Due to the improved subscriber privacy within the 5G Network standards, the complexity of collecting SIGINT increases. 
Group 2000 provides solutions to mitigate these challenges and will explain how these solutions ensure uninterrupted intelligence collection required for your organization.  
Sander de Jong, Group 2000

9:00-10:00 Session C
What more can we do in fighting coronavirus ?
Presented by Sinovatio

13:00-14:00 Session B
Digital Toolbox: the investigator's best friend
Presented by AREA
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)

14:30-15:30 Session A
Lawful Interception and Communication Data, Current & Future Challenges: Mobile, Cyber Security, Virtualization and AI - An industry view
Alex Leadbeater, 3GPP SA3-LI and ETSI TC Cyber Chairman and Head of Global Obligations Future and Standards, BT Security

14:30-15:30 Session B
Accelerating investigation workflows with specially designed forensic laboratories for the HQ or on wheels out in the field
Presented by mh Service

Wednesday, 11 March 2020

12:30-13:30
Password Cracking Workshop
The lecture outlines password-cracking use-cases, employed formats, current GPU/FPGA performance limits, and existing tools (such as Hashcat). We will show how to: a) automatically extract hashes from encrypted documents; b) prepare and evaluate password keyspace (e.g., generate passwords using Markov chains / rule-based grammars); c) efficiently orchestrate various cracking tasks (e.g., issues related to passwords containing national characters) and apply strategies (e.g., a combination of dictionaries). Moreover, we will introduce our hypervisor for distributed password cracking that helps investigators to utilize the potential of their infrastructure. Last but not least, we will speak about our experience when developing our own GPU-based hardware cracking platform competitive with industry standards from well-known vendors.
Jan Pluskal (Researcher) and Matej Gregr (Ph.D., Computer Science, Researcher), Brno University of Technology

---

Track 2: LEA, Defense and Intelligence Analyst Product Demonstrations

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Monday, 9 March 2020 

9:00-10:00 Session A
How to gain situational network awareness faster
Presented by Rohde&Schwarz

10:15-11:15 Session A
Instant messenger Telegram real-time monitoring for crime prevention and counter-terrorism activities
Presented by ASIRIS

10:15-11:15 Session B
Data Fusion and Analytics for National Security and Intelligence
Presented by Saran Gopalakrishnan, Vice President, Yaana

11:30-12:30 Session A
Encrypted & Evasive Traffic: New Visibility with Next-Generation DPI

As cyber attacks become increasingly sophisticated, effective threat analytics depends more and more on the quality of traffic data available to analytics solutions. The more comprehensive and accurate the network traffic information delivered, the more accurate the detection and investigation capabilities will be. Deep Packet Inspection (DPI) technology has long been used to provide granular detail of network traffic, but encrypted and evasive traffic has posed a challenge for conventional DPI and related monitoring and data extraction technologies. Now, a new generation of DPI sensors enriched with flow analytics and advanced data mining techniques is delivering critical visibility into encrypted and evasive traffic.

Discover how you can use next-gen DPI to: 

• Get maximum visibility into all encrypted traffic to support:
• Triage for decryption
• Advanced analytics for anomaly detection 
• Forensics
  
  
• Detect and extract maximum data about traffic using evasive techniques, including
• VPNs 
• Anonymizers
• Covert communications channels
• Complex tunneling
• Domain fronting 
• Traffic spoofing
• File spoofing, and more 

Sebastien Synold, Product Manager, Qosmos DPI Business Unit, ENEA

11:30-12:30 Session B
The Role of Context in Threat Intelligence
Presented by Resecurity

13:30-14:30 Session A
Why every packet tells a story
David Butler Senior Manager and Jesper Andersen CCO, XCI

13:30-14:30 Session C
The New Frontier of Digital Forensics
From mobile phones to NAND FLASH memories
Digital analysis methods and approaches
Presented by SIM

14:45-15:45 Session A
Practical and creative example of modifying Android OS by HEX editing system files, and having regular applications to achieve surveillance.
Denis Cuculic, CEO ex. Head of Technical Department, PRO4SEC 

14:45-15:45 Session B
Finding & Investigating Digital Footprint
Presented by DSS Technology

14:45-15:45 Session C
Live Demo. Real Investigation, from Telegram to the Darknet, and using infection tools to track the targets
Presented by MOLLITIAM CYBERINTELLIGENCE

Design Your Intelligence Fabric: Intercept, {Collect}, Analyze

Typically, agencies acquire a range of strategic & tactical systems from different vendors. Such systems are hardwired and delivered with finite use cases. Moreover, a lot of critical data gets accumulated across such systems, databases or with people who are privy to the agency’s mission & processes, eventually leading to data silos and disconnected intelligence.

What if you could design your own Intelligence Fabric that helped you to collect & analyse data from multiple systems, databases & humans?  What if you could build special-purpose applications in real-time? What if you could work with any data to deliver intelligence?

Witness the new intelligence paradigm that enables you to intercept, collect and analyze any data, unlike ever before.

Anubha Gumashta, Director, ClearTrail Technologies

Tuesday, 10 March 2020 

9:00-10:00
ASIRIS Monitoring Platform. Extraction and data mining on Telegram messenger
Presented by ASIRIS

13:00-14:00
Live Demo. Real Cyberoperation, invisible control of Android smartphones and Window/macOS systems
Presented by MOLLITIAM CYBERINTELLIGENCE

14:30-15:30 Session A
Target Tracking and Mass Positioning for Individuals and Groups: Use Cases and Implementation in Cellular Networks
Presented by Applicata

14:30-15:30 Session B
One way alliance
Presented by GSN

14:30-15:30 Session C
Resolving Anonymity in the World of Encrypted Communication

The threat landscape is changing rapidly. 

Intelligence agencies are in continuous pursuit of identifying sleeper cells. However, proprietary apps, secured social media and encrypted communication channels provide an anonymity cover to the anti-social elements.

Join us to explore how to analyze dark communication at a countrywide scale to uncover potential threats and identify suspects among millions of subscribers.

Jitendra Verma, Director, ClearTrail Technologies

Wednesday, 11 March 2020 

8:30-9:30
Guess who is using THAT App in your Country
Presented by AREA

10:30-11:30
The Art Of OSINT: Insight and Benefit
Presented by BLER Systems Ltd.

---

Track 3: Social Network Monitoring and Cyber Threat Detection Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Monday, 9 March 2020 

10:15-11:15 Session A
Real Time detection of Advances Persistent Threats: GATEWATCHER
In this session, Global Security Network will first remind the audience about the challenges faced by SOC team to detect APT attacks.  Afterward we will explain in details a new generation of NIDS offering unique capabilities to focus SOC teams analysis and leveraging best of breed technologies to detect APT attacks up and down the kill chain.
Presented by GSN

10:15-11:15 Session B
Cyber Threats; How to achieve the highest data accuracy, gain the most granular visibility, and overcome encryption challenges
While LI works to evolve forensic breakthroughs and provide relevant solution feeds, data networking vendors continue to support them by providing solutions for data capture, visualization solutions, social network analytics, VoIP variability, and encryption challenges. In this presentation, we’ll explore the latest technologies to enhance the LI framework ensuring the right mix of data is available, visible, and actionable in real-time. 
Sherief Nazif, AVP Sales for Regulatory, Sandvine
Elie El-Khoury, Director Sales Engineering, MENAT, Sandvine

11:30-12:30 Session A
Big Multimedia Content Intelligence
Presented by everis ADS

11:30-12:30 Session B
Autonomous Counter Terrorism using OSINT
Presented by ISnSC

Tuesday, 10 March 2020

9:00-10:00 Session A
Industry Secrets of end-to-end data Collection and Analysis: How technology is changing everything and what you need to do, now!
Presented by BAE Systems AI

9:00-10:00 Session B
Tactical Web Intelligence (WEBINT) & Social Engineering: Gathering Actionable Intelligence via a powerful WEBINT platform
Presented by Cobwebs

13:00-14:00 Session A
Defend Cyberspace Sovereignty- Advanced Cyberspace Management Solution
Presented by Sinovatio

13:00-14:00 Session B
Industry Secrets of end-to-end data Collection and Analysis: How technology is changing everything and what you need to do, now!
Presented by BAE Systems AI

14:30-15:30 Session A
ASIRIS Monitoring Platform. Extraction and data mining on Telegram messenger
Presented by ASIRIS

14:30-15:30 Session B
The Art of Security Monitoring: How to win the fight with limited resources
The threats to your network are varied, sophisticated, and increasing.  New attacks are released every day, and hackers are well-funded and determined. There are many high-quality security tools available which can detect attacks, but those tools and – more importantly – the teams that operate them are simply overwhelmed. Keysight’s security expertise can help you solve these problems. We can find and fix security problems in your network, we can stem the flood of security alerts that keeps your team scrambling, and we can offload intensive SSL inspection so that your threat detection tools can focus on what they do best. Join us to learn how Keysight keeps you ahoead of the curve when securing your network.
Mohamed Elshaieb, Channel Sales Manager – META and Pakistan, Network Solutions Sales (NSS), Keysight Technologies – IXIA

16:00-17:00 Session A
Awakening the "Sleeper Cells" [Case study]: Using of the latest WEBINT methodologies and tools to discover a covert terrorist organization through the web
Presented by Cobwebs

16:00-17:00 Session B
Combining Tactical Surveillance, Cyber Intelligence and Deep Analytics to Identify the Organizers of violent protests
Presented by S2T

Wednesday, 11 March 2020

10:30-11:30 Session A
Big Multimedia Content Intelligence
Presented by everis ADS

10:30-11:30 Session B
Mobile storage protection: a complete solution for High Security Systems 
In this session, Global Security Network will explain the pros and cons of the available technologies to protect Secret and Top Secret Network while using USB and other mobile storage.  Afterward we will explain in details the benefit of hardware segregation and the need for multiple AV engines as well as sanitization.
Presented by GSN

10:30-11:30 Session C
Open-Source Intelligence from Social Networks, Surface & Dark Web

Witness an open-source intelligence system that provides actionable insights from social networks (Twitter, Facebook, Instagram, YouTube, Reddit & Tumblr), dark web, RSS feeds & WhatsApp on a single interface. Explore hashtags/keywords, discover top trends & influencers, identify viral messages & sentiments associated with a topic, reveal fake images & extract entities of interest.

Sameer Fegade, Sr. Director, ClearTrail Technologies

12:30-13:30
Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

---

Track 4: Investigating DarkWeb, Bitcoin, Altcoin and Blockchain Transaction

This track is open to all attendees. Note, some session are LEA/Government Only and marked accordingly in "RED"

Monday, 9 March 2020

9:00-10:00
Live Demonstration of DarkOwl Vision: Darknet Intelligence Discovery and Collection
David Alley, CEO, DarkOWL FZE
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)

11:30-12:30
Cybercurrency 101: Introduction to What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

13:30-14:30
Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

Tuesday, 10 March 2020

9:00-10:00
Profile, target and investigate the Darknet
Presented by AREA
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)

16:00-17:00
Cryptocurrency Investigation Workshop
The session surveys current methods for blockchain and traffic analysis. The presentation informs about applicable methods for Bitcoin but also for other major cryptocurrencies as well (e.g., Ethereum, Litecoin, Dash, Zcash, Monero, and others). Speaker explains in detail the properties of cryptocurrency forensics, including address clustering, coinjoining of inputs, transaction mixing, and traffic correlation. The session includes a live demonstration of cryptocurrency evidence collection in a ransomware case. Moreover, participants will have a chance to bring their cryptocurrency addresses/transactions for assessment.
Matej Gregr (Ph.D., Computer Science, Researcher), Brno University of Technology, Brno University of Technology

Wednesday, 11 March 2020

8:30-9:30
Breaking Darknets Through Theory and Fundamentals
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

10:30-11:30
Cases from the Darknet: Technical Walkthroughs
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

12:00-13:00
Future Directions of Darknets, Investigations and Infrastructure
Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

---

Track 5: Artificial Intelligence and Facial Recognition, Threat Detection Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, 10 March 2020

13:00-14:00
AI based Translation Solutions to Enable Actionable Intelligence
Join us to explore how SDL helps organizations dealing with ever growing volumes of foreign language data. SDL’s Neural Machine Translation leverages AI/Machine Learning to understand actionable information from multilingual content. SDL’s Machine Translation is proven in a variety of intelligence and surveillance settings to deliver rapid and accurate support for your mission of finding and addressing critical information insights.
Presented by SDL

16:00-17:00
Remote Target Data extraction -  Myth & Reality and the use of Artificial Intelligence
Presented by GRIS Intelligence Solutions

Wednesday, 11 March 2020

10:30-11:30
Thor Hammer. Improving the Cyber Resilience of Critical Infrastructures with military technology.
Presented by MOLLITIAM CYBERINTELLIGENCE

---

Track 6: 5G Lawful Intercept and Forensics Training

This track is mostly open to all attendees. There may be some sessions only open to LEA and Government attendees, which will be labeled below in RED.

Monday, 9 March 2020 

10:15-11:15
Understanding 5G Network Core (NFV, SDN, EDGE Computing and Network Slicing) for Law Enforcement Investigators
Dr. Matthew Lucas (Ph.D, Computer Science), Vice President, TeleStrategies

16:00-17:00
Real World Interpretation of 5G LI requirements and implications for Carriers and LEAs
With 5G, we can expect 100 times more data per target and with that, unfortunately, also comes significantly more "noise". However on the flip side, 5G and the new services it allows for, can actually provide LEAs with more relevant data delivered in real-time.  In this discussion Dr. Cemal Dikmen discusses the new level of requirements needed in Lawful Intercept solutions.
Presented by SS8

Tuesday, 10 March 2020

13:00-14:00
Mobile Radio Analysis Solutions with 5G for Government
Presented by Rohde&Schwarz
(THIS SESSION IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)

16:00-17:00
5G: Keep Calm & Carry on with LI
Presented by Leigh Porter, Yaana

Wednesday, 11 March 2020

8:30-9:30
SIGINT in 5G - How to catch an IMSI
Due to the improved subscriber privacy within the 5G Network standards, the complexity of collecting SIGINT increases. 
Group 2000 provides solutions to mitigate these challenges and will explain how these solutions ensure uninterrupted intelligence collection required for your organization.
Sander de Jong, Group 2000

---

Track 7: Mobile Signal Intercept and Electronic Surveillance Training

This track is only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Monday, 9 March 2020 

9:00-10:00 Session A
Understanding Mobile 2G/3G/4G/5G Infrastructure and Lawful Intercept for Technical Investigators
Dr. Jerry Lucas, President, TeleStrategies

10:15-11:15
Detect, intercept IP traffic and locate satellite VSAT terminals
Presented by Kratos

11:30-12:30
Latest techniques of detecting and neutralizing IMSI Catchers and Wi-Fi monitoring systems. 
Presented by NeoSoft

13:30-14:30 Session B
Gathering intelligence remotely from networks, cameras and IoT devices worldwide - Challenges & Solutions
Presented by Interionet

14:45-15:45 Session A
SCPC/VSAT interception in CiC/CuC scenarios
Presented by Rohde&Schwarz

14:45-15:45 Session B
What is 5G – Technology Overview
This presentation discusses the reasoning behind 5G, the main use cases and how that affects the network structure. The key technologies and the radio access network deployment schemes of the 5G are described and a glance to the stage of standardization, network launches and mobile device introductions is given.
Presented by EXFO Homeland Security

Tuesday, 10 March 2020

13:00-14:00 Session A
Cellular Intelligence in Action. Real use cases solved by combining mobile location and traffic data from cellular networks
Cell phones are at the core of almost every crime and act of terror. Cellular networks are rich on standardized information and have by far the largest public footprint. By assembling, storing, processing and analysing massive amounts of standardized traffic data in real-time we enable authorities to identify terrorists and criminals, locate, track and alert to prevent dangerous situations and clear up crimes.
Presented by Mobilaris

13:00-14:00 Session C
Gathering intelligence remotely from networks, cameras and IoT devices worldwide - Challenges & Solutions
Presented by Interionet

14:30-15:30 Session B
Miniature surveillance capabilities through wireless solutions
Presented by Covidence

16:00-17:00
TACTERO - IMSI catchers detector
Presented by Forward Defense

---

Advanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists

30 classroom training hours, presented by former Law Enforcement Officers and Ph.D. Scientists

Monday, 9 March 2020

Seminar #1
9:00-17:00

Online Social Media and Internet Investigations　
Presented by: Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Perspective

11:30-12:30
Tor, onion routers, Deepnet, and Darknet: A Deep Dive for Criminal Investigators

13:30-14:30
Cellular Handset Geolocation: Investigative Opportunities and Personal Security Risks

14:45-15:45
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 1)

16:00-17:00
Collecting Evidence from Online Social Media: Building a Cyber-OSINT Toolbox (Part 2)

Seminar #2
9:00-17:00

Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.

This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

How it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking. 

10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows

What data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities. 

11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking

A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.

13:30-14:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.

14:45-15:45
Advanced Techniques in Tracing Suspects, and lateral problem solving

Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.

16:00-17:00
Open Source Tools, resources and techniques - A walk through my free law enforcement open source tools site

"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how.

Seminar #3
9:00-10:00

Understanding Mobile 2G/3G/4G/5G Infrastructure and Lawful Intercept for Technical Investigators
Presented by: Dr. Jerry Lucas, President, TeleStrategies

This session presents what technical investigators need to know about 2G/3G/4G technology infrastructure, Including:

• Lawful Interception of Voice, Data and Messaging Differences in GSM, UMTS and LTE Networks
• SIM Card Basics: Information Available (IMSI, Authentication Key, etc.) and Cryptography Algorithms (A3, A5 and A8)
• Tracking Targets Using CDR's, SS7 Interconnect and IMSI Cathers and more.
• Infrastructure differences with 4G-LTE and 5G from a lawful interception perspective
• Understanding 4G Advanced Pro and 5G Core transition
• New Radio Access Technologies, Supporting (IoT, M2M, D2D and WiFi-5G Interconnection) including small cells, new unlicensed spectrum and Massive MIMO.
• Understanding IMSI Encryption Impact on LI and SUPI and SUCI replacement

Seminar #4
10:15-11:15

Understanding 5G Network Core (NFV, SDN, EDGE Computing and Network Slicing) for Law Enforcement Investigators
Presented by:  Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

This session presents the challenges telecom operators and law enforcement face with the transition from a 4G/LTE to a 5G Core.

Seminar #5
11:30-12:30

Cybercurrency 101: What Technical Investigators Need to Know about Bitcoin and Altcoin Transactions, Dark Web Commerce and Blockchain Analysis
Presented by:  Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

This 101 training seminar is an introduction to Bitcoin, how the system is used to support criminal activities (e.g. Dark Web) and why technical investigators need to understand the basic Bitcoin transaction mechanism (Blockchain) to successfully defeat 21st century criminals and terrorist actions. Specifically, this introduction to Bitcoin for technical investigators addresses:

• Bitcoin Basics for Technical Investigators
• Understanding Bitcoin Infrastructure, Blockchain and Bitcoin Mining
• How Criminals and Terrorists Use TOR and Dark Web
• Bitcoin Cryptography Demystified (For Non-Math Majors)
• Popular Altcoins used by Criminals and the New Challenges Facing Law Enforcement 

Seminar # 6
14:45-15:45

Understanding Advanced Techniques to Defeat (or Work Around) Encrypted Third Party Services, Bitcoin Anonymity, TOR/HS and iPhone Encryption
Presented by: Matthew Lucas (Ph.D, Computer Science), VP, TeleStrategies

You can’t defeat today’s encryption (at least not that we know of) but law enforcement and the government intelligence community can “Work around encryption” for a price. Once you identify a target using commercially available encryption products or services (and with enough resources or money) government can defeat the target near 100% of the time. 

This session:  

1. Analyses the top third party encrypted serves (Telegram, Silent Circle, WhatsApp, Skype, Viber, TOR, TOR/HS); the cryptography deployed; why criminals and terrorists choose one over the other; and related LI challenges.  
   
   
2. Presents the common techniques for defeating the encryption deployed in these services, and their success/weakness, including:
   • Man in the Middle Attacks
   • IT Intrusion (Installing Malware)
   • Exploiting bugs in SSL/TLS
   • Connecting the “metadata” dots between known targets and communication patterns  
     
     
3. Case studies working around third party encryption case studies, e.g. how was it done! 
   • WhatsAPP
   • TOR / DarkNets (TOR/HS)
   • Bitcoin Traceback
   • Mobile phone/encryption cracking 
     
     
4. Future Directions in cryptography presenting new challenges for law enforcement and the government intelligence community.

Seminar #7
16:00-17:00

SSL/TLS Interception Workshop (TLS1.3 edition)
Presented by: Jan Pluskal (Researcher) and Matej Gregr (Ph.D., Computer Science, Researcher), Brno University of Technology

The presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-the-middle attack employing proxy and other ways how to obtain unencrypted content of the TLS/SSL session. Speakers outline necessary theory (including news about TLS 1.3), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others) and industry-standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session also includes a live demonstration of the MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to the testbed, which consists of real devices (and their traffic), including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.

Tuesday, 10 March 2020

Seminar #8
14:30-17:00

Concerns and Considerations in Financial Crime Investigations - PART I (PART II Continued on Wednesday, 11 March 2020)
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.

The purpose of financial crime can be to generate or protect criminal profit. Locally or internationally, criminals face a continuous challenge of building structure to protect against the efforts of law enforcement and make their profits useable without fear of getting caught. Criminals will therefore build business and financial structures to mask their activities as well as launder money.  

In this 1 day seminar we will discuss the tools and methods criminals use and the law enforcement response. Each presentation describes different elements of financial crime and business models used by criminals as well as law enforcement methods and tactics to identify and disrupt them.  We will discuss the essentials in criminal networks, key players, money laundering, and trade based money laundering.  We will describe how information can be found as money is moved around the world and how investigators can make best use of this knowledge.  This training is aimed primarily at the investigator and analyst, but also has application to the law enforcement, intelligence, and financial regulatory community.

14:30-15:30
Criminal Essentials: The Needs of a Criminal Network

16:00-17:00
Financial Crime Schemes in Money Laundering

Wednesday, 11 March 2020

Seminar #9
8:30-13:00

Special Half Day DarkNet Seminar 
by Andrew Lewman, Vice President, DarkOWL and Former Executive Director, The TOR Project

08:30-09:15
Breaking Darknets Through Theory and Fundamentals

In this session we'll tackle fun topics such as math, research, and the basic building blocks of all darknets. They all work on the same few premises and can be investigated and broken using similar techniques.

09:15-10:00
Cases from the Darknet: Technical Walkthroughs

We'll walk through a few cases which where started and conducted on the darknets. Successful investigations of child abuse, money laundering, and attempted homicide are featured. 

11:30-12:15
Future Directions of Darknets, Investigations and Infrastructure

We'll walk through live darknets and a light forensic analysis of how they work, how they can be investigated, and why the future isn't any one darknet, but combining technologies. 

Seminar #10
8:30-13:30

Concerns and Considerations in Financial Crime Investigations - PART II
Presented by: Michael Loughnane, CAMS, CFE, Loughnane Associates, LLC Mike is a former US Federal Law Enforcement Officer who specialized in complex fraud and cybercrime investigations and currently provides training to improve detection and investigations of fraud, money laundering and counter terror finance.

The purpose of financial crime can be to generate or protect criminal profit. Locally or internationally, criminals face a continuous challenge of building structure to protect against the efforts of law enforcement and make their profits useable without fear of getting caught. Criminals will therefore build business and financial structures to mask their activities as well as launder money.  

In this 1 day seminar we will discuss the tools and methods criminals use and the law enforcement response. Each presentation describes different elements of financial crime and business models used by criminals as well as law enforcement methods and tactics to identify and disrupt them.  We will discuss the essentials in criminal networks, key players, money laundering, and trade based money laundering.  We will describe how information can be found as money is moved around the world and how investigators can make best use of this knowledge.  This training is aimed primarily at the investigator and analyst, but also has application to the law enforcement, intelligence, and financial regulatory community.

8:30-9:30
The Essentials of Trade Based Money Laundering

10:30-11:30
How Does Money Actually Move?

12:30-13:30
Follow the Money Beyond the Banks

Seminar #11
12:00-13:00

Top 20 Open Source Tools (OSINT) Used in Cybercrime Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police