---

ISS World North America 2023 - Agenda at a Glance

---

ISS World America Exhibit Hours:

Wednesday, November 8, 2023: 10:00 AM-6:00 PM
Thursday, November 9, 2023: 9:30 AM-1:00 PM

Wednesday, November 8, 2023

8:15-8:30 AM	Welcoming Remarks Tatiana Lucas, ISS World Program Director, TeleStrategies
8:30-9:00 AM	Top Ten Challenges Facing Law Enforcement and the Government Intelligence Community and Who at ISS World North America has Solutions Dr. Jerry Lucas, President, TeleStrategies

---

Track 1: Lawful Interception and Social Network Monitoring Training

Tuesday, November 7, 2023

9:00 AM-5:00 PM
Online Social Media and Internet Investigations　
Presented by: Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Operational Perspective

11:30-12:30
How Criminals exploit Darknet Services and Dark Markets: A Deep Dive for Criminal Investigators

1:30-2:30
Tor, onion routers, Deepnet, and Darknet: Investigative Strategies & Case Studies

2:45-3:45
Device Geolocation through GPS, Wi-Fi Triangulation, Cell site Trilateration, BLE Beacons, and Ultra-Wideband: What Investigators Need to Know

4:00-5:00
Collecting Evidence from Online Communication: Building a Cyber-OSINT Toolbox

11:30 AM-12:30 PM
Defeating Network Encryption: What Law Enforcement and The Intelligence community Needs to Understand
Matthew Lucas (Ph.D., Computer Science, VP, TeleStrategies

1:30-2:30 PM
Understanding How AI Empowers ISS Products, LEAs and Intelligence Agencies
Matthew Lucas (Ph.D., Computer Science, VP, TeleStrategies

2:45-3:45 PM
Generative AI (e.g., ChatGPT): Hype vs. Reality and Law Enforcement Friend or Foe
Matthew Lucas (Ph.D., Computer Science, VP, TeleStrategies

---

Track 2: LEA, Defense and Intelligence Gathering Product Presentations

* Note: Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, November 7, 2023

9:00 AM-5:00 PM
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, 
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

10:15-11:15
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows

11:30-12:30
WIFI, geolocation, and Mobile Data traces and tracking

1:30-2:30
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

2:45-3:45
Advanced Techniques in Tracing Suspects, and lateral problem solving

4:00-5:00
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resources

Wednesday, November 8, 2023

9:10-10:00 AM Session A
Encryption is one of the most common and relevant challenges for every LEA.
Come and experience how the combination of forensic wire speed, contend derived metadata generation and collection, combined with the powerful analytics of the Data Fusion platform, unleashes the intelligence hidden in the encrypted communications. Use cases and Live demo.
Presented by AREA

9:10-10:00 AM Session B
Scaling Digital Investigation Efficiently by Leveraging Data Enrichment and Automation
Come and learn how investigation units around the world tackle the complexities of modern digital investigations, overcoming the surge in data volumes and leveraging it to their benefit, removing the expert backlog and  enrolling their full investigative staff as early as possible.​
 Jack Ziv, Head of Investigative Analytics, Cellebrite

1:00-1:45 PM Session A
Combating terrorism, espionage and crime by combining mobile network metadata, mass positioning, and intelligent profiling in real-time
Mohsen Tavakol, Chief Executive Officer, Xolaris

1:00-1:45 PM Session B
WhatsApp, Telegram, Facebook... how IPS helps you to locate most wanted targets with LI
Presented by IPS

2:00-2:45 PM Session A
Modernizing Digital Investigations: Automation and Data Enrichment for Efficient and Effective Case Resolution
In this session, you'll discover how leading investigation units are adopting a modern approach to digital investigations with automation and data enrichment. Learn how to tackle the challenges of managing large data volumes and drive faster and more efficient case resolutions.
Meirav Gingold, Product Owner, Cellebrite

2:00-2:45 PM Session B
Implementing New Investigation Use-cases for LEAs
We will share our top 7 use-cases that, based on our experience, benefit both LEAs and CSPs
Presented by Matison

3:15-4:00 PM
Using PCAP Forensics to Solve a Child Trafficking Case
This session will demonstrate how PCAPs can be used to crack a child trafficking ring by using Digital Witness to track encrypted  VoIP calls and file transfers, visualize the communications network, monitor Social Media uploads, and correlate the VPN usage of all suspects in the case. The demonstration will also show how to narrow down or determine the identities of the unknown contacts that the known suspects are communicating with to visualize all members of the child trafficking ring.
Presented by Sandvine

4:15-5:00 PM
Who is communicating with who? - IP end point detection
Communication has moved to encrypted apps in the IP domain. Systems only able to analyze circuit switched data, are operating in darkness.  
Discover the knowledge that can be extracted from encrypted communication apps.
Morten Kinly Klinge, Product Marketing Manager, XCI

Thursday, November 9, 2023

8:30-9:30 AM
Survival of IMSI catchers in 5G Mobile Networks
Presented by Utimaco

10:30-11:30 AM
Profiling Suspects' Online Footprint with Digital Witness
This session will demonstrate the type of metadata Digital Witness extracts from encrypted traffic, including VoIP Forensics, Messaging Forensics, Social Media Forensics, Cyber Threat Forensics, and VPN Forensics. The live demo will walk you through the analysis of a suspect in a crime that is a mystery other than a suspected association with a suspect being monitored under a criminal warrant. You will see how the data obtained in a lawful intercept warrant can provide agents and detectives with significant leads that help solve cases faster than they can with current IPDR-based solutions or the use of WireShark.
Presented by Sandvine

---

Track 3: Social Network Monitoring, OSINT and Data Analytics Product Presentations

* Note: Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Wednesday, November 8, 2023

9:10-10:00 AM
Unravel the Mystery of Virtual & Network Identifiers
Presented by Cobwebs

1:00-1:45 PM
Using OSINT with visual link analysis to enhance your investigations
Presented by Maltego

2:00-2:45 PM Session A
OSINT and Forensic Data Consolidation For Modern Investigations

This session will walk you through the journey to digital intelligence maturity, the art of the possible for law enforcement, corporate and investigative professionals, and explain the practical steps along the way. 

Driven by a global increase in volume of crimes and dramatic increase in volumes of online crimes, coupled with the sophistication of those crimes committed, analysts and investigators are reaching for a record number of data sources, search platforms and analytical visualization tools to perform investigative research and create links in their data.

Without advanced search-based intelligence technology analysts cannot perform a single search across all available information sources to produce a single link analysis chart  illustrating the connections. They must complete individual searches per data type in different systems each time and piece together the information by hand.

Cases are abandoned or taking too long to solve as data and data linkages are inaccessible, analysts are overwhelmed and dissatisfied in their jobs, organizations are suffering from high analyst attrition rates, it takes an unreasonable period of time to onboard new analysts and unique top talent is required to train the rest of the team, which is expensive and in short supply.

Siren uniquely connects data first from internal data sources and then to different sources like ShadowDragon, Chainalysis, and Sayari and makes connections that are not usually humanly possible. View these inaccessible network connections displayed in an intuitive Knowledge Graph. 

Attendees will learn:

The types of data investigators and analysts need in a modern investigations

How technology replaces manual methods of research

What is a centralized search?

How to link data from multiple sources to a single location

Why do investigators need Knowledge Graphs?

The high speed at which link charts and intelligence products can actually be created with the right tools

How to perform fusion of internal data with OSINT and API Data

The journey to digital intelligence maturity

A real life walk-through to disseminate and analyze multiple OSINT and vendor data  sources returned through an investigative lead (ie: a topic, event, or identifying information)

Presented by Siren 

2:00-2:45 PM Session B
Leveraging Corporate Data to Investigate Criminal Networks
Presented by Cobwebs

3:15-4:00 PM Session A
CDRs, IPDRs, Lawful Interception, IP content derived Metadata, Location, Forensic Investigations and many more.
All those sources and a single, web based, flexible, compatible, and user-friendly Forensic Data Fusion and Analysis platform. 
Use cases and Live demo. 
Presented by AREA

3:15-4:00 PM Session B
Automatic Exploitation of Social Network, Deep and Dark Web to complement traditional Lawful Interception Infrastructure for Target Profiling
Presented by IPS

4:15-5:00 PM
AI Neural Machine Translations for Investigations and Monitoring
Learn how to leverage secure, scalable, high-quality automated language translations for text and audio content captured in foreign languages for OSINT investigations and proactive cybersecurity monitoring.
Presented by Systran

Thursday, November 9, 2023

10:30-11:30 AM
Massive Social Media data collection and analysis for Counter-Terrorism Intelligence Activities
Presented by IPS

12:00-1:00 PM
Open Source Tools, PART 2. Top 20 FREE Open Source Tools (OSINT) Used in Cybercrime Investigations
Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

---

Track 4: Investigating Dark Web and Cryptocurrency Transactions Traceback

* Note: Sessions in this track are only open to Law Enforcement, Public Safety and Government Intelligence Community Attendees.

Tuesday, November 7, 2023

A Real World Look at Investigations in the Dark Web
Presented by: Todd G. Shipley CFE, CFCE, and CoAuthor of, Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace and retired investigator, Reno NV, Police Department

9:00-10:00 AM
The Dark Web, what it is and what it is not 

10:15-11:15 AM
To TOR or not to TOR

11:30-12:30 PM
CryptoCurrency and its use in the Dark Web 

1:30-2:30 PM
Going Undercover on the Dark Web 

2:45-3:45 PM
Using web bugs and other technology to locate a suspect 

4:00-5:00 PM
Advanced Dark Web Investigations, identifying the anonymous use

Wednesday, November 8, 2023

9:10-10:00 AM
Defeating the Tor Dark Web: The Latest Updates, Evidence Collection, Countermeasures, and Investigation Techniques
Tor has been around for a long time and has proven to be an effective Internet anonymizing protocol for hosting dark web markets and hiding various illegal activities. However, there are techniques that law enforcement can use to reveal the identities of hosts and users. This webinar will bring you up to date on those techniques as well as the latest challenges and issues related to defeating Tor. 
The presentation will use recent Tor investigations and cases to illustrate the techniques and challenges. 
Dr Gareth Owenson BSc PhD PgC FHEA, Co-Founder and Chief Technology Officer, Searchlight Security Ltd

---

Track 5: Mobile Signal Intercept, 5G and Electronic Surveillance Product Presentations

* Note: Sessions in this track are only open to Government Attendees, unless marked otherwise

Tuesday, November 7, 2023

(Open to all attendees)
10:15-11:15 AM
Understanding 5G NFV, Network Slicing and Edge Computing for Law Enforcement Investigators
Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies

(Open to all attendees)
11:30-12:30 PM
Understanding 2G/3G/4G/5G Infrastructure for Lawful Intercept
Dr. Jerry Lucas, President, TeleStrategies 

Wednesday, November 8, 2023

4:15-5:00 PM
Lawful Interception of IMS/VoLTE Roaming (S8HR)
Presented by Utimaco

Thursday, November 9, 2023

8:30-9:30 AM
A complex Use Case. 
Various challenges combined and solved with user friendly and integrated Cyber Intelligence solutions, ranging from Electronic Surveillance to Social Media Investigations, touching End to End Lawful Interception on landline and mobile network up to 5G, Mobile Signal Monitoring, Encrypted communication analysis and processing the results in a Data Fusion Platform.
Presented by AREA

---

Advanced HI-Tech Cyber Investigation Training Seminars Led by Law Enforcement Officers and Ph.D Computer Scientists

30 classroom training hours, presented by sworn law enforcement officers, Ph.D. Computer Scientists and nationally recognized cybercrime textbook authors and instructors. Distinguished ISS World Training Instructor sessions include:

Tuesday, November 7, 2023

Seminar #1

Online Social Media and Internet Investigations　

Presented by: Charles Cohen, Vice President at NW3C, the National White Collar Crime Center, Professor in Practice Criminal Justice, Indiana University and Retired Captain, Indiana State Police

This Seminar is open to all attendees but designed for practitioners who are actively collecting evidence and criminal intelligence, identifying unlawful online activity, and mitigating threats.  

While Tor is the most common Darknet Service, it is not the only one.  And, while Tor Hidden Service servers are the most well-known portion of the Darknet, there are other areas accessible through other tools.  The first two sessions will give practitioners the foundation that they need to understand these tools and communities—both how they function and how they are exploited by criminals.

Mobile devices collect, store, and transmit an ever-increasing amount of information that includes handset geolocation information collected from a combination of GPS, Wi-Fi, cellular trilateration, BLE beacons, and ultra-wideband sensors. The afternoon sessions will take a deep dive into information being collected by mobile handsets, operating system developers, and social media companies.

9:00-10:00
Proxies, VPNs, and Dark Web: Identity Concealment and Location Obfuscation

10:15-11:15
Tor, onion routers, Deepnet, and Darknet: An Investigator's Operational Perspective

11:30-12:30
How Criminals exploit Darknet Services and Dark Markets: A Deep Dive for Criminal Investigators

13:30-14:30
Tor, onion routers, Deepnet, and Darknet: Investigative Strategies & Case Studies

14:45-15:45
Device Geolocation through GPS, Wi-Fi Triangulation, Cell site Trilateration, BLE Beacons, and Ultra-Wideband: What Investigators Need to Know

16:00-17:00
Collecting Evidence from Online Communication: Building a Cyber-OSINT Toolbox

Seminar #2

(THIS SEMINAR IS ONLY OPEN TO LEA AND GOVERNMENT ATTENDEES)
Practitioners Guide to Internet Investigations
Presented by: Mark Bentley, Communications Data Expert, National Cyber Crime Law Enforcement, UK Police

The aim of this 1-day seminar is to take the attendees from the basics of understanding the Internet, 
how to find data, through to a full understanding of best practice of an Internet investigator, building their OSINT toolbox, and having awareness and knowledge of all the tools available to achieve this. It is aimed primarily at the investigator, delivered from the perspective of detective, to empower them to have the best methodology and tradecraft to profile and catch suspects.
This is exclusively Law Enforcement only, as Practical examples, covert and investigative methodology and tradecraft will be given throughout the seminar.

9:00-10:00 AM
The Internet, and how suspects leave a Digital Footprint. How the system works for us, as investigators

How it works. Why it works. How it works for us .How data traffic leaves a trace ; What the internet is; what is an IP and how is it significant to trace a person. IPv4 and IPv6 – understanding the changes- the benefits and pitfalls for the investigator. The internet has millions of copies of data on it - why, and where can we find this. Tracking and evaluating data. MAC adders tracking.

10:15-11:15 AM
Recognizing Traffic Data and digital profiling via social networks and devices - digital shadows

What data is available. How to harvest and analyze it. Best practice to identify suspects and build profiles. Good practice, virtual data 'housekeeping' and tradecraft .Data collection and interrogation, significance and value. IP usage, exploitation and dynamics; IP plotting and analysis how to look for suspect mistakes and exploit them ( where they show their id). Dynamic approaches to identifying suspects through internet profiles. What investigators get from tech and service providers, and how to analyze it. Investigator capabilities and opportunities.

11:30 AM-12:30 PM
WIFI, geolocation, and Mobile Data traces and tracking

A detectives look at Wi-Fi, attribution, cell site data, GPRS location services and technology. How an investigator can track devices, attribute suspects locations, devices and movement. Unique communication identifiers. Dynamic live time tracing. Geo location services and uses. Online Surveillance and tracking movement and speed.

1:30-2:30 PM
Awareness of Emerging Technologies, Masking Tech and Tools, TOR and proxies

How suspects are using emerging and new technologies.
An introduction to where technology is going, and how Law enforcement can use this to our advantages. dynamic and pro-active problem solving. Darknet, (Deep web) , TOR and IRC use. VOIP, Skype and FaceTime exploits. Advanced data sniffing and profile building. TOR systems, applications and ways to coax offenders out of the system.

2:45-3:45 PM
Advanced Techniques in Tracing Suspects, and lateral problem solving

Using innovative and dynamic methods to trace offenders. Tricks used by suspects and how to combat them- Play them at their own game?. Covert internet investigations. Proxy servers and hiding. Managing collateral intrusion. Reverse and social engineering. Thinking outside the box. Lateral thinking. Possible missed opportunities. Profile building and manhunts through device footprints, speed and movement.

4:00-5:00 PM
Open Source Tools, PART 1. Resources, tradecraft and techniques - highlighting the best free tools and resources

"Just google it" doesn't work anymore. A look at good tradecraft, practice and methodology in profiling, tracking and tracing digital footprints and shadows on the internet, by means of best available tools. A look at a selection of 200+ tools available on Mark's open source law enforcement tools website, that search engines can’t see, with login and password provided during the session. Do's and do nots. Best tools for best results. When was the last time you 'googled' something in an investigation, and it returned 5 results, all specifically relating to your suspect? This session will teach you how. PART 2 on the final day with free tools to download and keep

Seminar #3

A Real World Look at Investigations in the Dark Web
Presented by: Todd G. Shipley CFE, CFCE, and CoAuthor of, Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace and retired investigator, Reno NV, Police Department

9:00-10:00 AM
The Dark Web, what it is and what it is not 

10:15-11:15 AM
To TOR or not to TOR

11:30-12:30 PM
CryptoCurrency and its use in the Dark Web 

1:30-2:30 PM
Going Undercover on the Dark Web 

2:45-3:45 PM
Using web bugs and other technology to locate a suspect 

4:00-5:00 PM
Advanced Dark Web Investigations, identifying the anonymous user

Seminar #4
9:00-10:00 AM

Understanding 2G/3G/4G/5G Infrastructure for Lawful Intercept
Presented by: Dr. Jerry Lucas, President, TeleStrategies

Seminar #5
10:15-11:15 AM

Understanding 5G NFV, Network Slicing and Edge Computing for Law Enforcement Investigators
Presented by: Matthew Lucas (Ph.D., Computer Science), VP, TeleStrategies

Seminar #6
11:30 AM-12:30 PM

Defeating Network Encryption: What Law Enforcement and The Intelligence Community Needs to Understand
Presented by: Dr. Matthew Lucas (Ph.D Computer Science), Vice President, TeleStrategies

The starting point to defeating encryption is to separate techniques addressing stored encrypted data such as with the Apple iPhone issue. The other challenge is defeating encrypted data in transit (e.g. Telegram, Whatsapp, etc.) or Network Encryption. This webinar is about defeating the later.

When it comes to defeating network encryption the technical community separates into two camps. Those who want to impede law enforcement and the government intelligence community from defeating network encryption: IETF, Silicon Valley and hundreds of third party encryption services. And your camp, those who want to investigate criminals and terrorist group who depend on network
encryption.

Seminar # 7
1:30-2:30 PM

Understanding How AI Empowers ISS Products, LEAs and Intelligence Agencies
Matthew Lucas (Ph.D., Computer Science, VP, TeleStrategies

Law enforcement and intelligence agencies have massive data sets to pile through in order to find the evidence and information they need for their investigations. This seminar will address how AI is helping. The presentation will first provide a background/primer in at AI technologies -  what are the specific types of AI systems; how are they used in industry today; and what are the strengths and weaknesses of AI. The second half will focus on how ISS vendors are leveraging AI to increase agent efficiency and results in network data, OSINT, application profiling, location and image/language processing. Specific topics include: 

• Overview of AI, machine learning (ML) and deep learning (DL) systems technology.
• What AI capabilities are helping law enforcement and national security agencies (e.g., image / natural language processing, unstructured data analytics, predictive analytics).
• How AI is powering OSINT analytics, mobile signal intercept, location, signaling intelligence, audio-visual forensics, encryption and surveillance products. 
• Negative impacts of AI, such as clutter, fake news.
• Future directions: generative AI, ChatGPT.

Seminar # 8
2:45-3:45 PM

Generative AI (e.g., ChatGPT): Hype vs. Reality and Law Enforcement Friend or Foe
Matthew Lucas (Ph.D., Computer Science, VP, TeleStrategies

Generative AI is a completely new technology that is greatly impacting all aspects of society, industry, politics, and culture. This seminar is going to look at generative AI from law enforcement and the intelligence community’s perspective. The first half of the presentation will focus on what the technology is, how it works, the training sets, what is good at, and the pitfalls. The second half will look at how LEAs and intelligence agencies can leverage the technology; how the technology is already making the lives of agents more difficult; and how generative AI might find itself working into LEA/ISS tools. Specific topics include: 

• What are the key difference between traditional AI systems and generative AI platforms?
• What are generative AI systems and large language models? How does the work? What are they good at? What can’t they do?
• What are the key platform providers? Who is behind the technology? Where is it going?
• What are the potential application, upside and downside of generative AI for LEAs and intel agencies?
• How are the platforms evolving? What to expect going forward from a criminal use/misuse perspective (e.g., fake news, deepfakes, clutter generation)? What products and platforms are available to address this?