International Symposium on Cybercrime Response 2017
Speaker
2017-08-30 Wednesday
ISCR
David BOSOMWORTH
Director, IBM Security Intelligence
IBM Watson
Special Lecture
2017. 08. 30. 10:20 ~ 10:50
X
PROFILE
David BOSOMWORTH
Director, IBM Security Intelligence / IBM Watson
Special Lecture
2017.08.30 10:20 ~ 10:50
Profile
David Bosomworth is worldwide sales leader for IBM Security Intelligence Segment, the fastest growing and largest segment of the IBM Security Division.
In his leadership role, David helps clients develop a security strategy and employ the best technologies to meet their specific IT security needs.
He is responsible for leading the IBM Security Intelligence team in the development and delivery of offerings that protect enterprises with intelligent, integrated IT security solutions and expertise.
Previously David led the IBM's Security Intelligence Segment in Europe.
David joined IBM in as part of the acquisition of Q1 labs in 2011. David has more than 25 years as a sales and business leader, the last 13 being within the IT Security industry. He received his Bachelors Degree in Mathematics from the University of Warwick. He is married with one child.
Presentation
Special Lecture
[Summary]
We are faced with the three key issues of ever increasing levels of cyber-attacks with increasing levels of sophistication at a time when cyber skills are scarce. This talk will discuss how cognitive security can help the SOC to quickly identify and react to cyber-attacks.
Jarek JAKUBCEK
Strategic Analyst
Europol EC3
VC Facilitated Crime and EC3 Initiatives
2017. 08. 30. 13:30 ~ 14:00
X
PROFILE
Jarek JAKUBCEK
Strategic Analyst / Europol EC3
VC Facilitated Crime and EC3 Initiatives
2017.08.30 13:30 ~ 14:00
Profile
Jarek completed his studies in five countries and holds two MSc degrees in Economics as well as Computer Forensics and Internet Investigations.
He has worked in the financial and internet sectors in the Czech Republic and Ireland before joining the Irish National Police, where he worked for over 5 years as an Operational Crime Analyst.
He contributed to the investigation of a number of serious crimes including murders, sexual abuse, drug trafficking, money laundering, and cybercrime. He is the recipient of two international awards for his proactive and practical approach to analysis and the creative collection and use of Open Source Intelligence.
In 2014, Jarek moved to the Netherlands, where he currently works as a Strategic Analyst for the European Cybercrime Centre at Europol, where he is in charge of Europol’s activities in the area of Virtual Currencies.
Presentation
VC Facilitated Crime and EC3 Initiatives
[Summary]
The presentation will provide an overview of which data is available for the investigator in the blockchain and how these can be beneficial for investigation.
Bitcoin tracing using open source as well as commercial tools will also be demonstrated. A case study will show how tracing may lead to an identification of an offender.
Finally, the presentation will briefly demonstrate how easy is to use a mixer or conceal the possession of bitcoins so these cannot be seized by law enforcement.
HONG Sung-jin
Digital Crime Officer
INTERPOL IGCI
Operation ASEAN Surge - Time to Move Forward
2017. 08. 30. 14:00 ~ 14:30
X
PROFILE
HONG Sung-jin
Digital Crime Officer / INTERPOL IGCI
Operation ASEAN Surge - Time to Move Forward
2017. 08. 30. 14:00 ~ 14:30
Profile
Sungjin HONG, digital crime officer of the Interpol Global Complex for Innovation, serves in the Training Unit of Digital Investigative Support, Cyber Directorate. He also coordinated international cooperation for hundreds of cybercrime cases including cyber attacks on critical infrastructure and business email compromises while he was stationed in the Cyber Bureau of Korean Police. Sungjin is also an author of a manual on data disclosure request process and studied public security policy at the information security school of Korea University.
Presentation
Operation ASEAN Surge - Time to Move Forward
[Summary]
This talk will discuss the previous joint operation conducted by INTERPOL and ASEAN countries. Even though all the countries agree that cybercrime is beyond borderline and growing both in terms of frequency and economic impact, no country dare to bell the cat as known as cybercriminals. INTERPOL has been requested and suggested to continue its effort in facilitation and coordination of joint operations by member countries. The Operation ASEAN Surge was launched in line with that endeavor to counter transnational cybercrime cases. This presentation will also cover practical challenges, as well as ways to overcome those barriers.
Michael MONTOYA
Chief Cyber Security Officer Enterprise Cybersecurity Group
Microsoft
The Changing Threat Landscape and Building a Secure Modern Enterprise
2017. 08. 30. 14:30 ~ 15:00
X
PROFILE
Michael MONTOYA
Chief Cyber Security Officer Enterprise Cybersecurity Group / Microsoft
The Changing Threat Landscape and Building a Secure Modern Enterprise
2017. 08. 30. 14:30 ~ 15:00
Profile
As the Asia Chief Cybersecurity Officer for the Microsoft Enterprise Cybersecurity Group, Michael is a leader of Microsoft’s initiatives and operations to provide thought leadership, strategic direction on the development of Microsoft security products and services, and deep customer and partner engagement across Asia. Michael re-joined Microsoft in 2016 as an experienced information security executive bringing more than 20 years of enterprise IT support and leadership. Michael was Vice President of Cloud and Engineering with Fireeye, where he was responsible for developing and operating the cloud services for Fireeye’s threat intelligence backbone (DTI) and cloud services of Threat Analytics Platform (TAP), Email Threat Prevention (ETP), Mobile Threat Platform (MTP), Cloud Endpoint Security (Helix) and CloudMVX. Prior to his role at Fireeye, Michael was the Deputy Chief Information Officer at EMC where he was responsible for their Cloud First platform, and Infrastructure and Security Operations bringing cloud adoption best practices to a $20 Billion USD enterprise for virtualization, cloud adoption and security resulting in CIO100 industry recognitions. In Michael’s previous role with Microsoft, he held a number of IT leadership roles including Asia Regional Chief Information Officer and leader of Microsoft’s Global Hosting organization responsible for managing all Internet Datacenter architecture and operations. Michael helped lead Microsoft to expand into the Asia region during a time of incredible growth helping establish global delivery in China and India, as well as, expand IT infrastructure across all the regions in Asia. Michael also was a founder of Microsoft’s Global Hosting Strategy which is now Azure. Under his leadership, Michael helped design and operate Microsoft’s initial 7 datacenters to support the growth in MSN properties, Microsoft.com, WindowsUpdate, Hotmail and the secure extranet to support a business partner network. Michael led the team to industry leading support models, service level agreements and security and operation innovations to support a globally secure and distributed service-oriented architecture. Michael has established himself as a recognized innovative IT leader and serves as an advisor to several security and IT startups and venture capital firms. Michael earned a dual degree from the University of New Mexico.
Presentation
The Changing Threat Landscape and Building a Secure Modern Enterprise
[Summary]
This talk will discuss Microsoft’s approach to leveraging automation, containment and machine learning to address the changing threat landscape.
Mark R. MARTINEZ
Special Agent
HSI
Anonymization and Darkweb Marketplaces
2017. 08. 30. 15:30 ~ 16:00
X
PROFILE
Mark R. MARTINEZ
Special Agent / HSI
Anonymization and Darkweb Marketplaces
2017. 08. 30. 15:30 ~ 16:00
Profile
Mark R. Martinez is a Special Agent (SA) and Computer Forensics Agent (CFA) with the United States Department of Homeland Security (DHS), Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI) in El Paso, Texas. Special Agent Martinez is assigned to the HSI El Paso Cyber Crimes Group. SA Martinez received a Bachelor’s of Science in Computer Science from the University of Texas at El Paso in 2003. SA Martinez has worked in the field of computer and network security as a system administrator, application programmer, analyst, software engineer, simulation engineer, and now as a criminal investigator and computer forensics examiner.
Previously SA Martinez worked for the White Sands Missile Range Army Research Lab, the United States Border Patrol, and the National Aeronautics and Space Administration (NASA) Computer Crimes Division. SA Martinez also worked for several distinguished companies such as IBM, Science Applications International Corporation (SAIC), and Raytheon. SA Martinez specializes in the use of the Linux and UNIX-like operating systems as well as network security investigations.
Presentation
Anonymization and Darkweb Marketplaces
[Summary]
This talk will cover the use of advanced proxies, specifically TOR and I2P for anonymization and hidden services. Virtual Private Networks (VPNs) will also be discussed as well as a basic review of how Tor and Tor Hidden Services work. Recent developments in the area of Darkweb Marketplace investigations and possible internal network configuration and architecture of hidden service devices.
David MCLEAN
Manager, Cybercrime Operations
Australian Federal Police
Combatting the Threat & Risk of ybercrime, an Australian Perspective
2017. 08. 30. 16:00 ~ 16:30
X
PROFILE
David MCLEAN
Manager, Cybercrime Operations / Australian Federal Police
Combatting the Threat & Risk of ybercrime, an Australian Perspective
2017. 08. 30. 16:00 ~ 16:30
Profile
Commander David McLean is the Manager of Cybercrime Operations within the Australian Federal Police Organised Crime and Cyber portfolio. In that capacity Commander McLean is responsible for the investigation of significant criminal acts which may compromise computer systems relied upon by the Australian critical infrastructure community or information systems of national and international significance.
Commander McLean until recently was also responsible for Child Protection Operations and the targeting of offenders using the internet to facilitate the sexual exploitation of children or who travel offshore and commit sexual offences against them.
Previous senior executive roles occupied by Commander McLean include Manager Professional Standards responsible for internal investigations and maintenance of the AFP integrity framework; Deputy Chief Police Officer, ACT Policing, the AFP’s community policing arm; and Chief of Staff, responsible for the coordination of information, administrative and support services provided to the Commissioner and AFP Executive.
From 2004 to 2007, Commander McLean was stationed in Washington DC where he served as the AFP Senior Liaison Officer responsible for cooperation with the United States and Canada on policing issues.
Commander McLean is a graduate of the AFP Management of Serious Crime Program, the AFP International Senior Command Program and the Australian Institute of Police Management. He holds a Bachelor of Business and a Graduate Diploma of Executive Leadership.
Presentation
Combatting the Threat & Risk of ybercrime, an Australian Perspective
[Summary]
The presentation will provide an overview of Australia’s philosophy, strategy and program for meeting the dual challenges of advancing as well as protecting our national interests in the digital age.
It will highlight the experience of Australian Government agencies in addressing the threat and risk of malicious cyber activity impacting Australian interests, the scale and reach of which is unprecedented.
Lukasz OLSZEWSKI
CSIRT Lead in Europe
ATOS
The Digital Fortress for Business Critical Data
2017. 08. 30. 16:30 ~ 17:00
X
PROFILE
Lukasz OLSZEWSKI
CSIRT Lead in Europe / ATOS
The Digital Fortress for Business Critical Data
2017. 08. 30. 16:30 ~ 17:00
Profile
InfoSec enthusiast and professional with experience in cybersecurity services development and delivery, Network Security Monitoring (NSM), Security Information and Event Management (SIEM), security architecture, incident response, system administration, risk assessment, and more.
Atos Senior Expert, member of the GIAC Advisory Board and holder of CEHv8, GCIH and GCFA certifications.
Received a degree in Computer Science in 2007. The same year stared the career in IT as System and Network Administrator in large Polish IT company working mostly with Linux and Unix systems. Then joined the Royal Bank of Scotland as Technology Risk Analyst working on information security risk assessments.
Spent some years working as an independent contractor in the area of IT and information security services cooperating with multiple customers.
In 2013 joined Atos as a Security Engineer and then took the role of the Lead Architect in the area SIEM and security monitoring, detection and analysis.
Took part in many global security projects, multiple proof of concepts for security tools and services, authored multiple security service processes.
Currently leading the Computer/Cyber Security Incident Response Team delivering security incident response, forensics, threat hunting and malware analysis services to Atos and our Europe based customers.
In an unlikely event of free time running a blog at https://keepitsafe.pl
Presentation
The Digital Fortress for Business Critical Data
[Summary]
Presentation about the key challenges organizations face with securing their most critical business systems and strategies to address them in the current and the future threat landscape. The presentation will name the key challenges organizations face with protecting their critical business applications that often exist in shared environments coexisting with less critical assets that are being accessed and managed by multiple teams with insufficient security controls. Next the presentation will provide a guide through security solutions and processes that address those challenges in an unwavering ways.
KOO Tae-eon
Lawyer, Tek & Law
Judicial Response to Remote Attacks Using the IoT
2017. 08. 30. 17:00 ~ 17:30
X
PROFILE
KOO Tae-eon
Lawyer, Tek & Law
Judicial Response to Remote Attacks Using the IoT
2017. 08. 30. 17:00 ~ 17:30
Profile
Mr. Taeon Koo holds a bachelor’s degree in law from Korea University. He completed his M.S. in Engineering at the Graduate School of Information Security, Korea University. Mr. Koo is currently a PhD candidate in International law at Korea University.
From 1998 to 2005, Mr. Koo worked as a public prosecutor in the field of cybercrime investigations. Afterwards, he moved on to his next position as a lawyer specializing in Information Communication Technology (ICT) at a Korean law firm, Kim & Jang, before he founded Tek & Law, Korean law firm, in 2012.
He has held a position in the second iteration of the Personal Information Protection Commission (appointed by president) and is currently the chairman of the Personal Information Commons in Korea. He is also working as a vice chairman of the Korean Bar Association’s Special Committee on Startup Regulation Innovation, and a member of the Korea Startup Forum.
In addition, Mr. Koo carries the responsibility for reforming irrational financial regulation as he serves as a member of the Sanction Review Committee of Financial Supervisory Service, an expert on an evaluation of the appropriateness regarding de-identification of personal data, and a member of Advisory Council on Financial Security.
He won the grand prizes in the category of Personal Information Protection in 2014 and Information Security in 2012. Mr. Koo is the author of “FINTECH, Seize the Opportunity,” “Personal Information Protection Act and Policy,” and “The Internet at the Crossroads.”
Presentation
Judicial Response to Remote Attacks Using the IoT
[Summary]
The concept of the Fourth Industrial Revolution, which was put forth at Davos Forum in 2016, has become popular in korea. Along with the development of Internet of Things based on artificial intelligence and big data industry, it is expected that cybercrime would be rapidly increased. For instance, using cryptocurrency such as Bitcoin is considered as an accelerator with regard to the increase in ransomware attack in recent years. Anonymous networks and Financial Technologies (FINTECH) are expected to contribute to the proliferation of cybercrime. This presentation includes a forward-looking perspective on emerging trends in cybercrime and possible legal action against the crime.
2017-08-31 Thursday
ISCR
Donna QUINN
Special Agent
FBI
Virtual Currency : Seizing and Forfeiture
2017. 08. 31. 09:10 ~ 09:40
X
PROFILE
Donna QUINN
Special Agent / FBI
Virtual Currency : Seizing and Forfeiture
2017. 08. 31. 09:10 ~ 09:40
Profile
Special Agent Donna QUINN has been with the FBI since 2011 and is currently assigned to the New York Division located in Manhattan, New York. SA QUINN graduated from John Jay College of Criminal Justice in New York City with a Bachelor’s of Science in Computer Information Systems in 2002.
SA QUINN was formerly employed by the New York City Police Department and served as a Police Officer for the borough of Manhattan North. SA QUINN also was assigned as a Physical Training and Tactics instructor for the Police Academy. SA QUINN served in the United States Army Reserves with a military police company and held the rank of Sergeant.
SA QUINN currently is assigned to NY Cyber Squad, CY-7. CY-7 is a national security cyber squad focusing on cyber-crimes attacking the United States.
Presentation
Virtual Currency : Seizing and Forfeiture
[Summary]
Virtual currency has the ability to be seized just like tangible currency. This presentation focuses on the actual seizure of bitcoins. Pre-seizure, seizure, and post-seizure procedures are discussed. Virtual currencies can be found in different wallet formats. This is a very brief presentation of the steps for seizure. Forfeiture procedures are not discussed.
Jarek JAKUBCEK
Strategic Analyst
Europol EC3
Overview of Bitcoin Mixers and a Ransomware case study
2017. 08. 31. 09:40 ~ 10:10
X
PROFILE
Jarek JAKUBCEK
Strategic Analyst Europol EC3
Overview of Bitcoin Mixers and a Ransomware case study
2017. 08. 31. 09:40 ~ 10:10
Profile
Jarek completed his studies in five countries and holds two MSc degrees in Economics as well as Computer Forensics and Internet Investigations.
He has worked in the financial and internet sectors in the Czech Republic and Ireland before joining the Irish National Police, where he worked for over 5 years as an Operational Crime Analyst.
He contributed to the investigation of a number of serious crimes including murders, sexual abuse, drug trafficking, money laundering, and cybercrime. He is the recipient of two international awards for his proactive and practical approach to analysis and the creative collection and use of Open Source Intelligence.
In 2014, Jarek moved to the Netherlands, where he currently works as a Strategic Analyst for the European Cybercrime Centre at Europol, where he is in charge of Europol’s activities in the area of Virtual Currencies.
Presentation
Overview of Bitcoin Mixers and a Ransomware case study
[Summary]
The presentation will discuss several mixing approaches and will demonstrate the process of fingerprinting, identification and deanonymisation of one of the most popular bitcoin mixers. Use of the deanonymisation technique will then be demonstrated on a ransomware case study. This is an advanced technical LE ONLY presentation.
SHIN Won-hee
Chief Operating Officer
COINONE
Cryptocurrency Market Status in Korea and the Way Ahead
2017. 08. 31. 10:10 ~ 10:40
X
PROFILE
SHIN Won-hee
Chief Operating Officer / COINONE
Cryptocurrency Market Status in Korea and the Way Ahead
2017. 08. 31. 10:10 ~ 10:40
Profile
A graduate of Sungkyunkwan University's Department of Economics, Mr. SHIN Won-hee served as an investment analyst at Mirae Asset. He is currently working as a Chief Operating Officer of Coinone.
He was in charge of reviewing projects on investment banking specializing in project financing, principal investment, and credit assessment at Mirae Asset.
Mr. SHIN moved onto Coinone leaving from Mirae Asset in order to create a new type of financial company. He is mainly responsible for business development, international cooperation, and operational management.
Presentation
Cryptocurrency Market Status in Korea and the Way Ahead
[Summary]
This presentation focuses on the current status of virtual currency, which is widely hailed as an integral part of the next-generation financial system.
The value and characteristics of virtual currency, current market status in national and international virtual currency, the usage of virtual currency as well as future prospect, and a regulatory regime for the currency would be also discussed.
Furthermore, this presentation takes a look at several crimes related to virtual currency in Korea.
LEE Dong-Geun
Director, Internet Incidents Analysis Division KISA
The Evolution of Ransomware
2017. 08. 31. 11:00 ~ 11:30
X
PROFILE
LEE Dong-Geun
Director, Internet Incidents Analysis Division / KISA
The Evolution of Ransomware
2017. 08. 31. 11:00 ~ 11:30
Profile
Mr. LEE Dong-geun is a director at Korea Internet & Security Agency(KISA), Seoul. KISA guarantees safety of Koreans to create a comfortable user-centered environment by detecting and preventing Internet threats in advance. He joined KISA in 2003 and has been working on cyber security for 14 years. He has experienced various cyber attacks in Korea. He is also acting as an advisor to the National Police Agency. He is a graduate of the Department of Computer Science at Kyungpook National University and holds a master’s degree in computer science from the same university.
Presentation
The Evolution of Ransomware
[Summary]
This talk will discuss the change of Ransomware’s trend. I would like to talk about Ransomware’s history and how Ransomware is evolving by looking at recently Ransomware incident in Korea and etc. And let’s together think about how we will response and eliminate the threat of Ransomware.
Brian FLETCHER
Director, Government Affairs APJK
Symantec
Cybercrime trends in 2016 : The Rise and Rise of the Cybercrime Businessman
2017. 08. 31. 11:30 ~ 12:00
X
PROFILE
Brian FLETCHER
Director, Government Affairs APJK / Symantec
Cybercrime trends in 2016 : The Rise and Rise of the Cybercrime Businessman
2017. 08. 31. 11:30 ~ 12:00
Profile
Brian FLETCHER is the Director of Government Affairs for Australia-Pacific, Japan and Korea. Based in Canberra Australia, he leads the engagement with governments and stakeholders on public policy and provides expert advice on cyber crime issues. He also supports public-private partnerships to benefit consumers, industry partners and governments across the region.
Brian is an experienced technology executive who joins us after 21 years of Australian Government service, the last 8.5 years in the Australian Signals Directorate in the Department of Defence. His previous role was as Director of Cyber Security Relationships, where he led the development of cyber security partnerships with industry and federal, state, and territory governments.
Prior to that he served in the Australian Embassy in Washington DC, where he provided advice to the Ambassador and Defence staff on strategic cyber security and intelligence issues, and partnered with senior foreign government leadership, including heads of agencies. Other positions held include leading production, outreach, policy, and business technology change initiatives.
An experienced speaker at conferences, Brian is adept at explaining complex technological concepts and ideas to non-technical and technical experts alike. He holds a Bachelor of Science in Neuroscience, Graduate Certificates in Scientific Communications and Management and an MBA. He also has completed executive coursework at Harvard Kennedy School of Government and the Australian National University, where he served as an Associate Lecturer in Scientific Communications.
Presentation
Cybercrime trends in 2016 : The Rise and Rise of the Cybercrime Businessman
[Summary]
Two distinct sides to cyber crime were apparent in 2016. Traditional mass-market cyber crime groups continued to carry out large-scale email campaigns to distribute “commodity”malware such as ransomware and online banking threats. While their motivations and payloads remained largely the same, their distribution methods have shifted away from web based exploit kits to more traditional methods, in particular the use of email attachments.
The other side of cyber crime is made up of organized criminal groups, responsible for a number of sophisticated financial heists. However, it wasn’t just professional criminals conducting these campaigns - there has been evidence of nation-state involvement as well.
Mr Fletcher will discuss these two trends and other findings from Symantec’s annual Internet Security Threat Report (ISTR). The 2016 ISTR gives a view of the global threat environment through the Symantec Global Intelligence Network, the largest civilian threat collection network in the world.
KWAK Kyeong-joo
Manager, Computer Emergency analysis Team Financial Security Institute
Advanced Threat in Korean Financial Sector
2017. 08. 31. 12:00 ~ 12:30
X
PROFILE
KWAK Kyeong-joo
Manager, Computer Emergency analysis Team / Financial Security Institute
Advanced Threat in Korean Financial Sector
2017. 08. 31. 12:00 ~ 12:30
Profile
Mr. KWAK Kyeong-joo, manager at Computer Emergency Analysis Team of the Financial Security Institute(FSI), holds both a bachelor’s degree and a master’s degree from the Sungkyunkwan University. After joining Korea Financial Telecommunications & Clearings Institute (KFTC) in 2012, Mr. KWAK dedicated himself to his work on computer emergency response.
Mr. KWAK is currently working at the Computer Emergency Analysis Team of the FSI as he transferred from the KFTC in April 2015. His expertise includes analyzing malicious codes, system vulnerabilities, and computer security incident. He has been invited to speak at a number of local and international conferences.
Presentation
Advanced Threat in Korean Financial Sector
[Summary]
This presentation primarily deals with an overview of certain groups that threaten financial sector in Korea. It is assumed that the criminal groups have involved in committing cybercrime since 2014 receiving support from a particular country. They are reckoned as main suspects of concerted cyber attacks against Korean financial sector in 2017. During the presentation, multiple cybercrimes committed by the threat groups as well as countermeasures for minimizing possible damage would be also discussed.
LEE Byung-kil
Chief, Cyber Terror Investigation Team
Cyber Bureau, KNPA
A Critical Role of International Cooperation in Resolving Extortion Schemes
2017. 08. 31. 13:40 ~ 14:10
X
PROFILE
LEE Byung-kil
Chief, Cyber Terror Investigation Team / Cyber Bureau, KNPA
A Critical Role of International Cooperation in Resolving Extortion Schemes
2017. 08. 31. 13:40 ~ 14:10
Profile
Mr. LEE Byung-kil graduated from the Information Security Graduate School of Korea University. He is currently working as a chief of the Cyber Terror Investigation Team. He joined the Korean National Police Agency (KNPA) through the third special recruitment on cybercrime investigation.
Previously, Mr. LEE served as an experienced digital forensic examinator between the years of 2001 and 2004. He has been working for the Cyber Bureau, KNPA around 16 years since he moved from his previous position.
Mr. LEE has taken part in major cybercrime investigation cases including cyber attacks emanating from North Korea, such as 7.7. DDoS attack as well as 3.20. cyber terror attack, and personal data breach incidents on Korean major conglomerates such as Auction, SK Communications, and EBS.
Presentation
A Critical Role of International Cooperation in Resolving Extortion Schemes
[Summary]
This presentation deals with an overview of recent cases on network intrusion of corporations and personal information leakage. In this case, suspects demanded certain amount of money.
As for the cases, the speaker will mainly focus on :
1) A successful case study that investigators identified suspects stationed abroad, and took them into custody ;
2) A case which turned out to be failure in identifying suspects of crime, but was regarded as partially successful in terms of ascertaining the criminal methods, subject of attacks, criminal process, and causes of damage.
Furthermore, the presentation will also cover the international cooperation pertaining to the aforementioned cases as well as the value of partnership.
Vitaliy KAMLYUK
Director, APAC Research Team
Kaspersky Lab
Tracking Lazarus
2017. 08. 31. 14:10 ~ 14:40
X
PROFILE
Vitaliy KAMLYUK
Director, APAC Research Team / Kaspersky Lab
Tracking Lazarus
2017. 08. 31. 14:10 ~ 14:40
Profile
Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014 he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he worked in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation until late 2016.
Prior to joining Kaspersky Lab, Vitaly worked as a software developer and system administrator. He is a graduate of the Faculty of Applied Math and Computer Science at the Belarussian State University.
Vitaly has presented at many public international security conferences including Blackhat USA, Blackhat Asia, Defcon, Hitcon, BSides LasVegas, PHDays, ZeroNights, FIRST, Source Boston as well as multiple closed door invite-only security industry events such as Underground Economy, DCC, InBot and more.
Presentation
Tracking Lazarus
[Summary]
Kaspersky Lab research team has spent almost a year tracking an elusive threat actor that was responsible for one of the biggest cyber heists in history: Bangladesh Central Bank attack, which resulted in $81 mln USD. Theft with initial target over $951 mln USD. Some time after Bangladesh incident, we discovered the attackers in few other unusual places around the world and interrupted their attempts to steal large amounts of money.
MIYAZAKI Takayuki
Technical Official, Security Bureau, National Police Agency of Japan
Cyber Threats against Japan and Preparedness toward Tokyo 2020
2017. 08. 31. 14:40 ~ 15:10
X
PROFILE
MIYAZAKI Takayuki
Technical Official, Security Bureau, National Police Agency of Japan
Cyber Threats against Japan and Preparedness toward Tokyo 2020
2017. 08. 31. 14:40 ~ 15:10
Profile
Takayuki MIYAZAKI is a technical official within the National Police Agency of Japan, where he is currently in charge of countermeasures against cyber terrorism and cyber intelligence. In particular, he is now working on cybersecurity preparedness toward Tokyo 2020 Olympic and Paralympic Games.
Mr. MIYAZAKI holds a Master’s Degree in Informatics from Kyoto University, Japan. From 2014 to 2016, he took charge of formulating general standards and policies on digital forensics investigation conducted by regional police forces, and played a key role in policy coordination with domestic/foreign agencies regarding this topic.
Presentation
Cyber Threats against Japan and Preparedness toward Tokyo 2020
[Summary]
This talk will discuss necessary countermeasures to prevent cyberattacks from disrupting Tokyo 2020 Olympic and Paralympic Games, through reviewing recent cyber threats against Japan and current efforts of Japanese Police. Since we altogether face massive international events, such as PyeongChang 2018 Olympic and Paralympic Winter Games in Korea, Rugby World Cup 2019 and G20 Summit in Japan, as well as cyber threats against these events, close cooperation among countries is essential to make them success. This presentation is intended to share the goal and to facilitate collaborative activities with foreign colleagues.
Frido KOOLSTRA/Frederiek BURLAGE
Strategic Digital Specialist
Case Manager High Tech Crime Team / Dutch National Police
Takedown of a Criminal Communication Network : Crime Scene without Borders
2017. 08. 31. 15:30 ~ 16:00
X
PROFILE
Frido KOOLSTRA
Strategic Digital Specialist / Case Manager High Tech Crime Team / Dutch National Police
Takedown of a Criminal Communication Network : Crime Scene without Borders
2017. 08. 31. 15:30 ~ 16:00
Profile
Frido KOOLSTRA works at Team High Tech Crime (THTC) from the beginning in 2007. He was one the responsible officers for the grow of the team from 30 to 120. He was also the technical architect of the ICT infrastructure which THTC is working nowadays. This infrastructure for combating cybercrime is now deployed within the whole Dutch police.
Frederiek BURLAGE
Strategic Digital Specialist / Case Manager High Tech Crime Team / Dutch National Police
Takedown of a Criminal Communication Network : Crime Scene without Borders
2017. 08. 31. 15:30 ~ 16:00
Profile
Frederiek BURLAGE works at Team High Tech Crime (THTC) of the Dutch National Police from 2013. She complies the cases and has the helicopter view of the team’s work. She makes the translation between technical terms and legal language. Frederiek BURLAGE has a master degree in Criminology.
Presentation
Takedown of a Criminal Communication Network : Crime Scene without Borders
[Summary]
This presentation will show how the Dutch police has taken down a Criminal communication network and the legal challenges. It will also show the effect such an investigation can have on other investigations.
Christian ANCHALUISA Professor
Ecuador National Police Academy
Fight against Cybercrime in Latin America : Successful Cases & Cooperation in the Framework of AMERIPOL
2017. 08. 31. 16:00 ~ 16:25
X
PROFILE
Christian ANCHALUISA Professor
Ecuador National Police Academy
Fight against Cybercrime in Latin America : Successful Cases & Cooperation in the Framework of AMERIPOL
2017. 08. 31. 16:00 ~ 16:25
Profile
Christian ANCHALUISA SHIVE, (Quito-1986), is a career diplomat, lawyer, and lecturer, who is expert in human rights, citizen security and intellectual property. He holds an M.A in Security and Defense (National Institute for Advanced Studies-Ecuadorian Government Graduate School-IAEN) as well as a Bachelor of Laws and a J.D. (Pontifical Catholic University of Ecuador. At the moment, Consul of the Embassy of Ecuador to Korea.
He has been Professor of Human Rights and Public Policy on Citizen Security at the Superior Institute of Technology and the Superior Officers School of the National Police of Ecuador and also at the Institute of Forensic Sciences and Criminology of the Ecuadorian Ministry of Interior.
During this period with the National Police of Ecuador, he directed 10 academic researches on topics such as: crime prevention through environmental design, drug micro-trafficking, juvenile crime, social rehabilitation of children in conflict with the law, gender violence, among others.
Christian ANCHALUISA has published the following academic papers and books: “Functionality and influence in the international system of non-governmental human rights organizations as non-state actors”, “Reflections on security forces, state formation and rule of law”, “The Andean neoconstitutionalism and its connection with the International Human Rights Law”, Neoconstitutionalism and security, analysis of the emergency state in the Ecuadorian constitutions of 1998 and 2008”.
Presentation
Fight against Cybercrime in Latin America : Successful Cases & Cooperation in the Framework of AMERIPOL
[Summary]
This presentation will show an analysis of the situation of cybersecurity and cybercrime in Latin America, including the most common criminal dynamics in the region. Within this, the hemispheric position and the precise diagnoses of the situation in Latin America, will be analyzed.
Subsequently, a theoretical introduction will be made to the work of the Community of Police Institutions in America ― AMERIPOL- its structure, activities and organization. Within the study of AMERIPOL and its coordination in the fight against cybercrime, three emblematic cases of the zone will be treated: DRACART, GUAMÁN-TUTELA (child pornography) and DARKCODE (bank fraud).
Andre DORNBUSCH
Assistant Team Leader Cybercrime Intelligence Team German Federal Criminal Police Office (BKA)
Status 404 – (suspect) Not Found
2017. 08. 31. 14:25 ~ 16:50
X
PROFILE
Andre DORNBUSCH
Assistant Team Leader Cybercrime Intelligence Team
German Federal Criminal Police Office (BKA)
Status 404 – (suspect) Not Found
2017. 08. 31. 14:25 ~ 16:50
Profile
Born in 1982 Andre DORNBUSCH is a Detective Chief Inspector and assistant team leader within the Intelligence Team of the German Cybercrime Unit within the Federal Criminal Police Office (BKA) with a main focus on Phishing, Malware and other Cybercrime related issues. He was part of the kick-off crew for the German Cybercrime- Unit in January 2006 and stayed with the unit and the team until now. Andre is mainly interested in malware, especially mobile malware and technical investigations as well as to push German legislation into the 21st century to better combat cybercrime. Since 2016 Andre is married to his beautiful wife.
Presentation
Status 404 – (suspect) Not Found
[Summary]
The case deals with an extortion scheme that basically works in the way that suspects were threatening major public places (e.g. malls) Suspects were demanding a certain amount of money being transferred through Bitcoin. Suspects were using a German based E-Mail service provider. Several European countries were being targeted, including Germany at a certain point. The case study talks about actions that were taken on the preventive side as well as for trying to identify suspects, problems that do occur due to still complicated MLAT processes as well as due to missing legal conditions in several countries.
Peter PAYNE
OIC, NCECC
Royal Canadian Mounted Police
National Child Exploitation Coordination Centre(NCECC)'s Strategies on Child Pornography Investigations
2017. 08. 31. 17:00 ~ 17:30
X
PROFILE
Peter PAYNE
OIC, NCECC
Royal Canadian Mounted Police
National Child Exploitation Coordination Centre(NCECC)'s Strategies on Child Pornography Investigations
2017. 08. 31. 17:00 ~ 17:30
Profile
Pete has 29 years of service with the RCMP and has worked in several regions throughout Canada. His career includes positions in many different roles: general duty policing, associate ethics advisor, facilitator at the RCMP training academy, Federal policing duties, executive officer, source witness protection coordinator and he is currently the OIC of the National Child Exploitation Coordination Centre (NCECC). Pete had first worked at the NCECC from 2006 - 08 as the NCO i/c of the Victim Ident, Major Case Management and U/C unit. In 2008 he was commissioned into the role of Associate Ethics Advisor for the RCMP. In February 2015, Pete returned to the NCECC as the officer in charge. He is excited to be back into this area of law enforcement.
Pete has a Bachelor of Arts Degree and a Bachelor of Education Degree from Memorial University, St. John’s, Newfoundland.
Presentation
National Child Exploitation Coordination Centre(NCECC)'s Strategies on Child Pornography Investigations
[Summary]
This presentation will provide a brief overview of the NCECC structure, however, the primary focus will be on the success of some of our operations and major investigations.
I will discuss a few of the files our Victim Identification and Undercover Unit worked on with our partners. Coordination and communication are key to the success of these operations.
CHA Min-seok
Senior Principal Malware Researcher, Security Analysis Team
AhnLab
Targeted Attacks on Major Industry Sectors in South Korea
2017. 08. 31. 17:30 ~ 18:00
X
PROFILE
CHA Min-seok
Senior Principal Malware Researcher, Security Analysis Team / AhnLab
Targeted Attacks on Major Industry Sectors in South Korea
2017. 08. 31. 17:30 ~ 18:00
Profile
Senior researcher Minseok CHA graduated from the Ulsan University, majoring in Computer Engineering at the department of the Computer Information and Communication Engineering. After his graduation, he has joined the Ahnlab and has been working as a malicious code analyst with 20 years of expertise.
Mr. CHA’s expertise covers not only MS Windows, but also Linux and macOS in terms of analysis, response and research on malicious codes. His areas of interest includes tracking and research of targeted attacks as well as malicious code trend analysis.
He has been a member of the computer vaccine community forum since 1999; Anti- Virus Emergency Discussion (AVED) since 2001; and the vaccine program testing and standards organization, Anti-Malware Testing Standards Organization (AMTSO), since 2007.
He has been appointed as a member of the Korea Communications Commission’s fourth and fifth Private―Public Cooperative Investigation Group, and currently holds a post in the Ministry of Science and the Information Communication Technology’s (ICT) Cyber Expert Group. He has also taken part in investigations as a private expert in two of the information breach cases in 2014.
He has also spoken on various topics in AVAR, CodeEngine, Codegate, and the Korea Institute of Information Security and Cryptology, and served as a lecturer in K-Shield.
Mr. CHA is also the author of the reports on the Black Mine Operation (2015), Social Infrastructure Attacks of 2016, and the Korean Defense Industry Attacks of 2017. He also appeared in SERICEO “Applying Security to Management”in 2015, and is the author of “Crazy About Security―The Security Story”(2016).
Presentation
Targeted Attacks on Major Industry Sectors in South Korea
[Summary]
This presentation focuses on the sustained cyberattacks made against Korean defense industry companies since 2011. The first part will cover an overview of the examples of cyberattacks made against major global, as well as domestic, defense industry companies.
The next part of this presentation will focus on the methods employed in the attacks, and the incidents and characteristics associated with the three groups that have persistently targeted the Korean defense industry firms.
The presentation will also examine the relationship between the malicious codes employed by these attackers and the existing malicious codes.
DFEG
Kyung-mo CHEONG
Analyst Digital Forensic Center of Cyber Bureau
KNPA
Case study: Chip-off techniques applied.
2017. 08. 31. 09:00 ~ 10:40
X
PROFILE
Kyung-mo CHEONG
Analyst Digital Forensic Center of Cyber Bureau
KNPA
Case study: Chip-off techniques applied.
2017. 08. 31. 09:00 ~ 10:40
Profile
- Master’s Degree from the Graduate School of Information Security, Korea University
- Member of the Digital Forensics Team of the 2012 Cyber Terror Response Center
- Currently serves as an analyst in the Digital Forensics Center Analysis Team of the Cyber Bureau
Digital Forensics Center Analyst Kyungmo Jung graduated from the Graduate School of Information Security of Korea University before joining the Korean National Police Agency (KNPA). This year marks his sixth year as a digital forensics analyst. As the foremost expert in digital forensics in Korea, his expertise in digital forensics and analysis is recognized worldwide and he has been invited for lectures and seminars in agencies worldwide such as the Federal Bureau of Investigation (FBI) and the INTERPOL.
Mr. Jung vows to continue the task of developing forensics techniques for the new challenges posed by the intelligent systems of the Fourth Industrial Revolution, as well as to safeguard the capabilities of the KNPA’s Digital Forensics Center as the leader of digital forensics techniques.
Presentation
Case study: Chip-off techniques applied.
[Summary]
Chip-off technique is a subset of digital forensics that involves the physical separation and extraction of data from the storage component—or the memory—of the device. It is used in situations where the evidence in question was rendered inoperable due to water damage, fire, or physical damage, or when extraction techniques have not yet been developed for such a device.
As the technique involves separating the memory from the circuit board through the application of heat, it poses a risk of damaging the component altogether. Thus, the application of the technique involves a standardized temperature profiling procedure and corresponding expertise on the handling of such devices.
Through numerous evidence analysis, a self-temperature profiling procedure has been developed, and he can now move on to spread the knowledge of this optimized training procedure.
Alex OGBOLE
Economic and Financial Crimes Commission
Nigeria
Digital Forensics & its Challenges in Africa: A case study of EFCC, Nigeria
2017. 08. 31. 09:00 ~ 10:40
X
PROFILE
Alex OGBOLE
Economic and Financial Crimes Commission / Nigeria
Digital Forensics & its Challenges in Africa: A case study of EFCC, Nigeria
2017. 08. 31. 09:00 ~ 10:40
Profile
Mr. Alex Ogbole in 2007 graduated with a Bachelor’s degree in Computer Science from the Benue State University Makurdi, Benue State, Nigeria. In 2009, his journey as a law enforcement officer with Nigeria’s Economic and Financial Crimes Commission started where he still works to date and is currently a Deputy Detective Superintendent. Mr. Alex’s eight years in the EFCC five of which has been as a cybercrime investigator. His experience in Cyber Crime Investigation which has been garnished with exposure to both National and International law enforcement organizations and transnational cybercrime cases to date.
His digital forensics journey started in 2013 in Slough, United Kingdom with Guidance Software’s Encase and them 2014 United Arad Emirate with Access Data’s FTK where he certified as an AccessData Certified Examiner. In 2015, he had Forensic Trainings in Milwaukee, United States and recertification with Access Data’s FTK in 2016.
He is Certified Digital Forensic Examiner and got inducted in 2016 into the Computer Forensic Institute of Nigeria. He currently heads the Cyber Crime Lab of the Lagos Zonal Office of the Commission
Presentation
Digital Forensics & its Challenges in Africa: A case study of EFCC, Nigeria
[Summary]
This talk will discuss the overview of Africa’s progress with Digital Forensics as well as challenges identified. The talk will then focus on the EFCC, Nigeria. The progress made so far in the use of Digital Forensics, reflecting our challenges and possible way forward.
Luciano KUPPENS
Head of the Computer Forensics Unit
Brazilian Federal Police
Open Source development in Digital Forensics
2017. 08. 31. 09:00 ~ 10:40
X
PROFILE
Luciano KUPPENS
Head of the Computer Forensics Unit / Brazilian Federal Police
Open Source development in Digital Forensics
2017. 08. 31. 09:00 ~ 10:40
Profile
Luciano Kuppens, head of the Computer Forensics Unit at the Brazilian Federal Police, has more than 12 years of experience in the field of digital forensics, including digital analysis and forensic reports, cryptanalysis, search and seizure operations, forensic applications development, tools evaluation, regulations, evaluation committees and as a teacher at National Police Academy.
Mr. Kuppens has a degree in Telecommunications Engineering, a Master of Science in Electrical Engineering and a Specialization in Cryptography. His main publications are related to cryptanalysis, including his thesis, “The Use of Custom Probabilistic Dictionaries to decrypt files during forensics analysis”, and the chapter “Encrypted Data Analysis” of “The Textbook of Computer Forensics”.
Since 2015, he is a member of the INTERPOL Global Cybercrime Expert Group.
Presentation
Open Source development in Digital Forensics
[Summary]
This talk will show the recent version of the Digital Evidence Extractor, a tool developed by the Brazilian Federal Police based on a well know open source digital forensic library, The Sleuth Kit. The tool, which was the result of the frustration with the available commercial options, is being used by not only by the Federal Police, but also by various Government agencies in Brazil. Now, we can quickly extract, process and hand over the data to the investigators team, enabling even non-technical personnel to easily analyze the evidence. This approach is very useful to tackle huge police operations, especially in non-cyber related crimes, where we have too much data to process and analyze.
Miguel A Cortes
Head of Group Forensic central unit
Spanish National Police
Virtualisations in digital forensic laboratories
2017. 08. 31. 09:00 ~ 10:40
X
PROFILE
Miguel A Cortes
Head of Group Forensic central unit / Spanish National Police
Virtualisations in digital forensic laboratories
2017. 08. 31. 09:00 ~ 10:40
Profile
Miguel Ángel CORTÉS RUBERTE, Inspector, Master Degree in Police Sciences, University Expert in Antihacking Techniques. Head of software Group of the Forensics and Engineering Software Section of the National Police. He is specialized in crimes that require advanced technical knowledge for their prosecution and Forensic Analysis.
He has worked for the Spanish National Police for twenty-one years as researcher in new technologies and software forensic investigation. During his career, he has carried out various teaching and research stays at University of Alcalá, University of Nebrija, and Autonomous University of Madrid among others. Currently, he is leading several important projects related to Cybercrime and Forensics for Spanish National Police.
Presentation
Virtualisations in digital forensic laboratories
[Summary]
This talk will discuss about the model of virtualized forensic laboratory which has developed in the Spanish scientific police: location and configuration of servers, virtual machines, and forensic data extractors.
Fernando Fernandez
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 09:00 ~ 10:40
X
PROFILE
Fernando Fernandez
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 09:00 ~ 10:40
Profile
Fernando Fernandez Lazaro is the Coordinator of the Digital Forensics Laboratory of the INTERPOL Digital Crime Center, INTERPOL Global Complex for Innovation (IGCI) in Singapore.
He graduated in Law at the Universidad Complutense of Madrid, and joined the Spanish National Police in 1996,holdingthegradeofChief-Inspector. He got a Master of Science at University College of Dublin on Forensic Computing and Cyber Crime investigation in 2008.
He started his career in the Organized Crime investigation Unit. In 2003 he became member of the High Tech Crime unit as member of the Internet fraud investigation group. In 2007 he was appointed as Head of the Support Section into the Unit focusing his work on forensic analysis and support of field officers from all the Central Units of Spanish Criminal Police to gather digital evidences having participated in the most renowned operations at a National level.
He has been participant of the European Working Cybercrime Group of INTERPOL since 2005 and Vice chairman of the Latin American group between 2011 an 2014. He has been leading a European Twinning Program to enhance the capacity on Fight against Cybercrime in Romania in 2010.
He started his work in Singapore in December 2014 holding the position of Head of the Digital Forensics Laboratory of the Interpol Global Complex for Innovation.
Matthew Sorell
Senior Lecturer University of Adelaide
Apple Watch post-mortem analysis
2017. 08. 31. 09:00 ~ 10:40
X
PROFILE
Matthew Sorell
Senior Lecturer University of Adelaide
Apple Watch post-mortem analysis
2017. 08. 31. 11:00 ~ 12:30
Profile
Dr Matthew Sorell is Senior Lecture in telecommunications and multimedia engineering in the School of Electrical and Electronic Engineering at the University of Adelaide. His research interests include digital photographic and video provenance and related forensic investigation of electronic devices. In 2008 and 2009 he initiated the International Conference on Forensic Applications and Techniques in Telecommunications, Information and Multimedia. Since 2013 he has been an invited academic observer to the UNODC intergovernmental experts group on cybercrime. Since 2015 he has led an annual study tour for the University of Adelaide on digital government and cyber security in Tallinn, Estonia, which is now supported by funding from the Australian Government.
 
https://researchers.adelaide.edu.au/profile/matthew.sorell
Presentation
Apple Watch post-mortem analysis
[Summary]
Wearable fitness devices are emerging as potential sources of evidence in major crime. The movements recorded by a Fitbit worn by a victim formed part of the portfolio of evidence in a murder committed in 2015 in the United States, but to date there is no example in the public domain of biometric data being used to investigate major crime. This talk will outline the challenges of extracting health data from an Apple Watch and iPhone, the interpretation of biometric data, and the research questions to identify the limitations of the analysis of data from the Apple Watch and similar devices.
Joshua Isaac James
Digital Forensic Investigation Research (DFIRE) Laboratory
Building an IoT Forensic Challenge
2017. 08. 31. 11:00 ~ 12:30
X
PROFILE
Joshua Isaac James
Digital Forensic Investigation Research (DFIRE) Laboratory
Building an IoT Forensic Challenge
2017. 08. 31. 11:00 ~ 12:30
Profile
Dr. Joshua I. James is an Adjunct Professor with the Legal Informatics and Forensic Science Institute at Hallym University in Chuncheon, South Korea, and a consultant for the United Nations Office on Drugs and Crime (UNODC). His focus is on digital forensic investigation and mutual legal assistance requests for digital evidence. Specifically, automation and tools to help investigators with practical investigation and international cooperation.
Dr. James received his undergraduate degree at Purdue University, USA specializing in Computer Networking and Security, and received his PhD in University College Dublin, Ireland in Computer Science with a focus in inference automation in digital forensic investigations.
Presentation
Building an IoT Forensic Challenge
[Summary]
This talk will discuss our experiences creating an Internet of Things (IoT) research laboratory for digital forensic research. Specifically, we will discuss the current state of IoT, IoT security and IoT devices in digital forensic investigations. We will describe the greatest challenges we have encountered when dealing with IoT devices, and how IoT devices will both help and hurt digital forensic investigations.
Ali Abrar
ICT and Software Engineering Home Office CAST, UK
Vehicle Forensics
2017. 08. 31. 11:00 ~ 12:30
X
PROFILE
Ali Abrar
ICT and Software Engineering Home Office CAST, UK
Vehicle Forensics
2017. 08. 31. 11:00 ~ 12:30
Profile
Abrar holds a BSc (hons) Physics degree and is currently completing an MSc in Forensic Computing. Abrar has always had a keen interest in modern technology including vehicles, in the past he worked professionally as a vehicle technician specializing in electronic diagnostics using common tools within the industry.
Abrar Ali leads technical projects for the Home Office Centre for Applied Science and Technology (CAST). Over the past 10 years Abrar has engaged with international experts across government and academia to develop technical capabilities for UK Law Enforcement ranging from surveillance equipment through to developing digital forensics techniques. Abrar has a broad and deep understanding of existing digital forensics techniques, he has also worked on the development of new techniques, such as the retrieval of data from drones and games consoles.
Abrar works within the Digital Investigations and Intelligence area within CAST under the Digital Crime Scene Forensics project investigating and supporting novel investigations. Abrar has supported the development of the area within CAST including setting up a dedicated user group and publishing quarterly bulletins across UK Law Enforcement. Abrar has presented to a variety of audiences ranging from practitioners to international delegates at conferences.
Presentation
Vehicle Forensics
[Summary]
This presentation will cover the existing capabilities to extract and interpret data held persistently within vehicle infotainment units and telematics systems. It will detail CAST’s involvement in vehicle forensic research as well as manage the expectations of practitioners when considering the way forward.
Matthew Simon
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 11:00 ~ 12:30
X
PROFILE
Matthew Simon
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 11:00 ~ 12:30
Profile
Matthew Simon is a Digital Crime Officer (DCO) at the INTERPOL Global Complex for Innovation (IGCI). He currently works in the Digital Forensics Laboratory (DFL) that provides incident response, training and digital forensics laboratory support to member countries. He is an expert digital forensics practitioner and an academic researcher.
Matthew has a PhD by research in digital forensics and a Bachelor Degree with First Class Honours from the University of South Australia.
Prior to working with INTERPOL, Matthew spent almost five years as an Electronic Evidence Specialist with the Electronic Crime Section of the South Australia Police in Australia. He is highly experienced in computer and mobile forensics. He has actively worked with police investigators on many serious criminal matters and has provided expert reports and oral expert testimony in numerous cases.
Derrick Donnelly
CIO
BlackBag Tech
The advantage of memory analysis in forensic investigations
2017. 08. 31. 13:40 ~ 15:10
X
PROFILE
Derrick Donnelly
CIO / BlackBag Tech
The advantage of memory analysis in forensic investigations
2017. 08. 31. 13:40 ~ 15:10
Profile
Derrick Donnelly currently serves as the Chief Technology Officer of BlackBag Technologies, a leading provider of multi-platform forensic software and hardware solutions. Derrick was a regular instructor for the FBI Computer Analysis and Response Team (CART) for over 8 years and have taught numerous other international, federal, state, and local law enforcement agencies around the World. He was also asked to participate in the first working group on computer forensic training and cross border search and seizures at the United States Department of Justice. Derrick has completed analysis and given testimony in connection with several Federal and state criminal and civil cases. BlackBag Technologies has recently become an InQTel partner company providing a series of enhancements to its flagship product BlackLight to the US Government.
Prior to BlackBag Technologies, Mr. Donnelly spent several years leading the IT Security Department at Apple Computers, where he architected and deployed secure computer/network solutions and oversaw all technical investigations and forensic analysis. Focusing on protecting Apple's intellectual property, he played key roles in securely implementing iTunes, Mac and the Apple online stores. Derrick has conducted many acquisitions and analyzed data in many various types of HR, Fraud, Intellectual Property/Leak, Criminal and Civil cases.,br /> Before joining Apple, Derrick served as a federal law enforcement officer for the Competition Bureau (Industry Canada) in Ottawa, Canada, managing the computer forensics group, and lecturing at the Canadian Police College. He also worked closely with the Royal Canadian Mounted Police, assisting on examinations of computers involved in many criminal matters. Derrick developed and delivered the first course at the Canadian Police College dedicated to Macintosh forensics. Derrick attended St. Francis Xavier University in Nova Scotia, Canada where he studied Information Systems. Derrick also volunteers has a Forensic analyst at the Santa Clara Police department and assists with multiple law enforcement agencies in the Silicon Valley.
Presentation
The advantage of memory analysis in forensic investigations
[Summary]
Many times in triage or traditional digital forensic analysis, live Memory can be overlooked. This presentation will focus on the value of analyzing memory objects that might exist on a computer drive or extracted from a live Memory dump. Many forms of information can be found in memory that might not exist on a typical hard drive. Much of this information can be quite volatile and may no longer be available once a system goes through a shutdown process. The Data can often point to exactly what the computer was doing at the time of acquisition.
Kresimir Hausknecht
INsig2
Anti-computer forensics
2017. 08. 31. 13:40 ~ 15:10
X
PROFILE
Kresimir Hausknecht
INsig2
Anti-computer forensics
2017. 08. 31. 13:40 ~ 15:10
Profile
Krešimir is the head of Digital Forensics Department in INsig2, privately held company from Croatia. He has extensive experience in both public and private sector where he has contributed to various programs and clients. Main tasks involve team and project management, working on cases and being a professional trainer in the field of digital forensics. He is an expert in live data forensics, malware and mobile forensics. In addition, he also teaches digital forensics classes on a privately held colleague in Croatia.
After he finished his master’s degree in information and communication technologies, he started working for Ernst and Young in IT Audit department and later joined INsig2 where he started as a consultant and professional trainer. He held over 1000 hours of trainings all over the globe and holds a number of professional certificates in the field of digital forensics such as CFCE, ACE, XRY, Oxygen etc. The structure of Krešimir career has given him a sound understanding of security principles, IT administration and many fields of digital forensics combined with the experience of applying that knowledge into a number of different environments technically and culturally.
His recent publications include: RAM data significance in Digital Forensics, Concepts and Methodology in Mobile Devices Digital Forensics Education and Training, Competencies and Skills needed for Digital Forensic Trainer, Live Data Forensics and many more.
Presentation
Anti-computer forensics
[Summary]
With any modern-day investigation relying increasingly on digital forensics, investigators and analysts are required to deal with anti-computer forensics methods on a daily basis. This presentation will explore the challenges investigators and forensic practitioners are facing when conducting digital forensics investigations.
This session will address anti-computer methods and possible mitigation techniques that will not stop the investigation but rather prolong or make the process extremely time consuming and therefore not possible to complete in a timely manner or be cost effective.
Johann Hofmann
Head of Griffeye
So long to tool silos
2017. 08. 31. 13:40 ~ 15:10
X
PROFILE
Johann Hofmann
Head of Griffeye
So long to tool silos
2017. 08. 31. 13:40 ~ 15:10
Profile
Johann Hofmann, MSc in Intelligent Systems Design (IT), has more than ten years' experience in applied image and video analysis gained in the specialist field of digital crime investigations. He is the CEO of Griffeye. Before this, he worked as law enforcement liaison and product manager for NetClean. Johann is in charge of Griffeye, a company that develops Griffeye Analyze product range, which is specifically designed for and aimed at law enforcement agencies investigating crime that involves processing, reviewing and managing massive amounts of visual data (image & video). With one foot in academia and the other in law enforcement, he has gained a deep and thorough understanding of law enforcement operations and requirements and how research can address the relevant issues. To date, he has successfully equipped law enforcement agencies operating in +70 countries with the powerful Griffeye Analyze technology.
Presentation
So long to tool silos
[Summary]
Over just a few short decades, our digital society has evolved at a mind-boggling rate. Digital crime has kept the same dizzying pace. The seized data was once often just small amounts and of quite rudimentary nature meaning one or two computer forensic tools could do the job. But the nature of digital information seized today is significantly different. The use of a whole range of specialized tools is required to achieve results. Unfortunately the concept of interoperability (i.e. tools sharing data) is not something that has been encouraged by the majority of the tool providers so far. So what happens to the case and your workflow when the information is stuck in one tool? A tool silo means you aren’t going to get the results your hard work deserves – and that can even mean crimes going unsolved. Luckily there’s light at the end of the tunnel. Collaborative efforts are working on getting investigators and examiners back in control.
Vincent Danjean
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 13:40 ~ 15:10
X
PROFILE
Vincent Danjean
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 13:40 ~ 15:10
Profile
Since 2003, Vincent Danjean is a dedicated international civil servant working for the INTERPOL Global Complex for Innovation.
Vincent is Head of Branch, Information Security and manages the Information Security Incident Response Unit. He works actively with other International Organizations, Law Enforcement and private sector partners in the fields of Technical Surveillance Counter Measures, Digital Forensics, and cyber investigations.
 
His previous assignments at the Management Planning and Policy Office or at the Security Sub-Directorate included:
- The coordination of implementing Operational Continuity and Recovery Plans as well as other ad-hoc urgency plans such as the Avian Flu Preparedness Plan;
- The internal auditing of INTERPOL’s offices overseas for physical security measures and Information Technology assets;
- Followed by the design and implementation of the physical security measures for the offices in Kenya and San Salvador. Vincent also established the physical security requirements for INTERPOL’s Thailand and Zimbabwe offices.
 
Vincent graduated with a Telecommunications’ Engineering BSc in 1993 at Queen Mary and Westfield College (London).
After a decade of IT management roles, Vincent embarked on a consultant role with Cap Gemini Ernst & Young (CGEY). He became a key player in the development of the security market for the south east of France.
At CGEY, for major French administrations and for large private sector customers, Vincent delivered strategic Information Security Management guidance. He innovated with the creation of a team to deliver technical security audits (also now known as “white hat teams”).
Vincent lives in Lyon, France with his wife and two daughters.
Yuval Ben-Moshe
VP Business Development Cellebrite
Mobile Forensic Horizons
2017. 08. 31. 15:30 ~ 17:00
X
PROFILE
Yuval Ben-Moshe
VP Business Development Cellebrite
Mobile Forensic Horizons
2017. 08. 31. 15:30 ~ 17:00
Profile
Yuval Ben-Moshe is the VP of Forensics Business Development at Cellebrite, the world's leading provider of digital forensic solutions. Mr. Ben-Moshe is a subject matter expert for the company and a central knowledge hub on all matters of forensics fostering the company's tight and intimate connection with the community of law enforcement agencies worldwide. As such Mr. Ben-Moshe brings with him a wide and global view on all that is happening in the world of Digital Investigations and Digital Forensics. As a subject matter expert Mr. Ben-Moshe is well vested in advising customers on establishing or upgrading of their operations covering the full range of Processes, Equipment and Solutions as well as Personnel training and certification plans.
Mr. Ben-Moshe has an accumulated experience of over 25 years heading many technological and business initiatives, with leading and innovative companies, mastering fields of security, cellular communication and cutting-edge software systems. Mr. Ben-Moshe is Cellebrite's primary speaker and representative with the long list of professional forums and conferences, sharing the company's innovative breakthroughs with the community, around the world and as such holds an irreplaceable view of the global markets and professional trends.
Presentation
Mobile Forensic Horizons
[Summary]
With the increased popularity of drones for leisure so increases the risk of using them for criminal activities creating a new set of challenges to forensic examiners. Taking down a drone is one thing but with the operator possibly standing kilometers away, finding the operator and attributing him to the captured drone is a task for forensic examiner. What data artifacts can be found on the various drones components and how these artifacts can assist with the attribution task is the topic of this presentation.
Martin Westman
MSAB
Make Mobile Forensic Data Accessible to All
2017. 08. 31. 15:30 ~ 17:00
X
PROFILE
Martin Westman
MSAB
Make Mobile Forensic Data Accessible to All
2017. 08. 31. 15:30 ~ 17:00
Profile
Martin Westman has a history as a forensics trainer with many years’ technical experience with hardware and software for mobile phones. He has been delivering mobile forensics training courses since 2004 and have created a large quantity of forensic frontline training material such as JTAG, eMMC reads and chip-off as well as decryption classes. He has on several occasions assisted law enforcement agencies on high profile and hard to crack cases with excellent results. In his role as Product Specialist, he is one of the crucial links between the development department and users, gathering and collecting requests for future improvements to MSAB’s products and also understanding local requirements in different countries. He provides technical assistance to customers as well as delivering educational presentations and workshops at conferences, exhibitions and seminars. Martin has experience within the mobile security field since 1994. This includes 5 years working as the R&D product manager for mobile devices within CASIO and was very active in the technical design of Bluetooth. Martin has a long history of delivering speeches and workshops with customers and organizations. HTCIA, F3, DC3, Mobile Forensics World, Techno Forensics and Crimes Against Children Conference are a few samples of where his previous workshops have been highly attended and appreciated.
Presentation
Make Mobile Forensic Data Accessible to All
[Summary]
In the continued rapid growth of “Mobile forensic data”, there is a need to make this as an integrated part of your daily work. Expanding mobile into new domains and broader operational usage will enhance ways of working and make the mobile forensic data more accessible
Lee Reiber
COO Oxygen Forensic
The Forensic Kill Chain
2017. 08. 31. 15:30 ~ 17:00
X
PROFILE
Lee Reiber
COO Oxygen Forensic
The Forensic Kill Chain
2017. 08. 31. 15:30 ~ 17:00
Profile
Lee Reiber started his journey as a member of United States law enforcement where he conducted digital forensic investigations until 2009 after almost 15 years of service. Lee’s training company, Mobile Forensics Inc., became one of the most prominent training companies in the United States for mobile forensics, training hundreds of students from law enforcement, Fortune 500 companies, and academia. MFI specialized in instructing their students on how to interpret and analyze mobile device data collected with multiple tools. It was Lee’s research that produced discoveries in data formats, date and time configurations, and file system artifacts that are still used in training today. Due to the extensive research, development and training reputation MFI became a part of a large global forensic company in 2009. In 2015 Lee departed the company and became the COO of one of the most recognized mobile forensic software companies in the world, Oxygen Forensic, Inc. specializing in deep data analysis of mobile device artifacts.
Lee has testified as an expert on mobile forensics in both criminal and civil cases during his 20-year career, consulted for both international and domestic companies requesting mobile forensic assistance, mobile device collections, data analysis and data interpretation. Due to his aptitude for deep analysis, Lee is frequently called upon to assist in high profile cases involving data from mobile devices when foreign data is encountered. Lee has written more than 50 articles on mobile forensics, has been featured in both national and international magazines and print, and has lectured around the world on mobile forensics and cyber security. His book, Mobile Forensics Investigations: A Guide to Evidence Collection, Analysis, and Presentation, was voted by his peers as the Forensic Book of the Year at this year’s Forensic 4Cast Awards.
Lee attended and studied psychology at the University of Las Vegas and holds a B.S in Computer & Digital Forensics from Champlain College.
Presentation
The Forensic Kill Chain
[Summary]
Often a military concept to the necessary elements for a successful victory in combat, but also used in the computer security model of cyber attacks. The term can be used for both offensive and defensive missions, but what about in forensics: particularly mobile device forensics. Overlaying a mobile device forensic examination into the "kill chain" can prove to be a blueprint and guide in an area that does not have a set of strict procedures. In this session you will gain information while working a theoretical concept into a real case in an effort to build a forensic kill chain.
Christopher Church
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 15:30 ~ 17:00
X
PROFILE
Christopher Church
IGCI (Moderator)
Discussion Panel
2017. 08. 31. 15:30 ~ 17:00
Profile
Christopher Church is a Senior Mobile Forensics Specialist within the Digital Forensic Laboratory. Christopher’s role involves supporting law enforcement in 190 member countries in the challenges they face undertaking digital forensics and tackling cyber crime.
Chris has been practicing digital forensics for 13 years. He started his digital forensics career at Metropolitan Police in London where he joined the Phone Forensic department. During the ten years, he created and became head of the Smart Device Unit where requirements of Smart Device Forensics and associated challenges were formulated and maintained as well as being involved in high profile case investigations and giving expert testimony in court. I trained and mentored numerous computer forensic and mobile phone examiners in digital forensics examination best practice as well as looking at the complex challenges that arise through such examinations.
Chris currently works in the INTERPOL Digital Forensics Lab which is instrumental in assisting 190 member countries in support, training and capacity building of digital forensics. The role involves operational on-scene support for specialized crime departments in INTERPOL, maintaining the Digital Forensic Lab capability. He has also been delivering training, support and mentoring for member countries digital forensics labs as well as working with companies and institutions to provide relevant training and solutions to the digital forensics examiner as well as the investigator. I have been at INTERPOL for 3.5 years. I have also been pushing the digital forensics lab in many firsts for the organization such as digital forensics on illegal fishing vessels and creating the yearly Mobile Expert Training Group.Example)
2017-09-01 Friday
ISCR
Craig NG
General Counsel
APNIC
Improving the Accuracy and Utility of WHOIS & Enhancing Partnerships with LE agencies
2017.09.01 09:00 ~ 09:30
X
PROFILE
Craig NG
General Counsel / APNIC
Improving the Accuracy and Utility of WHOIS & Enhancing Partnerships with LE agencies
2017.09.01 09:00 ~ 09:30
Profile
Craig is the General Counsel of APNIC ― the Asia Pacific Network Information Centre. As the General Counsel, Craig has overall responsibility for all legal matters at APNIC.
Craig is a member of the executive leadership team at APNIC. He advises APNIC on its legal obligations, and to ensure that its corporate governance practices meet the standards expected by its members and its stakeholder community. At APNIC, Craig leads its program of collaboration and cooperation with the law enforcement community.
Prior to joining APNIC, Craig was a senior partner at a national Australian law firm, a role he held for over 13 years. His legal practice at that time focused on representing various Government bodies in technology-related matters, as well as clients in the ICT sector.
Presentation
Improving the Accuracy and Utility of WHOIS & Enhancing Partnerships with LE agencies
[Summary]
APNIC is the regional Internet registry for the Asia Pacific region. It maintains the authoritative registry information for Internet number resources (that is, IP addresses and autonomous systems numbers), used in the Asia Pacific region.
APNIC provides a public WHOIS service which is used by network operators and law enforcement agencies to obtain information about registered resource holders and assignees of Internet number resources.
In this presentation, we discuss recent collaborative work and efforts between APNIC and the law enforcement community, together with the global Internet community, to further improve the accuracy and utility of WHOIS. We also discuss APNIC’s capacity building program, and our work with INTERPOL, to develop a more cyber-aware law enforcement community within the Asia Pacific region.
We will also discuss recent cases of attempted IP address hijacking and related frauds.
LEEM Man-gi
Director, Security Team
Line Corp.
Line Security – Now & Future
2017. 09. 01. 09:30 ~ 10:00
X
PROFILE
LEEM Man-gi Director
Security Team / Line Corp.
Line Security – Now & Future
2017. 09. 01. 09:30 ~ 10:00
Profile
Mr. LEEM Man-gi is a Senior Manager of LINE Corporation. He studied in Information Security at Dongguk Graduate School and proceeded to work at LINE Corporation in Japan since its inception. He is currently in charge of cyber security issues coordinating all regional LINE group companies including Korea, Japan, and East Asia region.
Before he started working for LINE Corporation, he had built his career in cyber security working at HackersLab Corporation. He managed and led ‘Free Hacking Zone’, the first cyber security Capture the Flag(CTF) model in the world in early 2000. He had been working for AhnLab as well as Naver Corporation as an administrator, security consultant, program manager, and program engineer before he moved to Line Corporation. He has become a cyber security senior manager at LINE Corporation.
Presentation
Line Security – Now & Future
[Summary]
LINE is a mobile messaging and voice calling app with social networking and gaming features that add a social entertainment aspect to messaging. This presentation introduces LINE’s messenger platform security model as well as cyber attacks we all have confronted in real time. This presentation also covers the ways to tackle the cyber threats.
Professor JANG Yoon-sik
Hallym University (Moderator)
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
X
PROFILE
Professor JANG Yoon-sik
Hallym University (Moderator)
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
Profile
Mr. JANG Yoon-sik was appointed as an inspector of the Korean National Police Agency(KNAP) right after he graduated from the Korean National Police University(KNPU) in 1994. Since then, he spent most of his time working for the Cyber Terror Response Center of the KNPA and KNPU as a professor of police science. During his career as a police officer, he mainly focused on the study of digital investigation, training, and research.
Mr. JANG took part in organizing multiple international conferences on cybercrime and training programs. In addition, he served as a project manager for international development and cooperation. Accordingly, he won the ‘2012 Korea’s Cyber Order Grand Prize’.
He has been with Hallym University since 2014, and is currently a professor dedicating himself to inaugurating Legal Informatics & Forensic Science, which is the subject pertaining to the utilization of ICT on legal issues in a global society.
He holds the post of director of the Legal Informatics & Forensic Science Institute. He’s got a PhD in Information Security from Korea University, and has worked on a number of research in various fields including forensics science as well as cybercrime.
HONG Sung-jin
Digital Crime Officer INTERPOL IGCI
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
X
PROFILE
HONG Sung-jin
Digital Crime Officer INTERPOL IGCI
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
Profile
Sungjin HONG, digital crime officer of the Interpol Global Complex for Innovation, serves in the Training Unit of Digital Investigative Support, Cyber Directorate. He also coordinated international cooperation for hundreds of cybercrime cases including cyber attacks on critical infrastructure and business email compromises while he was stationed in the Cyber Bureau of Korean Police. Sungjin is also an author of a manual on data disclosure request process and studied public security policy at the information security school of Korea University.
Christian ANCHALUISA Professor
Ecuador National Police Academy
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
X
PROFILE
Christian ANCHALUISA Professor
Ecuador National Police Academy
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
Profile
Christian ANCHALUISA SHIVE, (Quito-1986), is a career diplomat, lawyer, and lecturer, who is expert in human rights, citizen security and intellectual property. He holds an M.A in Security and Defense (National Institute for Advanced Studies-Ecuadorian Government Graduate School-IAEN) as well as a Bachelor of Laws and a J.D. (Pontifical Catholic University of Ecuador. At the moment, Consul of the Embassy of Ecuador to Korea.
He has been Professor of Human Rights and Public Policy on Citizen Security at the Superior Institute of Technology and the Superior Officers School of the National Police of Ecuador and also at the Institute of Forensic Sciences and Criminology of the Ecuadorian Ministry of Interior.
During this period with the National Police of Ecuador, he directed 10 academic researches on topics such as: crime prevention through environmental design, drug micro-trafficking, juvenile crime, social rehabilitation of children in conflict with the law, gender violence, among others.
Christian ANCHALUISA has published the following academic papers and books: “Functionality and influence in the international system of non-governmental human rights organizations as non-state actors”, “Reflections on security forces, state formation and rule of law”, “The Andean neoconstitutionalism and its connection with the International Human Rights Law”, Neoconstitutionalism and security, analysis of the emergency state in the Ecuadorian constitutions of 1998 and 2008”.
KANG Seounghun
Manager of Latin America and Caribbean Region Department, KOICA
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
X
PROFILE
KANG Seounghun
Manager of Latin America and Caribbean Region Department, KOICA
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
Profile
Mr. KANG Seung-heon is currently assigned to the Latin America and Caribbean Region Department, of the Korea International Cooperation Agency (KOICA). He holds a master’s degree in international development cooperation from the University of New South Wales in Australia. In 2007, he began his career with the KOICA’s Korea Overseas Volunteer (KOV) program in Morocco, and officially joined the KOICA in 2009. Since then, Mr. KANG has served as the manager of the CIS and Middle East Department, vice manager of the Iraq (Baghdad) office, Budget Planning Office, and manager of the El Salvador office (San Salvador).
During his time in El Salvador, Mr. KANG cooperated with the Korean National Police Agency (KNPA) in implementing security capabilities enhancement projects in Central American countries. After being reassigned to KOICA’s Latin America Department, he has been tasked with supervising security cooperation projects in the Central American countries.
As a part of his efforts in enhancing security cooperation between the Central American countries, Mr. Kang has also spearheaded the development of a joint project with the KNPA in the form of a SICA-KOICA-KNPA security cooperation conference.
Joshua JAMES
Consultant for the United Nations Office on Drugs and Crime(UNODC)
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
X
PROFILE
Joshua JAMES
Consultant for the United Nations Office on Drugs and Crime(UNODC)
Panel Discussion
2017. 09. 01. 10:30 ~ 12:10
Profile
Dr. Joshua I. JAMES is an Adjunct Professor with the Legal Informatics and Forensic Science Institute at Hallym University in Chuncheon, South Korea, and a consultant for the United Nations Office on Drugs and Crime (UNODC). His focus is on digital forensic investigation and mutual legal assistance requests for digital evidence. Specifically, automation and tools to help investigators with practical investigation and international cooperation.
Dr. JAMES received his undergraduate degree at Purdue University, USA specializing in Computer Networking and Security, and received his PhD in University College Dublin, Ireland in Computer Science with a focus in inference automation in digital forensic investigations.
DFEG
Yuri Gubanov
Belkasoft
Mysteries Inside SQ Lite Databases: Do They Store Dark Past?
2017. 09. 01. 09:00 ~ 10:30
X
PROFILE
Yuri Gubanov
Belkasoft
Mysteries Inside SQ Lite Databases: Do They Store Dark Past?
2017. 09. 01. 09:00 ~ 10:30
Profile
Yuri Gubanov is a renowned digital forensics expert. He is a frequent speaker at industry-known conferences such as HTCIA, EnFuse/CEIC, FT-Day, CAC, CACP, ICDDF, and others. Yuri organizes his own Belka-Day digital forensic conference in Russia. Yuri is the Founder and CEO of Belkasoft, the manufacturer of digital forensic software empowering police departments in more than 130 countries. With years of experience in digital forensics and security domain, Yuri led forensic training courses for multiple law enforcement departments in several countries. Besides, Yuri is a senior lecturer in St-Petersburg State University.
Presentation
Mysteries Inside SQ Lite Databases: Do They Store Dark Past?
[Summary]
On this session you will learn on how SQLite database stores its data, what is freelist, unallocated space, journal file and write-ahead log (WAL) file; how knowing these places may help you to get most out of a SQLite database, including deleted items. Armed with SQLite recovery techniques, you'll be able to extract more data from popular applications using SQLite as database engine; to name a few, Chrome, Firefox, iPhone SMS database, Skype, WhatsApp and many others.
Tajul Josalmin Tajul Ariffin
CyberSecurity Malaysia
DFL Competency & Capacity Building in Malaysia Landscape
2017. 09. 01. 09:00 ~ 10:30
X
PROFILE
Tajul Josalmin Tajul Ariffin
CyberSecurity Malaysia
DFL Competency & Capacity Building in Malaysia Landscape
2017. 09. 01. 09:00 ~ 10:30
Profile
Tajul Josalmin Tajul Ariffin holds a Bachelor of Science in Computer Science majoring Software Engineering from Management & Science University (MSU). He is also certified as AccessData Certified Examiner (ACE) and ASCLD/LAB-International Assessor. He has been involved in digital forensics field for 9 years to date. His experience includes on Quality Management System, ISO/IEC 17025: 2005, digital forensics investigation and analysis and Data Recovery.
He is currently the Operations Manager in Digital Forensics Department. He is responsible in managing the laboratory daily operations under his supervision. This includes the Computer Forensics, Mobile Phone Forensics, Multimedia Forensics (Image, Video and Audio) and Data Recovery laboratory in his department.
Apart from managing, he also still performs digital forensics examination and analysis on digital evidences. Mr. Tajul is specialized in Computer Forensics and Data Recovery where he has attended various training related to Digital Forensics. He is also currently the technical team leader for Data Recovery for Disaster initiative. Based on this achievement, he is currently the official reference expert appointed by Malaysian Administrative Modernisation and Management Planning Unit (MAMPU) on issues related to Data Recovery. To date, Mr. Tajul has handled more than 300 digital forensics cases. Apart from that, he also assists various Malaysia’'s Law Enforcement Agencies as a first responder for cases related to digital forensics. Occasionally, he is invited as a speaker at government organization and agencies; and also trainer for digital forensics course in CyberSecurity Malaysia.
Presentation
DFL Competency & Capacity Building in Malaysia Landscape
[Summary]
This presentation will focus the development of Digital Forensics Laboratory competency and capacity building from Malaysia’'s Landscape. CyberSecurity Malaysia is a national reference center for Information Security in Malaysia for more than 15 years since it was founded. The importance of knowing how to develop the capacity and competency in Digital Forensics Laboratory is vital if any law enforcement agencies needs to develop a laboratory. This presentation will also show the segregation of specialization types in Digital Forensics, the skill sets required and the level of competency needed.
Elena Shulga
CEO Ace Lab
Technical means for cybercrime investigation
2017. 09. 01. 09:00 ~ 10:30
X
PROFILE
Elena Shulga
CEO Ace Lab
Technical means for cybercrime investigation
2017. 09. 01. 09:00 ~ 10:30
Profile
Elena Shulga is the CEO of ACE Lab, the company that is the global leader in developing the professional data recovery tools. Throughout 25 years since its foundation, ACE Lab has been developing and manufacturing the world's most comprehensive tools for recovering data and evidence from logically and physically damaged storage devices including HDD, SSD, RAID, Flash, Monolith and other types of media.
During her 11-year career at ACE Lab, Elena Shulga has come a long way from a sales representative to the CEO of the company. Now she is responsible for running all facets of international business and providing data recovery solutions to 110 countries. Elena Shulga has a proven executive management track record and years of experience driving sales growth in the technology industry.
Being the CEO of ACE Lab, Elena Shulga has considerably extended ACE Lab's market presence in Asia, Europe, North and South America and Australia.
Elena Shulga graduated with honors from one of the best Russian universities, Taganrog State University of Radio Engineering, and got a Bachelor Degree in Enterprise Management at Taganrog Institute of Management and Economics.
Presentation
Technical means for cybercrime investigation
[Summary]
The internal structure of present-day storage devices is getting more and more complicated. If a storage device cannot ensure stable access to the data, it becomes a challenge to get evidence from it. If we deal with more difficult cases where a storage device is deliberately physically damaged by a criminal, special technical means are required to extract the data from a damaged storage device.
Moreover, almost all modern storage devices are self-encrypting by default, and we have to meet this challenge as well.
This talk will discuss the ways of getting digital evidence when the storage devices are physically damaged or password-protected and when the data is deleted, formatted or encrypted.
Matthew Simon
IGCI (Moderator)
Discussion Panel
2017. 09. 01. 09:00 ~ 10:30
X
PROFILE
Matthew Simon
IGCI (Moderator)
Discussion Panel
2017. 09. 01. 09:00 ~ 10:30
Profile
Matthew Simon is a Digital Crime Officer (DCO) at the INTERPOL Global Complex for Innovation (IGCI). He currently works in the Digital Forensics Laboratory (DFL) that provides incident response, training and digital forensics laboratory support to member countries. He is an expert digital forensics practitioner and an academic researcher.
Matthew has a PhD by research in digital forensics and a Bachelor Degree with First Class Honours from the University of South Australia.
Prior to working with INTERPOL, Matthew spent almost five years as an Electronic Evidence Specialist with the Electronic Crime Section of the South Australia Police in Australia. He is highly experienced in computer and mobile forensics. He has actively worked with police investigators on many serious criminal matters and has provided expert reports and oral expert testimony in numerous cases.
Anita HAZENBERG
Director Innovation Centre IGCI
DFEG Plenary Discussion
2017. 09. 01. 10:50 ~ 12:20
X
PROFILE
Anita HAZENBERG
Director Innovation Centre IGCI
DFEG Plenary Discussion
2017. 09. 01. 10:50 ~ 12:20
Profile
Chief Superintendent Anita Hazenberg took on the position of INTERPOL’s Director of the Innovation Directorate at the IGCI in Singapore in July 2017. In the National Police of the Netherlands, she worked as the Coordinator International Strategic Alliances and Deployment of the staff of the National Commissioner. She also was the Conference Director of ‘Pearls in Policing’, and responsible for International Management Development (IMD).
Upon her return to the Netherlands, in 2001, after a 4-year stint residing and working in France, she was given the task of ensuring the development of innovative, individual and collective ‘life-long’ programmes for senior leaders of the Dutch Police Services. This resulted in the establishment of the School of Police Leadership (SPL), of which she became the first director in 2006. She was a member of the Dutch delegation to the Governing Board of the European Police College (CEPOL) and initiated several pan-European training courses, one example being the Top Senior Officers Course (TOPSPOC).
Earlier in her career, the Dutch government seconded her to the Intergovernmental organisation, the Council of Europe in Strasbourg, France, in 1997. Its main role is to strengthen democracy, human rights and the rule of law throughout its 46 member states. She became the first ‘Police and Human Rights’ manager. For this new programme, she was tasked with its establishment, operation and development. Her responsibilities included: advising on organisational development, designing innovative police and human rights awareness and training materials, securing funding from a wide variety of donors and an active engagement in peacekeeping operations in Bosnia and Herzegovina, Albania and Kosovo.
In 1991, Ms. Hazenberg was appointed Director of European Network of Policewomen (ENP). She developed and executed the strategic and tactical policy of this international organisation, and was actively engaged in network building throughout the law enforcement world.
Having entered the Dutch Police Force in 1982 at the age of seventeen, she worked for several years as an operational officer in various parts of the Netherlands, eventually specialising in ‘Violence against women and children’. In addition to her operational work, she was part-time employee at Headquarters, acting as advisor to her police management on diversity and personal issues.
Anita Hazenberg has a Bachelor’s Degree in Social Welfare & Diversity Issues, and received her master’s Degree in Political Science and Public Administration from the VU University of Amsterdam. She also participated in the Top Management Course for the Dutch Military (LTD) and obtained her second Master’s degree in Change Management (SIOO).
97, Tongil-ro, Seodaemun-gu, Seoul, Korea