ATTENTION: THE CONFERENCE IS PLANNING TO CONTINUE VIRTUALLY
Schedule
Below please find a list of the conference events.
NOTE: ALL SCHEDULE TIMES ARE IN SINGAPORE TIME (UTC+8)
Day 1 – Tuesday, June 9th 15:00 – 19:00 (Tuesday, June 9th 03:00 EST AM – 07:00 AM EST)
Day 1 Overview
Welcome to the 2020 DFEG Virtual Conference!
At the official opening of the conference, INTERPOL will welcome the participants and present on capacity building activities since DFEG 2019 such as their efforts among ASEAN and South Asian countries. Member countries will present case studies and participants will hear about advancements in the mobile forensic domain. Finally, the University of New Haven will present the conference’s 1st Annual Digital Forensics Challenge.
15:00 - 15:15 (SINGAPORE)
03:00 - 03:15 AM (EST)
INTERPOL Welcome & Introduction of Moderator – Anita Hazenberg, Director IC
Review of Conference Schedule and Final Request for Presentations – University of New Haven
15:15 - 15:45 (SINGAPORE)
03:15 - 03:45 AM (EST)
INTERPOL Digital Forensics Updates since DFEG 2019 – Review key activities – Fernando F. Lazaro: Head of INTERPOL Digital Forensics Laboratory, Antonio Salgado Delgado: INTERPOL Project Manager
Members from INTERPOL Digital Forensic Laboratory (DFL) and Capacity Building and Training (CBT) will introduce Digital Forensic related projects, country updates, cooperation on ASEAN and South Asia member countries and any other business. This session will be an opportunity for participants to suggest areas of interest for future projects that might be reflected in a concrete proposal.
15:45-16:30 (SINGAPORE)
03:45-4:30 AM (EST)
Case Studies from Member Countries LEA
LEA representatives will present on cases which they have worked on demonstrating examples of case work and the lessons they learned during those cases. This will also enable the discussion between attendees and to encourage knowledge sharing and collaboration. In this interactive session, participants will have the opportunity to share their challenges and successful investigations with colleagues and have a better understanding of solutions for their daily work. This session will contribute to bringing to the floor new topics where participants will be encouraged to show successes in operational cases with innovative elements.
Speaker: Christian Hummert: Director of Digital Forensics at Central Office for Information Technology in the Security Sector – Germany
Mobile devices, especially smartphones represent a unique challenge for law enforcement. Criminal offenders use phones to communicate, coordinate, organize and execute criminal actions. This is (...)
especially true for organized crime and terrorist organizations. This development provides new challenges for criminal prosecution and it is vital to empower law enforcement to access the data stored on mobile devices to use it as court evidence in a trustworthy and reliable manner. The overarching objective of FORMOBILE is to establish a complete end to end forensic investigation chain, targeting for mobile devices. To achieve this goal three objectives will be pursued. Novel tools shall be developed that include the acquisition of previously unavailable mobile data, unlocking mobile devices, as well as the decoding and analysis of mobile data. Based on the definition of requirements of law enforcement and legal and ethical issues a new mobile forensics standard (CEN Workshop Agreement) shall be developed. With the developments of the new standard and the new tools, training for police and criminal prosecution will be established, providing the end users with the latest knowledge in a novel and an innovative curriculum to ensure a quality standard of investigations.
Speaker: Dr. Ibrahim Baggili, Elder Family Endowed Chair, Director of Samuel S. Bergami Junior Cybersecurity Center, Connecticut Institute of Technology: Digital Forensics in the Next 5 Years
Cyber forensics has encountered major obstacles over the last decade and is at a crossroads. We present data that was obtained during the National Workshop on Redefining Cyber Forensics (NWRCF) supported by the National Science Foundation and organized by the University of New Haven in the United States. (...)
Qualitative and Quantitative data were analyzed from twenty-four cyber forensic expert panel members. This work identified important themes that need to be addressed by the community, focusing on (1) where the domain currently is; (2) where it needs to go and; (3) steps needed to improve it. Furthermore, based on the results, we articulate (1) the biggest anticipated challenges the domain will face in the next five years; (2) the most imporant cyber forensics research opportunities in the next five years and; (3) the most important job-ready skills that need to be addressed by higher education curricula over the next five years. Lastly, we present the key issues and recommendations deliberated by the expert panel. Overall results indicated that a more active and coherent group needs to be formed in the cyber forensics community, with opportunities for continuous reassessment and improvement processes in place.
16:30-17:00 (SINGAPORE)
04:30-05:00 AM (EST)
BREAK
17:00-18:00 (SINGAPORE)
05:00-06:00 (EST)
Mobile Forensics Presentations- 20 minute blocks
DFEG will give the opportunity to private companies to present on the challenges that investigators will face in the area of mobile forensics when dealing with handset locks, encryption and the connected services such as cloud systems and secure platforms.
Speaker – Stuart Hutchinson, Oxygen Forensics: Messenger Forensics, Evidence Hide and Seek
Messengers nowadays are without doubt a primary source of digital evidence storing a tremendous amount of user data including chats, shared files, geo locations, contacts, and many other artifact. (...)
Due to the limitation of the current mobile device extraction methods, sophisticated app encryption and app features that include self-destruct messages and hidden chats getting this valuable evidence has already become a great challenge for investigators. In this session we will talk a wide range of messengers, like WhatsApp, Viber, Telegram, Facebook, Signal, Wickr Me, Threema, etc. that are popular not only with law-abiding users but also with drug dealers, terrorists, and people sharing sexual abuse images. We will examine their encryption algorithms, secret and hidden chats, and alternative extraction methods from computer and cloud including some methods exclusively available in Oxygen Forensic® Detective software.
Speaker – Dusan Kozusnik, CEO, Compelson Labs, Czech Republic
The presenter will discuss a new topics and techniques, including:
-
iPhone unlocking – new possibilities
-
Android unlocking in 2020
-
Challenges in application analysis
-
Important evidence you might be missing
Speaker – Oren Lewkowicz, Cellebrite: From Application Insights to Actionable Intelligence
With the rapid proliferation of mobile devices, and the explosive amount of mobile applications (apps) available to users, examiners and investigators often struggle with how to access a device and where to focus their initial examination efforts. Innovation and constant technical changes have made this industry extremely dynamic, despite the dominance of a few global vendors. Each handset has unique technical attributes that introduce (...)
new and unique challenges to forensically sound, digital-data extraction for forensics examiners around the globe. Cellebrite continues to stay abreast of the market with leading research to tackle the toughest devices.
As more investigations rely on mobile app data as the primary and invaluable source of digital evidence, examiners must be equipped with the knowledge and tools to recognize the applications found on a mobile device in question, and understand what evidentiary data is likely to reside in the app. In this session, we will review new innovations from Cellebrite that help expedite the extraction process as well as assist in recognizing and reviewing of key application data.
The presenter will discuss and cover new topics and techniques including:
- New era in iOS with checkm8
- Generic extraction with Qualcomm live
- Samsung Decrypting Exynos
- Application Insights
18:00-18:30 (SINGAPORE)
06:00-06:30 (EST)
Forensic Challenge via the Artifact Genome Project – Ibrahim Baggili, Cinthya Grajeda-Mendez – University of New Haven
A Digital Forensic Challenge will be presented to participants who will have one week to work through it and provide solutions to the proposed scenario. In this session a short training on the Artifact Genome Project website (https://www.agpnewhaven.com), will also be delivered so to have a better understanding of the artifact hunting tradecraft. NOTE: DFEG participants that want to participate will need to register for an AGP account, however registration will not be available until the start of the challenge.
For more information and instructions to register for this Challenge, please download the following presentation provided for your convenience.
AGP Forensic Challenge Download
18:45 (SINGAPORE)
06:45 AM (EST)
Day 1 Wrap Up:
Anita Hazenberg – Director IC
Cory Hall – MITRE & Moderator
Fernando F. Lazaro – Head of INTERPOL Digital Forensics Laboratory
Luciano Kuppens – Digital Forensics Lab INTERPOL
Ibrahim Baggili – University of New Haven
Day 2 – Wednesday, June 10th – 2100-2400 ( Wednesday, June 10th 09:00 AM EST – 12:00 PM EST)
Note: Times based on Singapore Time
During Day 2 presenters provide digital forensic organization overviews and case studies from their respective country, then attendees will hear from leaders of current digital investigation open source efforts that are building capability for digital forensic practitioners worldwide
21:00 - 21:15 (SINGAPORE)
9:00 - 9:15 AM (EST)
Day 2 Kickoff – Anita Hazenberg, Director IC
The INTERPOL Host will present an overview of the presentations for the day.
21:15-22:00 (SINGAPORE)
9:15-10:00 AM (EST)
Case Studies from Member Countries LEA- Round 2
LEA representatives will present on cases which they have worked on demonstrating examples of case work and the lessons they learned during those cases. This will also enable the discussion between attendees and to encourage knowledge sharing and collaboration. In this interactive session, participants will have the opportunity to share their challenges and successful investigations with colleagues and have a better understanding of solutions for their daily work. This session will contribute to bringing to the floor new topics where participants will be encouraged to show successes in operational cases with innovative elements.
Speaker – Scott Lalliss, United States Department of Defense Cyber Crime Center: Detecting Device Counterfeiting, Fraud, and Supply Chain Tampering
This presentation will explore the use of comparative analysis for detecting device anomalies, which can include software or hardware implants, gray market components, or other items that are not consistent with what is expected in a given system. How these findings can be useful to an investigation will also be introduced.
Speaker- Fábio Sicoli – Digital Forensics Expert, Deputy Head, Digital Forensics Unit, Federal Police (Brazil)
In this session, the main tools developed by the digital forensics team of the Brazilian Federal Police will be presented. This includes software used during search and seizure operations, forensic analysis and the delivery of reports and their data. The upcoming features, innovations and current fields of research will also be presented.
22:00-22:30 (SINGAPORE)
10:00-10:30 AM (EST)
BREAK
22:30-23:30 (SINGAPORE)
10:30-11:30 AM (EST)
DFEG Collaboration Session on Open Source
In previous Digital Forensics Expert Group (DFEG) meetings, it was highlighted that it would be a good practice for LEA to include more Open Source tools in their portfolio. It would help agencies to save money but at the same time to mitigate possible criticism that the analysis process has compromised the evidence due to unknown or perhaps untrustworthy code. This session will allow participants from LEA to share initiatives in which their agencies are working and discuss pros and cons of these tools.
Speaker- Peter Pilley, New Zealand – INTERPOL DEVOPS FORCE FORGE
The speaker will present on the INTERPOL DEVOPS community's effort to build a managed open source tool repository for online child crimes investigators worldwide.
Brian Carrier, United States – Autopsy Updates
Autopsy continues to add unique features that are not found in commercial tools. In this talk, we will cover the core features in Autopsy with a focus on the newer and unique features. These new features include a central repository to collect data from past cases for correlation, portable cases to make it easy to share results, support for mobile devices and drones, and much more. This talk will expose you to the powerful features that can be found in this free software and the benefits of writing plug-in modules for it.
Eoghan Casey, Switzerland- Knowledge Modeling with CASE/UCO
The speaker will present an overview of the open source CASE/UCO effort which strives to build open access ontologies for the cyber and digital investigation domain. Seventy members representing thirty-five organizations are currently taking part in this knowledge engineering effort.
23:30 (SINGAPORE)
11:30 AM (EST)
Day 2 Wrap Up:
Anita Hazenberg – Director IC
Cory Hall – MITRE & Moderator
Fernando F. Lazaro – Head of INTERPOL Digital Forensics Laboratory
Luciano Kuppens – Digital Forensics Lab INTERPOL
Ibrahim Baggili – University of New Haven
Day 3 – (Week 2) Tuesday June 16th, 2020 15:00-19:00 Singapore Time (Tuesday June 16th, 03:00AM – 07:00AM EST)
For Day 3, presenters will provide digital forensic organization overviews and case studies from their respective countries and attendees will hear from leading academic researchers who are making contributions to the domain of digital investigations. Afterwards, participants will hear from presenters on various applied digital forensics topics.
15:00-15:15 (SINGAPORE)
03:00-03:15 AM (EST)
INTERPOL Welcome and outcomes of the first week of DFEG 2020- Anita Hazenberg, Director IC
15:15 - 15:30 (SINGAPORE)
03:15 - 03:30 (EST)
Update on Digital Forensic Challenge – Ibrahim Baggili/Cinthya Grajeda-Mendez – The University of New Haven
15:30 - 16:15 (SINGAPORE)
03:30 - 04:15 (EST)
Case Studies from Member Countries LEA
LEA representatives will present on cases which they have worked on demonstrating examples of case work and the lessons they learned during those cases. This will also enable the discussion between attendees and to encourage knowledge sharing and collaboration. In this interactive session, participants will have the opportunity to share their challenges and successful investigations with colleagues and have a better understanding of solutions for their daily work. This session will contribute to bringing to the floor new topics where participants will be encouraged to show successes in operational cases with innovative elements.
Speaker – Eng. Arturo Ham Pichardo: Cybercrime Investigation and Prevention Actions, Case Study from Mexico
Speaker- Dr. Aswami Ariffin, Senior Vice President, Cyber Security Response Services, CyberSecurity Malaysia: A Malware Detection Framework Based on Machine Learning to Mitigate Infection at National Level
Detection of malware intrusion requires identification of its signature. However, it is a complex task due to the malware sophisticated ability to evade security mechanisms that are deployed by cybersecurity practitioners. Evasion is possible due to authors of malwares changing its specifications using metamorphism or polymorphism tactics. (...)
Currently it is necessary to formulate a malware detection method focusing on dynamic and automated forensic analysis of malwares for eradication. Malware “Indicator of Compromise” or IOC data analysis with machine learning can be formulated as techniques to obtain its signatures. An applied technical approach is needed as cyber-attacks using malwares with new or changed signature are pandemic and remain undetected. Thus, this research proposed a malware detection framework based on clustering approach to overcome the challenging situations. Data analysis of IOC collected from cyber threat intelligence activities is used to devise malware signatures. For validation purposes, the framework is experimented in detecting malwares by referring to the signatures derived from the analysed IOC data. Additionally, the framewoork can be a reference for cybersecurity practitioners to conduct threat hunting within their IT systems.
Speaker- Rabin Basnyat, Superintendent of Police and Head of Digital Forensics Lab Nepal Police
The presenter will provide an overview of the operations of the Digital Forensics Laboratory of Nepal for the first five years of operations. The presenter will discuss a country-specific case study.
16:15-17:15 (SINGAPORE)
04:15-05:15 (EST)
Academic Research Presentations
DFEG will give the opportunity to selected academic researchers to present their research projects and discoveries.
Speaker – Mark Scanlon, University College of Dublin: Improving Automated Underage Facial Age Estimation
CSEM investigation is one of the most common case types in digital forensic laboratories in law enforcement throughout the world. Processing these cases can have a negative psychological effect on the investigators who have to categorize the material for prosecution. These cases are perfectly poised (...)
to leverage recent advances in deep learning and computer vision to identify pertinent, actionable information quickly during an investigation. One of the fundamental questions pertains to the age of the subjects encountered. This talk explores the state of the art in this topic and outlines one such deep learning model for underage age estimation.
Speaker – Harm van Beek PhD, Digital Forensic Research Director Netherlands Forensics Institute: Hansken Update
The last decade, Dutch law enforcement organizations have joined their forces to fight the challenges in digital forensic investigations. This resulted in providing digital forensic as a service based on a centralized platform called Hanksen. This game changing way of processing digital traces has been used in over 1300 crime cases. To bring the platform to the next level (...)
we work on making Hansken available to LEAs and supporting science institutes. In this presentation we give a short wrap up of the current status of Hansken, after which we present out vision on investigating and innovating in the digital forensic domain, based on international cooperation and knowledge sharing.
Speaker – Matt Burns, CEO, CameraForensics – Spotting the Abnormal
How do you spot abnormalities when analyzing a single digital image? The presenter explores the possibilities that open up after you have processed billions of images to visualize what constitutes as “normal.”
17:15 - 17:30 (SINGAPORE)
5:15 AM - 5:30 AM (EST)
BREAK
17:30-19:00 (SINGAPORE)
05:30-07:00 AM (EST)
Applied Digital Forensics
During this session attendees will hear from digital forensics practitioners on various digital forensics techniques.
Speaker – Nasir Memon, New York University, Camera Identification
Speaker – Roman Morozov, Head of Technical Support, ACE Lab: A Bypass to a TRIM Erase Function of Modern Western Digital SMR Drives
TRIM is a well-known technological command for SSDs, that completely erases all deleted information. Classic HDDs are safe from this, so all deleted data stay on HDD. Today, modern Western Digital SMR drives with TRIM are becoming a huge problem for digital forensic specialists. It is possible to bypass it somehow? Let’s find the answer in this session.
Speaker – Yulia Samoteykina, Director of Marketing – Atola Technology
Damaged drives in forensic investigations present both a challenge and an opportunity. Without appropriate technology to retrieve data (...)
(or sufficient funds to outsource data recovery), investigators are forced to dismiss damaged media. At the same time, investigators possessing such tools can base their case on the evidence from a damaged drive, even if the suspect was able to delete data from all functioning storage devices. Lack of resources (financial, technical, human and, most importantly, time related) is connsistently the biggest challenge facing digital forensic investigators. Therefore it is necessary to have technology that would allow for through yet efficient evidence retrieval process. Multi-pass imaging is the solution that balances out thses requirements. Verifying an image of damaged meda is impossible with the conventional “linear” hashing method. Segmented hashing is the concept tthat allows such verification and proper submission of evidence in court.
Speaker – Andrew Mahr, Sophia Mateo – University of New Haven: Zooming into the Pandemic! A Forensic Analysis of the Zoom Application
The global COVID-19 pandemic turned the spotlight on videoconferencing applications. Applications like Skype, Google Meet, and Microsoft Teams have all seen increased usage. Zoom has rapidly become one of the most turned to applications as schools and businesses seek to stay operable. Notwithstanding, the increased usage in Zoom has brought to light a number of vulnerabilities and exploits in the application. We provide the primary account of the forensic analysis of Zoom on iOS, Android, Windows 10 and macOS. Our findings may prove useful in future investigations involving Zoom digital evidence.
19:00 (SINGAPORE)
7:00 AM (EST)
Day 3 Wrap Up:
Anita Hazenberg – Director IC
Cory Hall – MITRE & Moderator
Fernando F. Lazaro – Head of INTERPOL Digital Forensics Laboratory
Luciano Kuppens – Digital Forensics Lab INTERPOL
Day 4 – Wednesday, June 17th 21:00-24:00 Singapore Time (Wednesday, June 17th 09:00 AM – 12:00 PM EST)
On the fourth and final day of the conference, presenters will speak on applied digital forensics topics which will be followed by a panel discussion on best practices for operating digital forensic operations in the time of COVID-19. The winner of the DFEG 1st Annual Digital Forensics Challenge will be announced.
21:00 - 21:15 (SINGAPORE)
09:00 AM - 09:15 AM (EST)
INTERPOL Welcome and outcomes of the first week of the Digital Forensics Experts group 2020 – Anita Hazenberg, Director IC
21:15-22:15 (SINGAPORE)
09:15-10:15 (EST)
Applied Digital Forensics Triage
Speaker- Mark Guido, United States, The MITRE Corporation, Periodic Mobile Forensics
Timely acquisition and analysis of all the data contained on Android devices is critical to successful device triage. Periodic Mobile Forensics is a MITRE research project focused amongst other priorities, at rapid, accurate, physical acquisition of Android devices. Timely triage includes gaining access and privileges on the target device, then moving as much data as possible as fast as possible from the target device to the awaiting analytic processes. The presenter will discuss some of these advanced triage techniques and show DFEG attendees where the techniques are available in published literature and in products on the market.
Speakers- Rich Brown and Cory Hall, United States – Project VIC – Advancements in AI and Machine Learning tools to triage digital material in child abuse cases.
The presenters will provide a brief overview of Project VIC and a discussion on recent advancements in the VICS 2.0 data model, SAFER Viewing technologies, and other technologies available to Project VIC partners
Speakers- Barbara Guttman, United States National Institute of Standards and Technology and Sallie Edwards, MITRE National Cybersecurity FFRDC
What resources do you use to find practical advice to address your cybersecurity challenges? The NIST National Cybersecurity Center of Excellence (NCCoE) as a collaborative hub provides freely available practical guidance to address technical cybersecurity challenges. Sallie Edwards will briefly describe NCCoE, highlight recent work, and how you can access it when you need it.
Computer Forensics Tool Testing: NIST has been testing computer forensics tools for almost 20 years. Barbara Guttman will give a brief overview of what we've done and, more importantly, how to leverage the NIST work to move testing to a community based approach. She will also discuss the recently released NIST Black Box Study on Digital Forensics
22:15-23:15 (SINGAPORE)
10:15 - 11:15 AM (EST)
Speaker – Jared Stroud, The MITRE Corporation, United States – “Down with The Sickness: Getting Started with COVID-19 Domain Research”
Are you curious to how criminals are leveraging the pandemic? Would you like to get started doing this research yourself? This presentation will outline some simple steps to get started with collecting COVID-19 related domain data. Additionally, the presenter will discuss some interesting findings made along the way.
Panel Discussion on Digital Forensics in the Times of COVID-19 Panel Moderator: Steve Watson, VTO Labs
This session will host a panel discussion hosted by representatives operating in digital forensic laboratories around the world. We will have open discussion on best practices in running digital forensic operations in the times of COVID-19.
Panelists:
Jessica Hyde – Director of Forensics, Magnet Forensics
Chris Poldervaart – Executive Director and Global Head of Digital Forensics and Incident Response, JP Morgan Chase
Jose Alberto – Head of Computer Forensic Section, Spanish National Police
Jared Stroud – Staff Cyber Security Engineer – MITRE
Mitch Kajzer – Director, Cyber Crimes Unit, Office of the Prosecuting Attorney, St. Joseph’s Prosecutor, Notre Dame Indiana
Laura Hernandez – Digital Forensics Examiner, St. Joseph’s Prosecutor, Notre Dame Indiana
Fabio Sicoli – Deputy Head, Digital Forensics Unit, Federal Police, Brazil
Scott Lalliss – Senior Technical Lead, Cyber Forensics Laboratory, US Department of Defense Cyber Crime Center
Fernando F. Lazaro – Head of INTERPOL Digital Forensics Laboratory
23:15 - 23:30 (SINGAPORE)
11:15 - 11:30 AM (EST)
Presentation of Digital Forensic Challenge Contributions and Challenge Winner – Ibrahim Baggili, The University of New Haven, Anita Hazenberg, Director IC
23:30 (SINGAPORE)
11:30 (EST)
DFEG 2020 Conclusions and Recommendations – INTERPOL Moderated
This session will serve for participants to discuss next steps which INTERPOL DFL needs to take to ensure that there is consistent engagement with the DFEG attendees and discuss some future initiatives, potential opportunites and the roles they may have in shaping the future of digital forensics globally.
DFEG 2020 Conference Closing – Anita Hazenberg, Director IC
INTERPOL will address any final questions and identify conference outputs and long-term availability of conference presentations.
Apply to attend now!
For more information and to apply for the event, please proceed by clicking the button below.