Agenda

If you are interested in speaking opportunity, please contact +852-3978-9900 or Eunice.mak@innoxcell.net

Day 1 - Management
09:00 - 09:15 President and Vice Presidents' Opening Address

09:15 - 10:15

Law Enforcement Session

- Allan Chu, Hong Kong Police

10:15 - 10:45

COFFEE BREAK

10:45 - 11:15

Privacy, Data Security & Corporate Internet Safety

- David Toddington, Founder and CEO of Toddington International Inc.

11:15 - 12:15

Cyber Crime & Security Panel Discussion

- Ramesh Moosa, Partner, PwC
- Stuart Levison, Chief Information Security Officer, Morgan Stanley Asia
- Allan Chu, Hong Kong Police
- Alfred Loo, Professor, Lingnan University

12:15 - 13:30 LUNCH
  Technical Track Management Track

13:30 - 14:30

Analyzing Malware

- BJ Gleason, Instructor, Sans Institute

[ Details ]

Laying the corporate groundwork for effective incident investigation: the quick wins

- Albert Hui, Principal Consultant, Security Ronin

14:30 - 15:30

Catching the ghost: How to do Live RAM Analysis

- Yuri Gubanov, Founder and CEO, Belkasoft

Exposing Smoke & Mirrors in Digital Forensics

- Mark Spencer, President, Arsenal Consulting

[ Details ]

15:30 - 16:00 COFFEE BREAK

16:00 - 17:00

Security Assessments on SCADA networks

- Chuan-Wei Hoo, (ISC)2 Authorized Lead Instructor / BT Singapore

Cyber-Security Programs

- Stuart Levison, Chief Information Security Officer, Morgan Stanley Asia

18:00 ~ COCKTAIL PARTY @ Cucina Terrace, Marco Polo Hong Kong
Day 2 - Technical

09:00 -12:30

Smartphone forensics through the cloud services

- Vladimir Katalov, CEO, co-owner and co-founder of Elcomsoft Co. Ltd

[ Details ]

Mobile Forensics at your fingertips

- Mark Spyers, Product Training Manager, Radio Tactics Ltd

[ Details ]

Beyond Timelines - Anchors in Relative Time

- Mark Spencer, President, Arsenal Consulting

[ Details ]

12:30-13:30 Lunch

13:30-17:00

I smell a RAT

- Alex Shim, Director, Security Consulting Services, Mandiant - Japan and
- Shanna Daly, Senior Consultant, Mandiant

[ Details ]

Digging for the truth: How to solve a digital forensic case with Belkasoft Evidence Center

- Yuri Gubanov, Founder and CEO, Belkasoft

[ Details ]

SQLite for iOS & Android and Windows Registry Analysis

- Nick Drehel, Jr.
Vice President, Computer Forensic Training, Syntricate
- Kevin Delong, Vice President - Mobile, Syntricate

[ Details ]

Day 3- Technical

09:00 -12:30

Encryption in smartphone apps, how it’s done and how to collect knowledge to decrypt hidden information. After public request this session will also include general JTAG knowledge and import extractions into XRY.  (This will be a technical session)

[ Details ]

- Martin Westman, Product Specialist, Micro Systemation

Nuix Core Training - Part 1

- Rob Attoe, Head of Global Training, Nuix

[ Details ]

Mobile Forensics: Challenges in Obtaining, Analyzing and Applying Evidence from Mobile Devices

- Galina Rabotenko, Marketing Director, Oxygen Software Company

[ Details ]

Incident Response and Indicators of Compromise

- BJ Gleason, Instructor, Sans Institute

[ Details ]

12:30-13:30 Lunch

13:30-17:00

Part I: Basic extraction with UFED4PC

Part II: Deep Dive Forensic Analysis with Physical Analyzer

- Buddy Tidwell, Director of Global Training, Cellebrite

Nuix Core Training - Part 2

- Rob Attoe, Head of Global Training, Nuix

[ Details ]

Forensic Explorer

- Graham Henley, Director, GetData Forensics

[ Details ]

Incident Response and Indicators of Compromise

- BJ Gleason, Instructor, Sans Institute

(Content same as AM)

EVENT VENUE

venue

Marco Polo Hong Kong Hotel

Harbour City, Tsim Sha Tsui, Kowloon, Hong Kong

EVENT DATE

3 December
Management Track

4-5 December
The Training Series

REGISTER NOW

For delegate registration, marketing cooperation, sponsorship or speaking opportunities, please contact us at
852 3978 9900 or Eunice.mak@innoxcell.net

Nuix Core Training

Nuix Core is a one-day training course aimed at giving new users a feel for Nuix technology. Nuix Core is an optional introductory course, and is not a prerequisite for any of the Nuix training paths.

During this one-day introductory course, you will:

The workshop includes multiple hands-on labs that will allow you to apply what you've learned during the lecture phases.

For the most effective learning experience, we choose to have smaller classroom sizes of 20 - 25.

Course syllabus: http://www.nuix.com/images/resources/Nuix_Training_Core_US_WEB.pdf

ClOSE

Mobile Forensics: Challenges in Obtaining, Analyzing and Applying Evidence from Mobile Devices

During this workshop learn to reveal suspect's or victim's way of life with timelines, communications and locations on a certain period of time. Investigators can track user location at every moment, build and map their historic routes, and clearly see all activities performed by the user at each location. Learn to discover social connections between the users of multiple mobile devices and produce charts and tables revealing the users’ closest circle at a glance. In this live demonstration find out what information mobile devices can hide about the device owner and what data can easily skip from the eyesight.

ClOSE

SQLite for iOS & Android

SQLite is the primary storage mechanism for iOS & Android devices, but is also used in Blackberry, Windows Phone and many applications on the PC & Mac. Understanding the way SQLite stores, deletes and accesses the data is critical when recovering deleted data or rebuilding application data. This course will teach students the basic components of a SQLite database like header information, calls, free-lists, and B-tree pages. Students will also learn how to manually rebuild relational tables used in application data by issuing simple SQL commands using free software. Commercial software will also be demonstrated that accomplishes similar results.

Windows Registry Analysis

More and more criminals are using technology as the basis of their criminal acts. These crimes include: fraud, identity theft, phishing, cyber attacks, piracy of copyright material, child pornography, etc. Computer Forensic Examiners must understand how the file system works in order to effectively examine the systems and recover evidence of the offense. One area that we must examine thoroughly on a Windows system is the Registry. The Windows Registry is the heart and soul of a computer system and the way that it tracks user activities could play and important role in proving that a file was accessed, external devices were used, and/or lead investigators to other evidence related to the investigation. The Registry can be seen as its own file system, and as such, we examiners can even recover deleted information. In the presentation, we will learn how the Registry is constructed and how data is stored. Attendees will also look at some of the key locations that contain data commonly needed for investigations.

ClOSE

Digging for the truth: How to solve a digital forensic case with Belkasoft Evidence Center

With many thousands applications, hundreds of data types and the abundance of file formats one can be easily lost. What data to look for, and where to search for it? Get hands-on experience with one of the most advanced forensic tools on the market – Belkasoft Evidence Center 2014. On this workshop you will learn methods, techniques and tricks, allowing you to discover all types of evidence in just a few clicks. You will learn more about data and file carving, Live RAM analysis and its difficulties, registry “low handing fruits” analysis, Mac and other Apple device specifics, mobile phone investigations, most up-to-date ways to find data hidden inside SQLite databases and so on.

All attendees of the workshop will receive official Belkasoft certificates which will allow you to officially prove your knowledge of the tool.

ClOSE

Exposing Smoke & Mirrors in Digital Forensics

Arsenal President Mark Spencer will lead attendees on a journey through the dark side of digital forensics in this revealing presentation. Mr. Spencer will share his experiences identifying and confronting the use of smoke and mirrors by “experts” and detail how he ultimately enlightened both his clients and the courts.

ClOSE

Beyond Timelines - Anchors in Relative Time

What happens to timelines when we believe that critical dates and times related to our evidence cannot be trusted? Arsenal Consulting has confronted cases involving such widespread date and time tampering that the utility of “traditional” timeline analysis came into question. We realized that we had to dig deeper in these cases, and began formalizing our practice of identifying both legitimate and illegitimate anchors in relative time. Arsenal President Mark Spencer will explain this practice, including how it was used on high-profile cases in the Middle East, and guide students through applying it themselves.

ClOSE

Smartphone forensics through the cloud services

Data acquisition from iOS devices can be done in different ways and most popular are logical (equal to backup made by the device) acquisition, advanced logical (using hidden services running in iOS) and physical acquisition (which is basically a bit-precise disk image). But now, there is one more alluring data dimension available for investigation - iCloud analysis.

The iCloud may contain a large amount of information not only in terms of storage capacity but also in terms of value for forensics. It may include the complete device backups (for all devices connected to the same Apple ID), geolocation data (Find My Phone data), documents (iWork), additional data saved by third-party applications, and other information essential for investigations. However, with our currently unique developments, acquiring and decrypting such information is a matter of time.

Getting access to iCloud accounts is another challenging question, especially if there is no Apple ID and password at hand. Nevertheless, our recent studies have shown that password-free access to iCloud is still possible even if the original Apple ID and password are not known. There is a way to bypass iCloud login and password authentication with help of specific information acquired from the computer where iCloud control panel was used.

In this seminar we will learn how and where iCloud data is actually stored, how to request and decrypt it, and how to analyse it. Some information in iCloud keychain is also provided — there are a ways to get all your passwords (including those from other devices), credit card data and actually everything stored there. We will also find out how to find iCloud authentication tokens and use them to get access to iCloud accounts without known Apple ID and password.

We can also dwell upon BlackBerry (10) forensics if there will be any time left.

ClOSE

I smell a RAT

Remote access tools, or RATs, are an integral part of the cybercrime toolbox and can provide full access to remote clients for malicious threat actors. Three of the most common malicious software tools that FireEye tracked in 2013 were Dark Comet, LV, and Gh0stRAT. In this workshop we’ll take you through detecting and responding to a Dark Comet infection. Using Redline, Mandiant’s premier free tool, we’ll show you where to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.

ClOSE

Analyzing Malware

So your IR team has discovered malware on a compromised system. Now what? To really understand what the malware was doing, we need to take it apart and get a closer look at it. Mr. BJ Gleason will discuss the basics of static and dynamic malware analysis, the common tools (debuggers, dissassemblers, decompilers, source code analyzers), physical and virtual analysis environments, and the anti-forensic techniques the malware authors are using to the prevent the reverse engineering of their code.

ClOSE

Forensic Explorer

In this hands on workshop learn about Forensic Explorer, an exciting new alternative to EnCase or FTK. Streamline your investigations. Learn how to:

ClOSE

Mobile Forensics at your fingertips

In this workshop, Radio Tactics will demonstrate how ACESO enables non-expert users to rapidly acquire data from digital mobile devices, SIM Cards, Memory Media and Mobile Apps using an enforced process to ensure both forensic and evidential integrity.

ClOSE

Incident Response and Indicators of Compromise

If your organization has an Internet connection or one or two disgruntled employees (and whose doesn't!), your computer systems will get attacked. From the five, ten, or even one hundred daily probes against your Internet infrastructure to the malicious insider slowly creeping through your most vital information assets, attackers are targeting your systems with increasing viciousness and stealth. With the rise of 0-Days, APTs, other cutting edge evasion techniques, it is quite possible that your intrusion detection tools are being bypassed. In this subset of the popular SANS SEC504: Hacker Techniques, Exploits & Incident Handling course (http://www.sans.org/course/hacker-techniques-exploits-incident-handling), Mr. BJ Gleason is will focus on Indicators of Compromise - the basic clues that indicate your system may have been compromised, from either internal or external sources. By helping you understand attackers' tactics and strategies, the in-depth information in this course will help you increase your security posture.

ClOSE

Encryption in smartphone apps, how it’s done and how to collect knowledge to decrypt hidden information. After public request this session will also include general JTAG knowledge and import extractions into XRY. (This will be a technical session)

We will look into how to reverse engineer encryption on an android device, and also look at the foundation of encryption with Salt’s hashes and iterations and different encryption algorithms.

We will also see how we can bypass (on windows phone and android) and retrieve (android) passcodes on mobile devices with JTAG and XRY.

There will also be a short session on XAMN, a analyst tools for multiple mobile phone extractions, extracted with multiple forensics tools.

It will be a technical session for the first part, more common knowledge after the break.

ClOSE