Conference Program
7:30AM–9:00AM Registration and Breakfast |
||||
LE/GOV Lab Only | Lab | Lab | Lecture | Lecture |
9:00AM–10:30AM More Data, Better Focus: Improve Your ICAC Investigations with AI and Categorization* |
9:00AM–10:30AM AXIOM Essentials |
9:00AM–10:30AM Supporting the Unsupported: Carving, Parsing, and Creating Custom Artifacts |
8:30AM–9:30AM Virtual Currency Investigations: Fear Not the Blockchains |
8:30AM–9:30AM Internet of Things Forensics |
9:45AM–10:45AM Windows Event Trace Log (ETL) Forensics |
9:45AM–10:45AM IOC Easy as 1-2-3 |
|||
10:30AM–11:30AM Break and Ask the Expert Stations |
||||
11:00AM–12:30PM Using GrayKey and AXIOM to Acquire and Parse iOS Data That Other Tools Miss* |
11:00AM–12:30PM Forensics in the Corporate Cloud: How to Conduct Office 365 and Google Suite Investigations |
11:00AM–12:30PM Cloud Forensics for Law Enforcement: Get the Evidence You Need to Move Cases Forward |
11:30AM–12:30PM Memory Forensics: Using Memory Forensics Analysis to Guide Your Investigation |
11:30AM–12:30PM Improvise, Adapt, Overcome: A New Mantra for Digital Forensics Professionals |
12:30PM–1:30PM Lunch |
||||
1:30PM–2:30PM Guest Keynote by Ovie Carroll, Director of DOJ CCIPS Cybercrime Lab, SANS Instructor and Author |
||||
2:30PM–3:00PM Break and Ask the Expert Stations |
||||
3:00PM–4:30PM Using GrayKey and AXIOM to Acquire and Parse iOS Data That Other Tools Miss* |
3:00PM–4:30PM From Dead Box to Live Memory: Breathing Context into Forensic Investigations |
3:00PM–4:30PM Supporting the Unsupported: Carving, Parsing, and Creating Custom Artifacts |
3:00PM–4:00PM Windows Store & Apps (APPX) Analysis |
3:00PM–4:00PM Innovative Solutions for the Changing Nature of Digital Forensic Investigations "I'm a 19-Year Old College Student...and I Carry a Badge." |
4:15PM–5:15PM Mobile Panel |
4:15PM–5:15PM Leveraging PowerShell and Python for Incident Response and Live Forensic Applications |
|||
4:45PM–7:45PM DFIR Capture the Flag (CTF) Challenge |
||||
7:30PM–11:30PM Magnet Forensics Customer Appreciation Event |
Lab sessions marked with an asterisk are available to Law Enforcement and Government attendees only.
7:30AM–9:00AM
Registration and Breakfast
8:30AM–9:30AM
Lecture: Virtual Currency Investigations: Fear Not the Blockchains
8:30AM–9:30AM
Lecture: Internet of Things Forensics
9:00AM–10:30AM
Lab: Supporting the Unsupported: Carving, Parsing, and Creating Custom Artifacts
9:00AM–10:30AM
Lab: *More Data, Better Focus: Improve Your ICAC Investigations with AI and Categorization
9:00AM–10:30AM
Lab: AXIOM Essentials
9:45AM–10:45AM
Lecture: Windows Event Trace Log (ETL) Forensics
9:45AM–10:45AM
Lecture: IOC Easy as 1-2-3
10:30AM–11:30AM
Break and Ask the Expert Stations
11:00AM–12:30PM
Lab: *Using GrayKey and AXIOM to Acquire and Parse iOS Data That Other Tools Miss
11:00AM–12:30PM
Lab: Forensics in the Corporate Cloud: How to Conduct Office 365 and Google Suite Investigations
11:00AM–12:30PM
Lab: Cloud Forensics for Law Enforcement: Get the Evidence You Need to Move Cases Forward
11:30AM–12:30PM
Lecture: Memory Forensics: Using Memory Forensics Analysis to Guide Your Investigation
11:30AM–12:30PM
Lecture: Improvise, Adapt, Overcome: A New Mantra for Digital Forensics Professionals
12:30PM–1:30PM
Lunch
1:30PM–2:30PM
Guest Keynote by Ovie Carroll, Director of DOJ CCIPS Cybercrime Lab, SANS Instructor and Author
2:30PM–3:00PM
Break and Ask the Expert Stations
3:00PM–4:00PM
Lecture: Windows Store & Apps (APPX) Analysis
3:00PM–4:00PM
Lecture: Innovative Solutions for the Changing Nature of Digital Forensic Investigations "I'm a 19-Year Old College Student...and I Carry a Badge."
3:00PM–4:30PM
Lab: Supporting the Unsupported: Carving, Parsing, and Creating Custom Artifacts
3:00PM–4:30PM
Lab: *Using GrayKey and AXIOM to Acquire and Parse iOS Data That Other Tools Miss
3:00PM–4:30PM
Lab: From Dead Box to Live Memory: Breathing Context into Forensic Investigations
4:15PM–5:15PM
Lecture: Mobile Panel
4:15PM–5:15PM
Lecture: Leveraging PowerShell and Python for Incident Response and Live Forensic Applications
4:45PM–7:45PM
DFIR Capture the Flag (CTF) Challenge
7:30PM–11:30PM
Magnet Forensics Customer Appreciation Event
Dinner and Drinks Included