Larry Leibrock

Abstract

 

The forensics examiner's (FE) role in some national-security investigations is undergoing significant change. There are tensions between laboratory forensics examination and on-site exploitation of devices of intelligence interest. Increasingly some FE's are taking a role in coordinating the collection plan, site exploitation and in some cases full-spectrum evidence/intelligence collection to support targeting and actioning high-value-individuals. 

In this workshop, participants will be guided through a case study of an intelligence-based terrorist narrative. We will review the issue of understanding the target's lifestyle or pattern of life. Then, we will discuss the investigation of edge devices and the cloud. Next we will collectively critically assess the description of the forensic collection plan and associated checklist. Last, participants will be provided with messaging traffic and other forensic artifacts for analysis. 

A Windows-based notebook and portable storage of at least 128 GB (at a minimum) are necessary to participate in the workshop.