Date and Time:
Tuesday, March 19, 14:00 – 18:00

This workshop is provided only face-to-face.

Description:

This hands-on workshop teaches a methodology for mobile forensic analysis of unsupported applications and artifacts. It teaches a five-part methodology; Discover, Test, Parse, Find, and Script. These are necessary skills to parse 3rd party applications to tell factual stories and make scientifically logical inferences based on the presence or lack of data. The workshop addresses common file locations, file system artifacts and their importance to mobile investigations, and how to make logical deductions based on recreating the digital environment with the same hardware and software. This workshop is both theoretical and practical, offering attendees the chance to properly generate and analyze test data as it pertains to their investigation. This methodology equips investigators with the thought process needed to decode application data when analyzing it for the first time. This methodology also encourages investigators to automate and share their findings, in turn continuing to pour back into the digital forensics space with new community-driven contributions. This workshop focuses on using open-source software for analysis to increase accessibility.

Preparation Details:

Participants can best prepare for the workshop using this link below, which includes instructions, walkthroughs for the workshop and tool downloads. The hands-on portion of the workshop requires the use of Autopsy (version 4.21.0) and a SQLite Viewer.

https://drive.google.com/drive/folders/1XGUfh1zg9olp_uAfF76p8x6JVZfTy5OV

Workshop organiser:

 

Dominique Calder is a Senior Technologist at Hexordia and PhD candidate at George Mason University. She has spent over a decade dedicated to the cybersecurity industry through incident response and digital forensics. Prior to joining Hexordia, Dominique spent time protecting and leading investigations for US Government agencies. She later moved onto private sector and became a founding member of the Digital Forensics and eDiscovery team at TikTok. Dominique’s academic contributions to the field include researching sub-block forensics and correlating files using decay pattern analysis. Her research has been recognized by the National Center for Women in Computing (NCWIT) and George Mason University for the advancement of socially conscious engineering. Dominique has been invited to teach internationally and helped strengthen digital forensics efforts in Lesotho, Southern Africa as a volunteer. She hopes to continue those contributions to both academia and to the DFIR industry.

Frank has been involved in computer security and digital forensics for over three decades. He is currently Director of R&D at Hexordia. In 2017, he founded NFA Digital and provided consulting in computer security and related areas. Prior to that, he served as Director of Engineering for Cayuga Networks, supervising the engineering team and leading the testing group on a product to detect attacks on web servers for large organizations. As the Technical Director of Computer Security at ATC-NY, he was the principal designer of a live forensic investigation product and has worked in live investigations since 2002. He was the principal investigator on numerous research and development projects in security, wireless networking, and intrusion detection, and created and taught several training courses. He has co-authored a book on Mobile and Pervasive Computing and has participated in DFRWS since its inception in 2001.