High Technology Crime Investigation Association
Prev MonthPrev Month Next MonthNext Month
“HTCIA Ottawa welcomes Dr. Brian Carrier! - Zoom Webinar”
Tuesday, June 09, 2020, 6:00 PM - 7:30 PM EST
Category: Webinar

*** This Zoom Webinar is open to ALL HTCIA Members Internationally - Register Below ***

HTCIA Ottawa Chapter welcomes Dr. Brian Carrier !!!

Brian leads the digital forensics team at Basis Technology (www.basistech.com), which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book “File System Forensic Analysis” and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon) and has been on the committees of many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.

For this webinar Brian will present two (2) 30-minute talks:

What's New in Autopsy

Even as free and open source software, Autopsy is constantly adding new features. In this talk we'll review some of the more recent ones.  We’ll talk about portable cases that allow you to share data with colleagues, making correlations between devices and cases to gather intelligence, and expanded triage capabilities to make faster decisions. We’ve also added in support for more web browsers, OCR, and machine translation. Plus, you can view more file types and draw tags on top of pictures. You can also now collect data from a live Windows system with the logical imager tool.

Autopsy is used by thousands of investigators around the world and has a powerful plug-in architecture that enables 3rd party developers to make plug-in modules. Come attend this talk to learn about the features you didn’t yet realize existed.

Divide and Conquer DFIR process

Investigating intrusions can be a daunting task for many forensics investigators because there are so many places that you need to look for possible evidence. You are investigating someone who is most likely trying to hide some of their tracks.

In this talk, we’ll cover our framework for how we teach incident response: Divide and Conquer.   The basic concept is to start with the abstract investigative question you need to answer, such as “is there malware on this system” and break that up into smaller and smaller questions that can be answered with data.  This will lead you to topics such as where malware starts, what malware is like when it runs, and what traces malware may leave behind.

This talk is an overview of the concepts that are covered in more detail on our blog posts.