(Lead) Rob AttoeCEO Spyder Forensics
Rob is the CEO and Founder of Spyder Forensics, where he heads operations, business development, and growth of the business. Rob is an accomplished instructor who develops course content for the digital investigations community that is delivered across the globe to state and local law enforcement personnel, ensuring the curriculum and delivery concepts are of the highest standards within the industry. He is an author and contributor to the production of customized courses tailored for digital forensic practitioners and corporate entities. Rob leads the research into forensic artifacts found on various digital devices and regularly presents his findings at international conferences.
Rob has over a decade of experience developing and presenting training on Digital Forensics, Cyber Security, Mobile Forensics and eDiscovery education programmes for the global digital investigations community, having previously held the positions of Vice President of Training at Cellebrite, Senior Vice President of Global Training at Nuix and Director of Training at AccessData. He has also held positions as a Computer Crime Specialist with the National White Collar Crime Centre, where his primary focus was on research and development of a file system analysis and automated forensic tool curriculum, and with the UK’s Kent Police as a Forensic Computer Analyst.
As a long term member of the International Association of Computer Investigative Specialists (IACIS), Rob instructs regularly at the association’s annual conferences and is a lead instructor for the Advanced Windows Forensic course as well as regularly presenting at the premier international digital forensics conferences such as High Technology Crime Investigation Association, Department of Defence Cyber Crime, F3 Annual Workshops and Internet Crimes against Children taskforce. Rob has contributed to digital forensic publications and is a subject matter expert to various course for the ATA program managed by the State Department in the USA. Rob continually develops solutions to identify and report on new forensic artifacts on emerging technologies which he shares on open and closed forums.
Dave ProulxDirector of Digital Forensics
Dave is the Director of Digital Forensics for IntelliGenesis LLC. He is an accomplished instructor and has been teaching Digital Forensics, Cyber Investigations, and Law Enforcement for over a decade. He served as a vetted instructor for the United States State Department’s Anti-Terrorism Assistance (DS/ATA) Cyber Terrorism Task force completing several international training missions in across the globe including Kingston, Jamaica, Sarajevo, Bosnia, and Mexico City, Mexico. He has been vetted by the National White Collar Crimes Center (NW3C) for Law Enforcement and currently serves as an instructor for BlackBag Technologies, Spyder Forensics, Traversed and IntelliGenesis.
Dave served 20 years in law enforcement, including his nine years in Digital Forensics where he was assigned to the HSI and Maryland Internet Crimes Against Children Taskforce.
In addition to his criminal investigative work in digital forensics Dave was the co-founder of Valor Digital Forensics LLC where he serves as an digital forensic and eDiscovery expert witness in civil litigation cases. Expanding his expertise into civil litigation Dave has conducted hundreds of digital forensic investigations in both criminal and civil matters and is highly experienced working cases related to Intellectual Property Theft, Software Piracy, Alimony, Separation & Divorce, Custody, E-Discovery, Electronically Stored Information (ESI) and criminal investigations.
Mr. Proulx is an expert in performing forensic investigations on devices based on Apple’s macOS and iOS operating systems.
DIGITAL FORENSIC FOUNDATIONS & INTERMEDIATE WINDOWS ANALYSIS – December 16 – 19, 2019
This is a four-day course is designed for the junior level investigator/examiner or as a refresher course to seasoned examiners. This course provides the fundamental knowledge to comprehend and investigate incidents and covers in depth architecture and functionality of the most common File Systems including NTFS, FAT16, FAT32 and exFAT. This course dives deep into related metadata pertaining to stored objects on any physical storage media device. Attendees will gain insight into partitioning structures and disk layouts and the effects of formatting and data alternations can have on volumes that contain existing data. File management and directory structure characteristics will be examined in detail as well as techniques for recovering data and discovering potential evidence that maybe pivotal to a successful examination. This will be followed by topical areas of interest to include file headers and file hashing and recovery of deleted files. Finally we will cover how to perform basic analysis of a windows-based (Windows 8/10) operating system. This course incorporates an investigative scenario, providing hands-on experience with examination of collected evidence.
What You Will Learn:
Discuss Digital Forensic Foundations & Types of Forensic Analysis
- Outline the different types of analysis the examiner will encounter
- Discuss the challenges of each and questions that need to be asked before an examination begins
- Describe the forensic and incident response & outline Outline the workflow
- Discuss the role of the incident first responder
- Review best practices in evidence handling & collection (seizure)
- Discuss How-to-Address Encryption (e.g. BitLocker & File Vaulted systems)
- Review Triage, Network & Live RAM capture considerations
- Review Concepts of a the digital fingerprint, HASHing (MD5,SHA1/256), & protecting the integrity of the digital evidence
- Discuss workflow options and various approaches to road-blocks, and available resources to be a more successful digital forensic examiner
Disk Structures, Partitioning, Formating and
- Learn data storage concepts (bits & bytes) and where data is stored (sectors and clusters)
- Describe the differences between MBR and GPT partitioned disks
- Perform Hands-on exercises breaking down VBR, MBR and GPT information
- Learn how to locate and recover deleted partitions and use what you have learned to validate forensic tool disk information parsing
File Systems Deep Dive
- Break down and get an in-depth look into the functionality, and structure of the FAT/FAT32/exFAT & NTFS file systems
- Dive deep into the functions of the File Allocation Table, Master File Table, Volume Boot Record, NTFS Bitmap and more
- Examine Various File Allocation Attributes, and learn how to identify resident and non-resident files and contiguous and fragmented files
- Learn what occurs in the file systems when data is created, modified and deleted and how to locate and carve deleted files using various Allocation Attributes
- Perform a number of hand-on forensic analysis of these file systems to process and recover deleted files and partitions using various forensic tools
Windows Triage & Intermediate Forensic Analysis
- A review of the forensic examination steps on current Windows-Based Operating Systems (Windows 10 covered; 7/8 discussed )
- Learn about the key areas pertaining to user and system activity such as the windows registry, system events, recycle bin, shell bags, jump lists, and various program execution log files
- Learn how to examine these user and system areas to find more evidence and answering more questions in your examinations
- Perform Hands-on exercises to perform an analysis of collected evidence (windows based operating system) using industry standard tools
This course incorporates an investigative scenario, providing hands-on experience with examination of collected evidence .
PRESENTED BY: SPYDER FORENSICS