Thursday, January 6, 2011

Appalachian Institute of Digital Evidence Winter Meeting

The Appalachian Institute of Digital Evidence is Febuary 18 and 17 at the Marshall University Forensic Science Center. Registration is now open.

Registration fees are due on the first day of attendance, fees are based on AIDE membership:

Non-member Professional $50

Non-member Student $20

Current Member $0

Lunch will be provided to attendees for an additional $10 per day.

ownload AIDE Winter Meeting Registration Form

For questions please contact:

John Sammons

Telephone: 304-696-7241


Febuary 17, 2011

AIDE Winter Meeting

Information Security

10:00 am Keynote

Cyber Security, do wuh?:

Cyber Security vs Cyber Counter Intelligence.

Is it enough to just block and forget?

Rob Dixon (GPEN, GWAPT, GAWN, C|HFI, ESSE-D, SnortCP, TNAP, TNCP, TECP, A+) is no stranger to the cyber security world. Ask Rob what he does for a living and he might say, "During the day, I lead my state's Security Operations Center, but at night, I Hack Charities!".

By day, he leads the State of West Virginia’s Cyber Security Operations Center, whose mission includes Security Threat Monitoring, Intrusion Detection, Forensics Investigations, Vulnerability Management, Internet Monitoring and Filtering, Security Standards and Architecture, E-mail Encryption, E-Discovery actions, supporting the mission of the West Virginia - Information Sharing Analysis Center, Incident Response, Network Violation Management, and more.

Rob's expertise ranges from Intrusion Control Design, Cyber Forensics, Incident Management and Response, Risk Management and most recently the art of Penetration Testing. Rob participated in the 2009 DHS/MS-ISAC Defend/Capture the Flag team, with his team winning both the attack and the defend portions of the competitions, besting security teams from state governments around the United States.

Rob is also a leading member of Hackers for Charity, a non-profit organization helping to empower some of the world's neediest citizens through education and training. Rob is also the Founder and President of the 304 Geeks and AIDE supporter.

11:00 am

Radio Reconnaissance in Penetration Testing

Tired of boring old pentests where the only wireless traffic you see is 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring and exploiting a wide array of radio traffic. Real world examples illustrate how these techniques have been used to gather information on a target's physical security, personnel, and standard operating procedures.

Matt Neely (CISSP, CTGA, GCIH and GCWN) is the Profiling Team Manager at SecureState, a Cleveland Ohio based security consulting company. At SecureState, Matt and his team perform traditional penetration tests, physical penetration tests, web application security reviews, and wireless security assessments. His research interests include the convergence of physical and logical security, cryptography, and all things wireless.

Matt has spoken in the past at a number of security conferences including Rochester Security Summit, Louisville Metro InfoSec Conference, Notacon, Northeast Ohio Information Security Forum, Ohio Information Security Forum to name a few. Matt is also a host on the Security Justice podcast.

Noon - Lunch

1:00 pm

Social Engineering In-Depth

Social Engineering exploits the most vulnerable piece of your network, the user. People are naturally trusting, especially if they are interacting with someone of "power". A hacker that is a good social engineer can, in most cases, extract more information verbally than technically. Users should be trained in identifying social engineering attempts and what to do if they think they might have been duped.

Stephan Looney is a co-owner of Layer2 Security and a passionate hacker. He holds the CEH/ECSA/MCSA and various other industry certifications. Stephan's career began as an AIX administrator and evolved into development in numerous languages and eventually hacking as a profession versus a hobby. He has been doing this for about 10 years and has worked in environments as small as 5 nodes all the way to 60000+ nodes with worldwide infrastructure. Recently he had the opportunity to help write the network security exam for Brainbench as well as help write the course ware and exam for the Security and Mobility course for Apple.

Wayne Porter is a recognized expert on spyware analysis, botnets, online fraud, virtual world security and emerging social media security issues. He was the co-founder of Xblock Systems, a dedicated malware research firm. Xblock was acquired by Facetime Communications. While at Facetime he worked as the Senior Director of Greynet Research, guiding an international team of security researchers to discover and solve complex, high profile security cases such as the Orkut Worm, KMeth Worm, and the SpazBox Puzzle.

Accolades include three consecutive Microsoft Security MVP awards as well as receiving Google's Responsible Security Disclosure Recognition. He served as an expert panelist at the FTC Spyware Work shop in 2004, has presented research at RSA on botnet attacks based in the Middle East, he also holds two patents for software designed to inoculate machines against rogue software. Wayne is also a co-owner of Layer2 security.

Chris Criswell is co-founder of Xblock Systems LLC in 2002. Chris has been a professional malware buster for 10 years. Trained and lead team of specialty researchers and helped produced, Regblock and BlockList lines. Development of two patent pending policy based inoculation technologies to harden system security. Xblock Systems LLC was acquired by FaceTime Communications in May 2005. After leaving Facetime, he created his own consultancy helping companies set up enterprise level infrastructure and systems for malware remediation. He's been hooked to technology since my school unloaded the first Apple II. Chris is also a co-owner of Layer2 security.

2:00 pm

Penetration Testing - The Continuing Failures of an Industry

The Continuing Failures of an Industry: During this presentation we explore the recurring common issues of general performance irregularities in the performance of penetration tests and vulnerability assessments, failures in providing value through understanding risk, impact and vulnerabilities and finally common reporting failures.

Keith Pachulski a.k.a. sec0ps is an independent security consultant in Sterling, VA. He has been involved in the IT and Physical Security scene for over 15 years with focus on regulatory compliance, operational security management, managed IT security services, physical & IT security training, executive security, penetration testing and assessments.

Keith is also a host of the InfoSec Daily Podcast, and has spoken in the past at ShoeCon and at Hack3rCon.

3:00 pm

Blue team is sexy - refocusing on defense

The Pen Testers (aka Red Team) get all the glory... and they shouldn't! It's time the defenders get their due. This talk will illustrate the most effective defenses currently employed and provide tips and tricks for how any organization can up their game to make things much rougher on the bad guys, and better prove their worth to management so limited funding is protected appropriately.

Mick Douglas (CISSP, GCIH, GSNA) is the Consulting Systems Engineer for Information Security at OCLC - an international library cooperative. He is a community level instructor for the SANS institute and has taught SANS 504 "Hacker Techniques, Exploits and Incident Handling" and SANS 507 "Auditing Networks, Perimeters & Systems". He is a senior contributor to the PaulDotCom weekly security podcast. While Mick enjoys and actively participates in penetration testing, his true passion is defense tweaking existing networks, systems, and applications to keep the bad guys out.

In addition to his technical work, Mick jumps at every chance to participate in a social engineering engagement. Mick has a bachelor's degree from The Ohio State University in Communications. In his spare time, you'll likely find him fleeing all things electronic by scuba diving, trying in vain to improve his photography skills, and either hiking or camping.

You can follow Mick on Twitter at

Febuary 18, 2011

AIDE Winter Meeting

11:00 am


Kenneth Scott a.k.a. pwrcycle is a space cowboy who supports Free Speech, Open Source Software, and Vincent Cerf's design that there are only four network layers. pwrcycle is a Certified Ethical Hacker (CEH) and veteran Security Operations Engineer. He has defended financial institutions and hosting providers from worldwide DDoS attacks and has been part of numerous Emergency Response and Disaster Recovery events on distributed networks.

Ken has spoken in the past at the Louisville Metasploit Class and at Hack3rCon.

11:00 am

Darknets: anonymizing private networks

The basics of semi-anonymous networks, their use (political dissidence, file sharing, gaming and pr0n), how they were developed and what they mean to organizations. The main focus will be on the Tor, I2P, Freenet and anoNet Darknets, their uses and weaknesses.

Adrian Crenshaw a.k.a. Irongeek has worked in the IT industry for the last twelve years. He runs the information security website, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He's currently working on a Masters in Security Informatics, and is interested in obtaining a network security/research/teaching job in academia.

Adrian has spoken at a number of security conference in the past including DefCon, Louisville Metro InfoSec Conference, DojoCon, ShmooCon, Notacon, Phreaknic, and Hack3rCon to name a few.

Noon - Lunch

1:00 pm


Elliott Cutright (OSCE, GCIH, GSNA) a.k.a. nullthreat works for EWA GSI in Bowling Green, KY where he is a Sr. Information Security Analyst. His focus is on emerging security threats (fun), regulatory compliance(not fun) and penetration testing(very fun). He is a member of the Corelan Security Research Team and spends much of his free time fuzzing applications or writing exploits. At the end of the day, he just wants to break stuff.

Elliott has spoken in the past at the Louisville Metasploit Class.

2:00 pm

“Stratagem 1 "Deceiving the heavens to cross the sea”

(Using the 36 stratagems for Social Engineering)

There are new threats arising every day. The problem is there has been a vulnerability in the system that has not been patched since the first computer was created Humans! As the network perimeter hardens and the controls on the desktop tightens. Hackers are going back to the basics and getting through the firewall by going through the front door. They are bypassing the IPS and IDS simply by bypassing the receptionist. We look at this topic with a different viewpoint. We look at the history of social engineering from Amenhotep 3 to Sinon of Greece as well as how the culture of the country you're in dictates the strategy to use. All this shown in an offbeat way showing how 1st century strategies can still be used to break into 21st century networks.

Jayson E. Street is an author of the book "Dissecting the hack: The F0rb1dd3n Network" from Syngress. His consultation with the FBI and Secret Service on attempted network breaches resulted in the capture and successful prosecution of the criminals involved. He was an expert witness in two cases against the RIAA. In 2007 he consulted with the Secret Service on the Wi-Fi security posture at the White House. He has also spoken at DEFCON, BRUCON, UCON and at several other 'CONs and colleges on a variety of Information Security subjects.

Jayson E. Street was the co-founder and speaker of ExcaliburCon held in China. One of EC-Council's Master Instructors, specializing in Incident Handling, he is also a current member on the Board of Directors for the Oklahoma "InfraGard" and Vice President for ISSA OKC. Jayson is also a longtime member of the Netragard "SNOsoft" research team.He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006.

3:00 pm

Wikileaks Round Table Discussion

Febuary 18, 2011

AIDE Winter Meeting

Electronic Discovery

8:30am - 9:30am

Formulating and Implementing a Litigation Hold and Preparing for an Initial Conference with Opposing Counsel
Presented by: Robert F. Duncan

Robert F. Duncan’s practice is in civil litigation, with a concentration on matters pertaining to the defense of doctors, hospitals and other healthcare providers in medical professional liability actions, matters involving complex insurance issues and insurance bad faith, products liability and construction. He also serves regularly as a mediator.

Mr. Duncan is a frequent author and lecturer on topics pertaining to medical professional liability and insurance. He holds a degree in civil engineering and has served as an adjunct professor at the University of Kentucky College of Law. Mr. Duncan was twice elected to the Lexington-Fayette Urban County Council and has served as an administrative law judge for the Kentucky Cabinet for Health and Human Resources. He manages the Lexington, Kentucky, office of Jackson Kelly, PLLC.

9:40am - 10:40am
“Surfing for Evidence”: Locating Internet Data in Today’s Digital World
Presented by: Emily Renzelli

Emily M. Renzelli is a student at the University of Virginia School of Law, where she is a member of the International Negotiations team and Public Interest Law Association and serves as an Articles Editor for the Virginia Environmental Law Journal. Ms. Renzelli recently clerked at Jackson Kelly PLLC, where she co-authored (with William J. Powell) a Defense Research Institute article entitled “Corporate Miranda: Not Just for Criminal Lawyers.”

Originally from Bridgeport, West Virginia, Ms. Renzelli graduated summa cum laude from West Virginia University. There, she was a member of the debate team and Phi Beta Kappa and was named a USA Today Academic All American. Ms. Renzelli also studied in Stellenbosch, South Africa, where she worked at a Legal Aid Clinic researching the legal rights of individuals with HIV/AIDS. In her free time, Ms. Renzelli choreographs for the Virginia Law Libel Show and enjoys traveling abroad.

11:00am - 12:00am

E-Discovery Search Concepts 101 - Translating Technology into Practice
Presented by: J. Eric Whytsell

J. Eric Whytsell represents a wide variety of clients on federal, state and local procurement matters. He works regularly with government contractors and subcontractors to ensure compliance with business ethics and conduct requirements, labor standards, security clearances, export controls and sourcing restrictions.

Mr. Whytsell has extensive experience counseling software and information technology services firms about the unique risks and obligations involved in government contracting and negotiating contracts with government agencies and prime contractors for commercial products and services. Mr. Whytsell has helped both private companies and public entities to design, establish, and implement procurement systems. He lectures and conducts training on federal procurement, contractor compliance, intellectual property rights in government contracts, and export controls.

Mr. Whytsell is a member of the American Bar Association’s Section of Public Contract Law and its Strategic Alliances, Teaming, and Subcontracting Committee and serves as a Vice-Chair of its Committee on Cybersecurity, Privacy and Data Protection. He manages the Washington, D.C., office of Jackson Kelly PLLC.

3 hrs CLE credit pending in WV, KY, and OH

Febuary 17, 2011

AIDE Winter Meeting

Digital Forensics

Peer-to-Peer Network File Sharing Investigations
Presented by: Corporal Robert J. Boggs, West Virginia State Police

The explosive growth of the internet and peer-to-peer networks has spawned a threat far greater than pirated music and movies. Images of child sexual exploitation are traded over this network in staggering amounts. Understanding peer-to-peer file sharing programs that utilize the Gnutella network protocol is a critical skill for digital forensics professionals. This in depth presentation will cover all aspects of case development from end to end including recovery of artifacts from the Windows Registry and operating system.

Corporal Robert J. Boggs is a 13 year veteran of the West Virginia State Police and is assigned to the Crime Against Children task force. Cpl. Boggs had been assigned to the Digital Forensic Unit for 5 years and is responsible for all examinations for the southern part of West Virginia. Cpl. Boggs assists many local, state, and federal law enforcement agencies with high tech criminal investigation and digital forensics analyses. Cpl. Boggs has attended many advanced course regarding digital forensics from both government and private entities.

iOS File Systems and Artifacts
Presented by: Christopher Vance, Marshall University Forensic Science Center

Apple devices are everywhere and as such need to be understood by digital evidence professionals. This presentation will explore the process of uncovering the artifacts hidden among the iOS file systems. Chris’s presentation will include an overview of iOS devices, the file system structure, acquiring the file system, and artifact recover including preferences, SMS messages, calendar, notes, web history, etc. In addition, he will also examine the changes in the file system between different versions, getting around password protection, and understanding the backup process.

Christopher Vance is a Digital Forensic Specialist employed by Marshall University. Chris is a graduate of Marshall University (Cum Laude), receiving a BS degree specializing in Digital and Multimedia Forensics. Chris currently works in the West Virginia State Police Digital Forensics Unit. Chris specializes in mobile device forensics, having analyzed over 150 devices.

Cloud Forensics: A Reader’s Digest Look
Presented by: John Sammons, Assistant Professor, Marshall University Department of Integrated Science & Technology

Cloud computing is here, like it or not, and being used by good and bad guys alike. Digital evidence practitioners need to understand this new computing paradigm in order to overcome the significant challenges it presents. John’s presentation will cover a basic overview of cloud computing, its common uses, and the forensic challenges presented by this exploding computing model.

John Sammons is an Assistant Professor in the Marshall University Department of Integrated Science and Technology. John teaches digital forensics, forensic science and electronic discovery on the MU main campus. He is also an Adjunct Faculty member at the MU Forensic Science Center. During John’s many years’ working with digital evidence, he has completed numerous training courses from a variety of entities including AccesData and Guidance Software. John is a certified AccessData instructor and examiner. John, a former Huntington Police officer, is also a certified electronic discovery specialist by Kroll OnTrack.

LET Credit Pending