The “Road to CEIC 2012” is a series of blog posts on all things CEIC (@CEIC_Conf), before, during and after, from an insider’s point of view.
With breakfast at 7am on Tuesday, 22 May, the first full day of CEIC v12 started off with networking and reunions. I was pleasantly surprised to see another US Army CID buddy who received last minute authorization to attend and had arrived at 1am…he appreciated the coffee!
By 7:50am, the Cyber Response lab room was already full; a trend that is prevalent throughout the conference. As @CernamOwen noted, “People at #ceic2012 are amazingly punctual - 15 minutes to go and the room is filling up.” The first lab was EnCase Cybersecurity: Automating Incident Response, presented by the Guidance Software, Inc. developers who actually created the software: Ambreesh Bhagtani, manager of enterprise application development, and Jason Fredrickson, senior director of enterprise application development. Ambreesh and Jason demonstrated how to use the APIs in EnCase Cybersecurity for automated incident response, by integrating with a Security Information and Event Management (SIEM) tool as a triggering system. You can see a video demonstration of the integration here.
The Industry Keynote followed at 9:30am, with General Richard Myers, Retired, 15th Chairman of the Joint Chiefs of Staff. In 2005, General Myers wrote the rules on governing cyber attacks, which applied to internal DOD networks and governed what actions could be taken if those networks were breached. In his address, General Myers discussed three topics on future security: 1) What threats will endure, 2) How will the United States Respond, and 3) How will International organizations assist? @CEIC_Conf carried live tweeting of General Myers remarks; and one of the primary enduring threats he covered was Cybersecurity and network intrusions. Before taking questions, General Myers thanked the CEIC attendees for their work in securing our future from these threats.
The Exhibit Hall opened for the first time after the Keynote, where we grabbed a refreshment and checked out several booths of the 53 sponsors, before heading back to the sessions. The Search for a Holy Grail: Attribution continued the Cyber Response track, presented by Tim Dillman, director at KPMG. Tim took the attendees through the three ‘levels’ of identification (IP address, device, and user); and freely shared the tools and techniques he uses for attribution (i.e., user identification) for prosecution.
A fun factoid about CEIC: over 4,300 lunches will be served this week. The conference hall filled for lunch, so we overflowed to the pool for sun and more connecting. Dessert was back in the Exhibit Hall, where we had the opportunity for a hands-on demo of the new Tableau TD3 Forensic Imager and learn about the EnCase v7 Transition training and certifications. Some other fun facts: with 11 tracks to choose from, there are over 80 presenters sharing over 110 labs and presentations this week, with 496 lab computers and nearly 13,000 session seats available. Fortunately there is standing room, as every lab I’ve visited to date has been filled past the available seating, by the stand-by attendees grateful to get in the rooms.
After lunch, Paul Nichols and Brian Hussey, of Harris Corporation conducted the Cyber Response lab Dynamic Malware Analysis of Emerging Threats. This was an intense hands-on lab, with two VMware machines for sandbox dynamic analysis of a live kernel level rootkit. Paul and Brian kept the attendees on track with excellent instruction skills and step-by-step documentation.
The final Network Forensic Investigations of Hacking Incidents lab of the day was Network Forensic Investigations of Hacking Incidents, with Ondrej Krehel, CISO of ID Theft 911, LLC. Ondrej led a hands-on lab with open source network forensic analysis tools, demonstrating how captured traffic can be analyzed and reconstructed. Advanced hacker tools can compromise systems, without leaving traces on hard disks; thus requiring volatile data and/or network forensic analysis. This lab exposed me to new techniques and ideas, well done!
Happy Hour at the Exhibit Hall wrapped up Day Two from 5:30 – 6:30pm. Meanwhile, over a dozen dedicated candidates took the opportunity to sit for the EnCE and EnCEP tests, free at the conference; while the rest of use enjoyed the hospitality. The EnCase App Central (#EnCaseAppCentral) was officially announced to the rest of the world today, with over 30 programmers having now joined the Developer Network, thanks to the work of Simon Key (@SimonDCKey) and James Habben. They were observed speaking about a new EnScript idea with Shawn McCreight, Jason Fredrickson and Dominik Weber, serious Brain Power at CEICv12!
Jessica Bair
Senior Director, Curriculum Development
@jessicambair
No comments :
Post a Comment