The “Road to CEIC 2012” is a series of blog posts on all things CEIC (@CEIC_Conf), before, during and after, from an insider’s point of view.
The final day of CEIC v12 started a little later, allowing attendees to pack, check-out and have a little more coffee before the 20+ sessions began at 8:30am. In the Cyber Response Lab, the room overflowed with the stand-by attendees anxious to learn more about the hot topic of Collection and Analysis of RAM (Physical Memory) by Mike Webber, owner of BitSec Global Forensics. Mike shared the importance of properly seizing and analyzing the contents of physical memory (RAM) using open source and commercially available tools, such as EnCase EnCase Forensic WinEn, EnCase Portable, EnCase Enterprise and EnCase Cybersecurity. Mike then took the attendees through several practical exercises reflecting real-life scenarios and the opportunity to practice with the tools in the lab. We then moved to analysis of the volatile data, including correlating with the static forensic evidence.
After a short break, we wrapped up the Cyber Response Lab track with an encore presentation of the popular lab Memory Analysis & Malware Triage by David Nardoni, director at PWC, and Jef Dye, manager at PWC. David and Jeff did a great job in taking the eager attendees through an overview of commercial and free tools for live memory collection and analysis. Then they covered core malware triage techniques, with tips & tricks and how to avoid common pitfalls.
Our thanks to the excellent presenters who made the Cyber Response Labs track such a popular venue and successful experience for the attendees. We extend that appreciation to all those who made the other ten tracks successful, and together made CEIC v12 such a comprehensive event; premier in the depth and breadth of digital investigations. It was gratifying and humbling to have so many folks stop me throughout these past four days; to share how impressed they were with CEIC v12, and appreciative of the work and resources invested to make it the best conference possible.
As I was walking back to the Training Department “war room” from the last Cyber Response Lab, I was stopped by our new sales account executive for Latin America, who asked if I could do a “quick demo” of EnCase Cybersecurity before our TechBiz business partner and two groups of customers from Brazil. I knew I would miss my airport shuttle and made fast bargain: a demonstration and discussion for a ride to the airport afterwards. He readily agreed, and we set up in a boardroom for the impromptu meeting. For the EnCase Cybersecurity course, we have a full network setup in Pasadena for the classroom instruction, including workstations, Exchange server, file server, and targets; and I had it prepared for a course in the United Kingdom next month. I was able to connect with terminal services over wireless to the network; and an hour later the questions and scenarios they had were exhausted and broad smiles remained. The customers, the partner and the account executive were amazed at the power, versatility and flexibility of EnCase Cybersecurity. It was a fun reminder of why I enjoy my career every day: the opportunity work with great people and to share this incredible technology with digital investigators; who use it to make our world a little safer.
It was a capstone experience for a wonderful week…and I still made my flight on time. As @EPYX_Pete tweeted, “#CEIC2012 is a wrap! Thanks to all for a great conference once again. Made some great new contacts. See u in Orlando #CEIC2013 ”.
Senior Director, Curriculum Development