Location: Capitol College, Avrum Gudelsky Memorial Auditorium
Apple's File Vault - How Secure is it?
Computer Forensics Senior Professional
This topic will cover new discoveries in Apple's File Vault technology. Sean Morrissey is a Computer Forensic Senior Professional for CSC. Sean's background is in law enforcement and the U.S. Army. Sean's focus has been on Apple's iPhone and Mac operating systems forensics. He is presently an instructor in Computer Forensics at the Defense Cybercrime Center (DC3). Sean contributed as lead author to Syngress's "Mac OS X iPod, and iPhone Forensic Anaylsis" book.
The First 120
Mr. Dale Beauchamp
Branch Chief Digital Forensics
Transportation security Administration (TSA)
“The First 120” This topic references the use of live forensics during an incident response to investigate any given incident from report to containment in 2 hours or less. Similar to solving murder cases in the first 48 hours it is crucial to investigate incidents to closure quickly and completely. This technique answers both the pressure from management and the need to accurately eject attackers from the enterprise. Use of this rapid response technique has been a proven effective method in limiting the time attackers have to dig in and change their tactics to avoid detection. The tools and processes to meet this task will be discussed in detail to include a real world case example.
Dale Beauchamp currently serves as Branch chief of Digital Forensics for the Office of Information Security for TSA. Dale previously served as Senior Forensics and Intrusions Instructor for the Defense Cyber Training Academy. As an instructor for DCITA he developed and delivered courses for federal state and local law agencies engaged in the investigation of high technology crime and intelligence gathering. Dale has seven years law enforcement experience as a Maryland State Trooper. As a Trooper he was assigned to the Computer Crime section. Where he worked as a Computer Forensic Investigator providing, detailed digital forensics analysis support to a host of criminal and administrative investigations. Additionally he has served as the Senior Forensics Analyst for the Transportation Security Administration’s, Incident response and Forensics team. While on the TSA incident response team he performed detailed forensics analysis and provided support for a variety of administrative and criminal investigations. Dale has a Bachelors of Science degree from the University of Baltimore in Business Administration.
The Big Picture: Web Risks and Assessments Beyond Scanning
Web Application Security SME / Pent-Test Lead
This talk is an unabashed look at the role and limitations of automated technologies in a complete web risk assessment by an industry pioneer and veteran. Whereas once a good web scanner could be thought of at the sum total of a strong web application security program, now it's only the beginning. We will look at a broader picture of web risks and their associated threats, and what assessment techniques and technologies can be applied to them.
Matthew Fisher was the first Security Engineer hired by what was arguably the most successful web application scanner manufacturer in the industry and was instrumental in building the web application security industry. He recently left Hewlett-Packard (which acquired his former company in 2007) to start Piscis; a unique consulting company that 'blackboxes' the industry's best veterans to organizations that would otherwise be unable to obtain their resources. Under Piscis, Matt is currently providing services to a government security agency, and leads the Penetration Testing team while also implementing a holistic software assurance program. He has several original vulnerabilities, exploit and testing techniques to his name, and is an accomplished writer and speaker. He has presented at ShmooCon, ToorCon, Gartner, CSI, the NSA's ReBl conference, and many others. This is his 4th year presenting at the DoD Cybercrime Conference.