)
)
)
)
){kind=logo}
8:00 AM
8:30 AM
-
Meeting Room 104/105This session provides hands-on instruction in using open-source tools for mobile and digital forensics. Attendees will gain practical experience acquiring, parsing, and analyzing data from both Androi …
-
Meeting Room 206/208It began in the late 1980's with the emergence of personal computers using spreadsheet software to build huge end-user ad hoc desktop applications without the involvement or approval of the Informatio …
-
Meeting Room 202/204The spreadsheet of doom—that sprawling tracker of timelines, observables, and case notes—remains the backbone of incident response at top firms. AI should help here. Often it doesn't. This session sha …
-
Ballroom CeCall and vehicle connectivity modules store critical forensic data generated during vehicle operation and emergency events. This presentation examines how such data can be extracted and analyzed in …
-
Ballroom BBYOD Hands On Lab: Digital investigations do not slow down because of a lack of data. They slow down because of too much of it. This hands‑on lab shows participants how to precisely filter investigato …
-
Meeting Room 106/107The goal of this session is to educate law enforcement about the Snapchat application and ways to work with the Snapchat Law Enforcement Operations team. This session will cover what data might be ava …
-
Ballroom AAs modern smart devices and applications continue to implement stronger security controls, password and passcode recovery has become an increasingly critical and often time-sensitive component of digi …
-
Meeting Room 102/103Follow a real investigative case involving two brothers selling illegal firearms through Instagram, and how analysts connected the dots by using OSINT techniques and evidentiary data in parallel. Dive …
.jpg)
.jpg)
9:30 AM
-
Meeting Room 102/103Traffickers increasingly exploit technology to groom, recruit, and control victims. This session highlights how multidisciplinary teams—analysts, prosecutors, and social workers—collaborate throughou …
-
Meeting Room 106/107Case study involving a husband and wife, Alexandria Stevens and Michael Taylor, who produced CSAM with the wife's 7 year old sister, attempted with her minor brother as well, and solicited children on …
-
Meeting Room 202/204This session explores how AI-powered deepfakes can alter faces, voices, and messages, featuring real demo of what current tools can create. This session will share how deepfakes can be used to deliver …
-
Ballroom CDigital forensic investigations often assume evidence will surface through artifact recovery. This session examines a serial homicide case where repeated extractions produced nothing—and that absence …
-
Ballroom AThe 6 pillars of digital evidence form a comprehensive framework for investigators to collect, analyze, and leverage data in the digital age. Understanding the strengths, challenges, and methodologies …
10:30 AM
-
Ballroom CIoT devices are everywhere and causing potential chaos with the data they collect and store. With risks to digital security and information sharing they are becoming a prime suspect in digital eviden …
-
From Fragmented Signals to Convictions: Solving a Cross-Border Murder Through Fused Digital EvidenceMeeting Room 202/204Attendees will learn how cloud-based criminal analytics enabled investigators to correlate communications, movements, and digital identities; reconstruct timelines across borders; and expose hidden co …
-
Meeting Room 206/208As investigations span physical devices, removable media, and legacy data, maintaining a defensible digital chain of custody is increasingly complex. This session examines practical, process-driven be …
-
Meeting Room 106/107This session will cover human trafficking trends in crypto, highlighting the forced labor behind many crypto scams, covering a case study of CSAM and live streaming abuse in the Philippines, and highl …
-
Ballroom BA breakdown of what was released over the past year. What was added, and what is coming. The future is brite!
-
.jpg)
.jpg)
11:30 AM
-
Meeting Room 202/204This session provides responders with an in-depth analysis of the evolving ransomware threat landscape, examining how major ransomware groups have adapted their TTPs over the past year. Drawing from …
-
Ballroom CDigital investigations are evolving faster than most traditional forensic tooling can adapt. In this session, we’ll explore why modern investigators benefit from adopting developer-style tools—includi …
-
Ballroom BExtraction of data from mobile devices is a crucial step for any investigation. There are many challenges and nuances involved in this stage, in this talk we will explore some of those challenges and …
-
Meeting Room 106/107This session examines how digital exploitation and trafficking investigations are shaped by investigative tradecraft influenced by registry-based and monitoring systems. It will explore how reliance o …
-
Ballroom AIf your workflow involves sending files back and forth, renaming them “final,” and hoping everyone is looking at the same thing… this one’s for you. UNIFY changes the game by allowing investigators an …
-
Meeting Room 206/208An in-depth look into the investigation of TD Bank. Agents will discuss where it started, typologies the bank failed to catch, and AML areas that were the bank was criminally non-compliant. The presen …
-
Meeting Room 104/105Digital forensics labs today are tasked with ever-increasing caseloads, strained budgets and resources, and new compliance requirements, among other challenges. Whether you’re managing a small lab or …
12:20 PM
2:00 PM
-
Meeting Room 202/204Open-source information is increasingly distorted by synthetic content, false identities, and deceptive digital activity. This session teaches practical methods to validate OSINT data in investigatio …
-
Meeting Room 206/208As the crypto industry strives for legitimacy, a shadow economy persists. This session uses blockchain data to uncover how criminal syndicates obfuscate capital flows. We reveal over 32,000 annual "tr …
-
Ballroom CTest points have long been used in mobile forensics to place devices into specific operational modes for acquisition and analysis. This session will provide a deep dive into test points, focusing on h …
-
Meeting Room 106/107This session provides law enforcement with an overview of the Roblox platform, its safety and parental control features, and how to work effectively with Roblox to obtain timely responses to lawful re …
-
Ballroom AWhat does the Magnet Verify team do after revolutionizing media authentication with a novel, patented approach to file structure analysis? They continue to research and innovate to find yet another ne …
-
Ballroom BArtificial Intelligence (A.I.) is everywhere these days. From customer service centers to courtrooms, it has permiated into many professions with the promise of saving time and making people more effi …
-
Meeting Room 102/103The proper handling of cell phones and other mobile devices as forensic evidence, from the point of seizure through analysis, can be complex. Agencies often follow different procedures, which can crea …
.jpg)
3:30 PM
-
Meeting Room 206/208In today's digital age, the impact of cybersecurity breaches on organizations can mirror the profound effects of personal loss, leading to what can be described as 'cyber grief.' This session explores …
-
Ballroom CThe era of collaboration in Law Enforcement forensics is on the rise. The job that used to be performed by a lone examiner in a small room can now be distributed across teams. How can it best be done …
-
Meeting Room 106/107In 2024 the NC SBI Computer Crimes Unit along with more than 40 local, county and federal law enforcement agencies conducted a multi-agency operation known as “Operation Winter Guardian”. This operati …
-
Meeting Room 202/204A case investigation where one CyberTip Report referred from the National Center For Missing and Exploited Children, containing one Child Sexual Abuse Material image uploaded to Dropbox, Inc., result …
-
Ballroom AAs mobile devices increasingly limit the availability of persistent network artifacts, volatile memory has become a critical, yet underutilized source of evidential data. This session explores how MAC …
-
Ballroom BJoin Cellebrite's 101 with a open mic session where you can ask your questions, about decoding, extracting, artifacts, and anything in between.
.jpg)
.jpg)
4:30 PM
-
Meeting Room 104/105Step into a hands-on ransomware investigation designed for real-world incident response. In this interactive CTF, participants—competing individually or as part of a team—will analyze authentic artifa …