Podcasts about htcia

Art is cybercrime expert with almost 40 years of experience in law enforcement and corrections. About my Guest Art Boker: Art is cybercrime expert with almost 40 years of experience in law enforcement and corrections. He has been recognized with top awards for his work in promoting cybercrime awareness and control tools within community corrections, including honors from the American Probation and Parole Association and the Federal Probation and Pretrial Officers Association. In 2016, he received the High Technology Crime Investigators Association (HTCIA) Lifetime Achievement Award, underscoring his contributions to the field. Art is a lifetime member of HTCIA and former International President. He is the author of The Cybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century and coauthored with Todd Shipley Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace. His and Todd's second upcoming book Surviving a Cyberattack: Securing Social Media and Protecting Your Home Network, is set for release this fall. --- Help Support the show through my Business Partners :    Find Virtual Assistants at https://va.world/   Upgrade Your Brain    Unleash & Use Your Uniqueness   https://braingym.fitness/⁠    -------------------------- Awakening Podcast Social Media / Coaching My Other Podcasts    ⁠⁠⁠https://roycoughlan.com/⁠⁠   Health & Wellness Products   https://partnerco.world/   My Website https://partner.co/?custid=N6543249    ------------------ What we Discussed:   - How he got into Cyber Crime ( 2 mins) - The elderly are attacked more often ( 7 mins) - Criminal Organisations involved in the Scams (8:30 mins) - Using fake Voices (11:45 mins) - The danger of Ai and having a passphrase (14 mins) - Tech fraud scams (17 mins) - How I fell for a fraud and Remittle not worth using ( 21:45 mins) - How to Stop the Scammers (23:45 mins) - Should you have a password manager on the cloud (28:45 mins) - People threating you pretending they know what you are doing on your computer (32 mins) - Targetting Minors (33 mins) - How do we protect the kids (36 mins) - Fake news online ( 40 mins) - Getting your phone hacked ( 42 mins) - Spyware software are they dangerous (46 mins) - What happens to the scammers that are caught ( 49 mins) - Are VPN's traceable (51 mins) - How to protect your blockchain (54:45 mins) - Digital Assets will's (57 mins)   How to Contact Art Boker :   https://thecybersafetyguys.blog/   https://twitter.com/Computerpo https://www.instagram.com/computerpo/ https://www.facebook.com/groups/Cybersafetyguys https://www.linkedin.com/in/artbowker ------------------------------ More about the Awakening Podcast: All Episodes can be found at www.awakeningpodcast.org     Help Support the show through my Business Partners :   Upgrade Your Brain    Unleash & Use Your Uniqueness   https://braingym.fitness/⁠    -------------------------- Awakening Podcast Social Media / Coaching My Other Podcasts    ⁠⁠⁠https://roycoughlan.com/⁠⁠   Health & Wellness Products   https://partnerco.world/   My Website https://partner.co/?custid=N6543249   Our Facebook Group can be found at https://www.facebook.com/royawakening  

Art is cybercrime expert with almost 40 years of experience in law enforcement and corrections. About my Guest Art Boker: Art is cybercrime expert with almost 40 years of experience in law enforcement and corrections. He has been recognized with top awards for his work in promoting cybercrime awareness and control tools within community corrections, including honors from the American Probation and Parole Association and the Federal Probation and Pretrial Officers Association. In 2016, he received the High Technology Crime Investigators Association (HTCIA) Lifetime Achievement Award, underscoring his contributions to the field. Art is a lifetime member of HTCIA and former International President. He is the author of TheCybercrime Handbook for Community Corrections: Managing Offender Risk in the 21st Century and coauthored with Todd Shipley Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace. His and Todd's second upcoming book Surviving a Cyberattack: Securing Social Media and Protecting Your Home Network, is set for release this fall. ---Help Support the show through my Business Partners :  Find Virtual Assistants at https://va.world/ Upgrade Your Brain  Unleash & Use Your Uniqueness  https://braingym.fitness/⁠  --------------------------Awakening Podcast Social Media / Coaching My Other Podcasts  ⁠⁠⁠https://roycoughlan.com/⁠⁠ Health & Wellness Products https://partnerco.world/ My Website https://partner.co/?custid=N6543249  ------------------What we Discussed: - How he got into Cyber Crime ( 2 mins) - The elderly are attacked more often ( 7 mins) - Criminal Organisations involved in the Scams (8:30 mins) - Using fake Voices (11:45 mins) - The danger of Ai and having a passphrase (14 mins) - Tech fraud scams (17 mins) - How I fell for a fraud and Remittle not worth using ( 21:45 mins) - How to Stop the Scammers (23:45 mins) - Should you have a password manager on the cloud (28:45 mins) - People threating you pretending they know what you are doing on your computer (32 mins) - Targetting Minors (33 mins) - How do we protect the kids (36 mins) - Fake news online ( 40 mins) - Getting your phone hacked ( 42 mins) - Spyware software are they dangerous (46 mins) - What happens to the scammers that are caught ( 49 mins) - Are VPN's traceable (51 mins) - How to protect your blockchain (54:45 mins) - Digital Assets will's (57 mins) How to Contact Art Boker : https://thecybersafetyguys.blog/ https://twitter.com/Computerpo https://www.instagram.com/computerpo/ https://www.facebook.com/groups/Cybersafetyguys https://www.linkedin.com/in/artbowker ------------------------------More about the Awakening Podcast:All Episodes can be found at www.awakeningpodcast.org  Help Support the show through my Business Partners : Upgrade Your Brain  Unleash & Use Your Uniqueness  https://braingym.fitness/⁠  --------------------------Awakening Podcast Social Media / Coaching My Other Podcasts  ⁠⁠⁠https://roycoughlan.com/⁠⁠ Health & Wellness Products https://partnerco.world/ My Website https://partner.co/?custid=N6543249 Our Facebook Group can be found at https://www.facebook.com/royawakening

The recent hack of MOVEit has serious implications for higher education. MOVEit, an application used by the National Student Clearinghouse and many other institutions to move large files, directly affects numerous higher ed institutions and solution providers. This, coupled with the Gramm-Leach-Bliley Act going into effect in early June of 2023, has (should have) put cybersecurity at the top of mind for college and university decision-makers.   In his latest podcast episode, Dr. Drumm McNaughton once again speaks with virtual chief information security officer Brian Kelly, who this time returns to Changing Higher Education to discuss the ramifications of MOVEit getting compromised, tools that can help higher ed institutions protect themselves, all nine elements of the GLBA that colleges and universities must be in compliance with to receive financial aid, what GLBA enforcement could look like, and an online hub that states and higher ed can emulate to ensure students enter the cybersecurity field.     Highlights   §  MOVEit, a third-party tool used by the National Student Clearinghouse and others to move large data pieces, was recently compromised, compromising institutional data. This is having a downstream impact on higher ed since many institutions engage with the NSC.   §  In addition to performing triage and internal assessments, higher ed institutions must reach out to all of their vendors and contractors and ask if they use MOVEit and, if they are, what they are doing to protect their data.   §  It is important to have a process in place for vetting third-party risk. EDUCAUSE's HECVAT can help address this and future problems. It's a standard set of questions that institutions can ask third-party vendors about security and privacy. Over 150 colleges and universities use HECVAT version 3.0's questionnaire in their procurement process. Large vendors like Microsoft and Google have completed it.   §  HECVAT makes it easier for vendors since they don't have to answer bespoke questionnaires from numerous institutions that might have their nuances and differences. It also allows the community of CISOs and cybersecurity privacy practitioners in higher ed to have a conversation around a grounded standardized set of questions.   §  The Federal Trade Commission's Safeguards Rule, which changed the standards around safeguarding customer information, went into effect on December 9th, 2021. The Gramm-Leach-Bliley Act that took effect in early June of 2023 required higher education institutions to meet the elements of those rule changes. There are nine elements.   §  The primary rule change is designating a CISO or a qualified individual responsible for protecting customer information or student financial aid data. The second is to perform a risk assessment at least annually by a third party or internally.   §  The third involves access review controls. Institutions must annually vet employees granted access to information and ensure more people haven't been granted access. Institutions must know where all data resides and that all incoming data is identified. Institutions must ensure data is protected and encrypted when it's being stored and in use, ensure the coding or development of any software that interacts with the Department of Education's data follows secure practices, ensure data that institutions should no longer have or that has aged out has been properly disposed of, and ensure change management has been implemented. Institutions must identify who has access to customer information and annually review their logs.   §  The fourth ensures that institutions annually validate that these controls are in place and working as intended. The fifth mandates that the individuals who interact with the Department of Education and use customer information are appropriately trained and aware of the risks involved. The sixth ensures institutions have a program and process to address and test for third-party risks. Seventh mandates having a prescriptive plan for responding to incidents, regularly testing and validating the plan to see if it's working, and identifying the lessons learned. The ninth mandates that the CISO annually reports to the board or president.      Read the podcast transcript →   About Our Podcast Guest   Brian Kelly supports the safeguarding of information assets across multiple verticals against unauthorized use, disclosure, modification, damage, or loss by developing, implementing, and maintaining methods to provide a secure and stable environment for clients' data and related systems.   Before joining Compass, Brian was the CISO at Quinnipiac University and, most recently the Cybersecurity Program Director at EDUCAUSE. Brian is also an Adjunct Professor at Naugatuck Valley Community College, where he has developed and teaches cybersecurity courses.   Brian has diverse experience in information security policy development, awareness training, and regulatory compliance. He provides thought leadership on information security issues across industries and is a recognized leader in his field.   Brian holds a bachelor's degree from the University of Connecticut and a master's degree from Norwich University. He has served in various leadership roles on the local boards of the ISSA, InfraGard, and HTCIA chapters. Brian is also a retired Air Force Cyber Operations Officer.   About the Host   Dr. Drumm McNaughton, the host of Changing Higher Ed®, is a consultant to higher ed institutions in governance, accreditation, strategy and change, and mergers. To learn more about his services and other thought leadership pieces, visit his firm's website, https://changinghighered.com/.   The Change Leader's Social Media Links   LinkedIn: https://www.linkedin.com/in/drdrumm/ Twitter: @thechangeldr Email: podcast@changinghighered.com   #HigherEducation #HigherEdCybersecurity #MOVEitHack  

You can't put a price on bants! Friends and enemies welcome as this week Christa, Si, and Desi recap HTCIA and DFRWS. Deep dive into ticket prices and accessibility. Wonder whether there is innovation in the vendor space. Consider running their own virtual Forensic Focus conference in 2023. They briefly touch on neurodiversity, potential guests, and we all get treated to Si's long preamble and and slightly shorter outro. Show Notes: DFRWS APAC 2022 Program - https://dfrws.org/apac-2022-program/ BSides AUS - https://www.bsidesau.com.au/ BSides UK - https://www.securitybsides.org.uk/# HTCIA - https://htcia.org/ Heather Mahalik's talk on verifying evidence CYACOMB Prioritizing time sensitive investigations with Rapid Digital Triage - Alan McConnell Hansken Forensics - https://www.hansken.nl/ Velociraptor - https://www.rapid7.com/products/velociraptor/ Sydney Declaration IAFS 2023 - https://iafs2023.com.au/sydney-declaration/

With over 700K open cybersecurity jobs in the US alone, how do we train the next generation of forensics professionals to take the reins? Recorded live at the HTCIA conference in Atlantic City, NJ, Justin Tolman sits down with some special guests who are just beginning or advancing their DFIR journeys. See the world of digital forensics through the eyes of four cybersecurity students and their professor, Glenn Goe, at Stark State College in Canton, Ohio. Interested in connecting with Glenn about his forensics curriculum? Email him at GGoe@starkstate.edu

In this episode of CHATTINN CYBER, Marc Schein interviews Ondrej Krehel, He is a former lecturer at FBI Training Academy and Chief Information Security Officer of IDT911, the nation's premier identity theft recovery and data breach management service. Ondrej is also the Founder and CEO of LIFARS LLC,  a digital forensics and cybersecurity intelligence firm. He authors articles, conducts training, and is a frequent speaker at industry events, such as FBI Academy, RSA, HTCIA, ECTF USSS, and QuBit Prague. In this episode, Ondrej shares history, explaining how he went from a mathematical physics student to a cybersecurity expert. His career started in crypto, working with code, and eventually oversaw nuclear power plants and Industrial Control Systems. We chat about  Eastern European Ransomware gangs and the trends noticed in their attack measure. Ondre discusses the  Kaseya attack of  in which the hackers used chain exploit - meaning, it was all in one code. Here's how it happened - The authentication bypass got them in the file upload and let them upload the files they needed. They got the right to deploy, did a command and code injection, and completely interacted with the system. Ondrej describes this to be a true military type of tactic on a system. The group that led this attack was formidable and had a clear understanding of the legal system in the U.S.  Quotes: “I actually exercise a lot and do a lot of specialized training. But I decided that cutting that social life for me, but moving to that career that was very unique, can only shape who I am today.” “I think that's what the industrial control system people are saying, that look, the code is so primitive, that it's easy to do quality assurance. Once you start introducing complexity in integrations, we are not going to be able to control it.” “These threat actors do diligence very well, they played a card of third party liability. They understand probably also insurance policy of that company not insist they read the policy, but they understand what the premium is, also what the limit of that is, and probably who owns it, and how likely they're going to get paid.” “These trackers right now do understand the insurance market completely, they understand how the insurance operates. I was important to this game, they understand the third party liability. And they try companies with a third party liability.” “What the issue is when it comes to the rebel group is that the rebel group first gets maybe some intelligence. All these exploits, all the tools that we do believe in and debat are somehow connected to intelligence agencies in Russia. And at that level, basically, they truly use a cyber military type of skill set against the commercial enterprises.” “The challenging piece for that crypto is it has some cell stacks attached to it. There are some fees attached to it, how you're going to put that on your balance sheet at the end of the day. And also some legal aspects of dealing with the office of the asset controlling involve attorneys. ” Time-Stamps: [00:51] - Ondrej's backstory and career in the crypto world [04:26] - Ondrej shares his experience in the nuclear sector [08:43] - The debate on whether to upgrade industrial technology or not Connect with Ondrej: LinkedIn  https://www.linkedin.com/in/ondrejkrehel/

10/10/10 - Getting to know other student organizations/networking with people is a very good thing. I got to meet Lewis Black this way. 10/11/10 - It is possible to give a lecture on your job and bust a Meth Lab at the same time (HTCIA meeting). 10/12/10 - Figured out Spaces on the Mac. 10/13/10 - Learned how to Chroma Key the green screen at SCAN. Hilarity ensued. 10/14/10 - Ultramon doesn't save settings in terms of taskbar placement in scheme files. Sucks for my desktop with stacked dual monitors. 10/15/10 - Heaters can apparently be fixated on ceilings and look like fluorescent lights, or at least that's what they do in the Owl's Nest apartments at Keene. 10/16/10 - Jungle Juice is weird. This episode's music comes from the Free Music Archive. Tracks featured in this episode include: Podington Bear - Giving Tree Jason Shaw - River Meditation Jason Shaw - Running Waters Jason Shaw - Sidewalk Jason Shaw - Travel Light

Magnet Forensics (https://www.magnetforensics.com/) , a leading digital forensics company. Jad guides the organization to create products that meet the needs of customers from law enforcement, consultancies, or the corporate world. A former digital forensics investigator with a background in computer science, Jad can uniquely identify issues faced by forensics professionals and apply new ways of using technology to solve these problems. Prior to starting Magnet Forensics, Jad spent seven years with the Waterloo Regional Police Service. While with the police department, Jad was responsible for recovering Internet evidence from computers to support the force's investigations. He then developed Internet Evidence Finder which quickly became one of the most popular digital forensic tools for law enforcement and commercial practitioners. Jad is a recognized digital forensics speaker at industry events including: CEIC, Crimes Against Children Conference, EuroForensics, F3, HTCIA, ICDDF, SANS, and the Canadian Police College. Jad holds a Diploma in Computer Science and Network Security from Mohawk College (Hamilton, Canada). In this episode we discuss the Operation Underground Railroad sting, being a police officer vs. running a business, the most important skill an investigator needs, his favorite tool outside of his, cloud forensics, and so much more. Where you can find Jad: LinkedIn (https://www.linkedin.com/in/jadatmagnet/) Twitter (https://twitter.com/jadatmagnet) Magenet Forensic Blog (https://twitter.com/jadatmagnet)  

Dr. Darren Hayes is the Director of Cybersecurity and an Assistant Professor at Top 10 Computer Forensics Professors, by Forensics Colleges (http://www.forensicscolleges.com/blog/profs/10-top-computer-forensics-professors) . He has developed four distinct courses in digital forensics, at Pace University, at the undergraduate and graduate levels. Also through Pace, Darren continually conducts research to support of law enforcement agencies both domestically and internationally. He has successfully been awarded grants, in the field of computer forensics, by the Department of Defense, National Science Foundation and other notable foundations. Daren is also a professional consultant in computer forensics and cyber law for the Department of Education in New York. For a number of years, Hayes has served on the Board of the High Technology Crime Investigation Association (HTCIA) Northeast Chapter and was the President of the HTCIA Northeast. Currently, he serves as Second Vice President of the HTCIA Northeast. Darren is also an accomplished author with numerous peer-reviewed articles on computer forensics. He has co-authored two textbooks and published “ A Practical Guide to Computer Forensics Investigations (https://www.amazon.com/gp/product/B012HTZ8BC/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B012HTZ8BC&linkCode=as2&tag=cybersecur030-20&linkId=90fb74422660e0aeef62fcf9a1afe338) ”. Darren has appeared on numerous media and news outlets such as Bloomberg Television, The Street and Fox 5 News and been quoted by CNN, The Guardian (UK), The Times (UK), Wall Street Journal, Financial Times, Forbes, Investor’s Business Daily, MarketWatch, CNBC, ABC News, Forensic Magazine, SC Magazine, PC Magazine, USA Today, Washington Post, New York Post, Daily News and Wired News (to name but a few!). He has also been invited to lecture for the Harvard Business Review, University College Dublin and, more recently, was Visiting Professor at Sapienza University, Rome, Italy. In this interview we will discuss how he supports law enforcement, developing teaching skills, the importance of problem solving abilities, the challenges when authoring books, misinformation in the media, his involvement with HTCIA, gender roles in information security, foundational skills necessary to be good in information security, immigration challenges, real world physical threats from cyber attacks, the growth of ransomware, the "brain drain" in the government sector, how to learn cyber security on a budget, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Darren: LinkedIn (https://www.linkedin.com/in/darren-hayes-05b8517) Twitter (https://twitter.com/CyberOSINT) Pace University (http://csis.pace.edu/~dhayes/) A Practical Guide to Computer Forensics Investigations (https://www.amazon.com/gp/product/B012HTZ8BC/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B012HTZ8BC&linkCode=as2&tag=cybersecur030-20&linkId=90fb74422660e0aeef62fcf9a1afe338)  

Episode 0x6D We've been gone for a month, we've been drunk since we left hej till våra lyssnare i Sverige Upcoming this week... Lots of News Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Etherium TheDAO attack simplified People who have been victim of workplace violence, harrasment and sexual assault Isis agora lovecruft Alison Macrina Violet Blue Nick Farr "Consent, it's as simple as tea" if you haven't seen it Canadian Association of Sexual Assult Centers Women Against Violence Against Women Ontario Coalition of Rape Crisis Centers Central Alberta Sexual Assult Center VictimLink BC page on Sexual Assult Rape, Abuse & Incest National Network (USA) DHS seeks to ask foreign visitors their social media accounts Breaches All your gotomypc are belong to us DERP Comodo are the good guys, seriously (not seriously) Briefly -- NO ARGUING OR DISCUSSION ALLOWED The Intercept's comparison of instant messaging applications (And the EFF's scorcard is soon to be updated) Mooltipass Intel Corp. Said to Weigh Sale of Cyber-Security Unit, FT Says Liquidmatrix Products and Services - We do some stuff. Seriously. LSDP-Rawfeed - where LSDP stories get posted (except Matt... and Dave... and Ben... and Wil) Upcoming Appearances:  -- more gratuitous self-promotion Dave: - BSidesLV, DEF CON, Black Hat, Energysec, HTCIA, Security Congress... James: - Vegas. Sigh. Ben: - Coding my ass for SECTOR building G.Tool Matt: - Keeping banker's hours. Wil: - BSidesLV, DEF CON, Burning Man... Other LSD Writers: - Who? Advertising - pay the bills... Thinking about SecTor this October? Be sure to use the code "liquidmatrix2016" and save 10% off the registration fee! Or if you've just got time to cruise the SecTor Expo Hall, the code "liquidmatrix2016expo" will get you in for $0 Closing Thoughts Seacrest Says: I don't have to outrun you... I just have to outrun the other short guys   Creative Commons license: BY-NC-SA

In this episode...   Peter Morin joins us to talk through the upcoming HTCIA International 2015 Conference in sunny Orlando, Florida. We talk through a preview of talks, events, and some interesting reasons you should be going to HTCIA Int'l Check out the incredible lineup of keynotes, speakers and talks - http://www.htciaconference.org/ Come see the #DtSR crew live and in person as we record and broadcast from the conference

Today I had the pleasure of sitting down with one old friend, and one new. As a speaker at the HTCIA International conference, and the CISO Summit - I had the opportunity to gain some valuable insight, meet lots of excellent leaders, and force some new relationships. As a wonderful side-effect I had the pleasure of sitting down with Mike Murray of Mad Security, and Vince Skinner an attendee of the conference and security leader of his enterprise. We talked about a range of topics from history of the information security industry, to our experiences and the current lack of direction and strategy in much of the enterprise space. We also discussed some topics that dated us quite a bit ...so don't judge! Guests Mike Murray ( @MMurray ) - Mike is the co-founder of Mad Security, an industry veteran and mentor, and an all-around fantastic friend. Vince Skinner ( @SkinnerVince )  - Vince is the Informatino Security and Business Continuity Manager, AVP of D.A. Davidson & Co.

In this Episode, Ryan interviews Al Lewis of SubRosaSoft, Chris talks with Social Media & Communications expert, Christ M. Miller about her website, Cops2Point0.com. The MacDudes also discuss:HFS+ read support in BootCamp 3.0 Mac OS's native screenshot capabilitiesPlist of the Week: com.apple.sidebarlists.plistWe're still struggling with some sound quality issues,  hopefully we will have this worked out with the next round of interviews.Show notes will be posted shortly.

Information security professionals increasingly need to be familiar with developments in cyberlaw to ensure they comport their actions with the contours of the law. Unfortunately, with technology changing far faster than the statutes, judges are increasingly being called upon to fill in the interstices. In this interactive session, facts from actual cases will be presented in a "You Be the Judge" format to highlight important developments in recent cases and identify key trends in the case law. What is the legal efficacy of a click-through consent banner and how does this impact information security professionals? What constitutes an "interception" and what types of interceptions are legal and illegal? What law dictates whether an employer can or cannot inspect its employee's personal e-mail messages? Do individuals have to divulge their encryption keys requested to do so by border guards or law enforcement agents? Are there jurisdictional borders in cyberspace? Who has jurisdiction and how does the law apply in virtual worlds? How do extradition laws apply to cybercrimes? These and many other questions will be answered in this interactive seminar. About the speaker: Rick Aldrich is the Senior Computer Network Operations Policy Analyst for the Information Assurance Technology Analysis Center and an Associate for Booz Allen Hamilton. He has been awarded several grants by the Institute for National Security Studies to study the legal and policy implications of cybercrime and information warfare. He has multiple publications in this field, including a chapter on information warfare in the widely used textbook, National Security Law. He has taught cyberlaw at the collegiate level and has been a faculty member of the Institute for Applied Network Security. He has presented at several national and international conferences including HTCIA, Infowarcon, SANSFIRE, FiestaCrow, IA Conference of the Pacific, Southeast Cybercrime Summit, a conference on Arms Control in Cyberspace in Berlin, Germany and a forum on cyberterrorism in Bogota, Colombia. He was a primary contributor to the Cyberlaw I and II courses distributed by the Defense Department. He has a Bachelor of Science degree in Computer Science from the US Air Force Academy, a Juris Doctor from UCLA, and a Masters of Law in Intellectual Property Law from the University of Houston. He is also a CISSP.

This episode covers why we point everyone to the user's Home folder first. Ryan talks about Diskarbitration for Leopard and Tiger. Chris showcases the Plists of the Week, Safari bookmarks, history, downloads, TopSites & Last Session.Websites of the Week:  MacTracker & EveryMacPodcasts to listen to: CyberSpeak & Forensic 4CastShow notes are available for download. They are more detailed than the synopsis below:Click here to DownloadShow notes synopsis:Home Folder: -Most of the evidence is located in the Userʼs Home Folder -Majority of the Preference PLists with user-specific settings are in   User/Library/ Preferences  -User Logs:   -Indicative of the userʼs activity   -Not system activity, but user specific logs -Preferences:  -PLists files or proprietary format files for the User  -Contains configurations and settings for the User  -I.E. Online activity, buddy lists, email, logins, etc.-Application Support:  -Mozilla Cache, iPhone backup files from MobileSync folder  -Application PLists with information LEOPARD: -Disk Arbitration looks at devices and mounts the device and makes icon    to access this device available to the user -On Boot, Disk Arbitration recognizes the internal hard drive. Recognizes   file system. Mounts partitions on desktop.  -In order to prevent writes, we must prevent the mount.  -To turn off Disk Arbitration, enter Terminal and type: sudo launchctl unload System/Library/LaunchDaemon/com.apple.diskarbitrationd.plist-Now when you connect a disk, the disk will not mount -To turn back on, enter Terminal and type: sudo launchctl load System/Library/LaunchDaemons/com.apple.diskarbitrationd.plist or Reboot system and diskarbitration will become active again TIGER: -Not controlled by LaunchCtl process -Need to move the PList from one location to another -Method: 1. Make copy of the diskarbitrationd.plist 2.Once the copy is made, use the remove command in Terminal to delete      the com.apple.diskarbitrationd.plist from the /etc/mach_init.d folder 3.Reboot system 4.Only OS Boot partition will mount. To UNDO, Copy the diskarbitrationd.plist back to the /etc/mach_init.d      folder and reboot the system. PList(s) of the Week(PLOW): User/Library/Safari:Bookmarks.plist:  -User created/maintained bookmarks Downloads.plist  -Any downloads specific to Safari  -Download history History.plist:  -History from Safari if not cleared TopSites.plist  -Came with Safari 4  -When a New Tab is opened, it opens thumbnails of  most visited sites  -Instead of typing URL,  just click on thumbnail and it opens the site. LastSession.plist:  -Indicates what was open on last Safari session  -If multiple windows opened, it will indicate each as a different Item

Hey,Episode 3 is uploaded and ready for your listening pleasure. We cover Safari Internet cache, the Trusted Utilities Disk and the Plist of the Week. We also have our Host at Large, Reggy, with part one of his series on the Terminal. Show notes should be posted tomorrow. Thanks for listening and keep those emails coming in!Be Safe,The MacDudes

Episode 2 is uploaded! The sound quality is a bit better but still working on that. In this episode we cover: Defeating the Open Firmware password, Mobile Forensics World's iPhone Forensics panel discussion, the Plist of the Week and a few Mac websites.You can send any comments or questions to: Click here to send The MacDudes an e-mailEpisode 1 Show Notes (Download at: Show Notes)GOLDEN RULE: Use OPTION key to boot first and confirm no Firmware Password OFP: Prevents any other startup option other than "option" or "startup disk". If OFP is active and you attempt alternative boot sequence, the system will default to  the normal “Startup Disk” and possible writes will be made. -Dont want to make writes.... 1. Boot with option key to confirm Open Firmware Password exist 2. To get around:     A. Pull hard drive and image via write block (24 screws or less)     B. Reconfigure the RAM:         1) Shut down         2) Disconnect power (if laptop remove battery)         3) Remove stick or add stick of RAM to reconfigure         4) Close up, connect battery/power        5) Command+Option+P+R key all at once "Vulcan Death Grip"         6) Listen for 3 Chimes-Indicates reset         7) Restart and use Option key to check NOTE: Time will be reset. The clock will possibly be off.              Logs may be important. Mobile Forensics World iPhone Forensics PaneliPhone Panel: -Ryan Kubasiak: Macosxforensics.com -Jonathan Zdziarski : iPhone Forensics author -Sean Morrissey :Dept. of Defense -Andrew Hoag : Moderator -Took questions from audience after moderated question session.Different ways to get data: Hardware/Software Suites: Wolf: Good for unlocked phone, and if you unlock can use. CellebriteDifferent Methods: Raw Disk info: Jonathan Zdziarski and Sean Morrissey                           -Concerns as to what is being changed from data                              standpoint Dont forget about the iPhone backups on the Mac: a wealth of informationPList(s) of the Week(PLOW): Plist: Registry like files but corruption of one file doesnʼt corrupt the entire system. Application plists: Quicktime: Global: Library--> Preferences--> com.apple.quicktime.plist -Shows Registered User and Registered Key -Can indicate the key for verififcation of legal software iWork (Mac Office Suite): Global-->Library-->Preferences-> iWork08: com.apple.iwork08.plist iWork09: com.apple.iwork09.plist Google Gears: Global--Library-->Preferences-> com.google.gears.plist  User-->Library-->Preferences-> com.google.gmailnotifier.plist Websites to Check Out:Mac Shadows:  www.macshadows.comMacenstein:  www.macenstein.com

Well, we finally got Episode 1 uploaded! We had some minor problems with sound quality, hopefully we will get those cleared up for the next episode.You can send any comments or questions to: Click here to send The MacDudes an e-mailEpisode 1 Show Notes (Download at: Show Notes)Single User Mode: GOLDEN RULE: Use OPTION key to boot first and confirm no Firmware Password -If Firmware Password in use, power off. (Firmware Password Options will be covered in a later podcast) -Single User Mode can be used to find Date/Time of the system without making changes -After OPTION key boot and confirmation of no firmware password -REBOOT holding OPTION + ʻSʼ Key to boot into Single User Mode -Will be similar to a Verbose boot -After boot stops, type “Date” at cursor and date and time will be displayed. -To find the make & model of the installed hard drive, look for the line that starts with "Got Boot Device"-Can also run System Profiler to access information about the system Training: Forward Discovery: -Non-Tool Specific Mac Forensics Survival Course -Teaches how to do Mac Forensics using Mac -Basic and Advanced Courses being offered Internationally BlackBag Technologies: -Offers both training for non-tool and Blackbag Tool Training -Suite of Proprietary tools for using a Mac to do Mac Forensics -Beginner, Intermediate, and Advanced Courses SubRosaSoft: -Also offers tool specific training -MacForensicsLab:Proprietary software Purdue University: (Law Enforcement Only): -3 day class -Traveling Class and at the University -Beginning and Advanced Course Apple: -Several certifications: -Apple Certified Support Professional (ACSP) -Apple Certified Technical Coordinator (ACTC) -Apple Certified System Administrator (ACSA) -Range of Apple Software Pro Certifications as well Plist of the Week(PLOW): This weekʼs PLOW is: com.apple.ipod.plist 1.It is located in both Global and User: Library --> Preferences 2.Contains information about all IPod/IPhone devices connected to system. 3.Includes (not comprehensive):   a.UUID: Unique ID for the Device   b.Connected: Last Connected Date/Time   c. Device Class: IPod/IPhone   d.Firmware Version   e.Serial Number   f. IMEI (IPhone)   g.Use Count

Welcome to Inside the Core, the Macintosh & Apple Device Forensics podcast.Today is a short introduction into what Inside the Core is all about. We will cover Mac specific resources and the Plist of the Week.ResourcesThe Mac OS X Forensics websitewww.macosxforensics.comThe Mac OS Forensics Yahoo Grouptech.groups.yahoo/group/macos_forensicsTips & Tricks at the MacForensicLabs websitewww.macforensicslab.comPlist of the Weekcom.apple.preferences.account.plistThis plist is located in the Local Library (/Library/Preferences) and holds information pertaining to deleted user accounts. These user accounts can be totally deleted from the system or archived by the administrator.To see if the user accounts were archived, look in the Users folder for the Deleted Users subfolder (/Users/Deleted Users/). User accounts that have been archived will be in a disk image (DMG) format or if it was FileVaulted, a sparsebundle image.

"Web applications are normally the most exposed and the most easily compromised part of an organization's network presence. This combination requires that organizations be prepared for web application compromises and have an efficient plan for dealing with them. Unfortunately, traditional techniques for forensics and incident response do not take into account the unique requirements of web applications. The multi-level architecture, business criticality, reliance on major database and middleware software components, and custom nature of web applications all create unique challenges for the security professional. Responding to a web application attack brings many unique issues, often with no clear right and wrong answers, but this talk will provide useful information to guide attendees down this bumpy path. Chuck Willis is a Senior Consultant with Mandiant, a full spectrum information security company in Alexandria, Virginia, where he concentrates in incident response, computer forensics, tool development and application security. Prior to joining MANDIANT, Chuck performed security software engineering, penetration testing, and vulnerability assessments at a large government contractor and also conducted computer forensics and network intrusion investigations as a U.S. Army Counterintelligence Special Agent. Chuck holds a Master of Science in Computer Science from the University of Illinois at Urbana-Champaign and has previously spoken at the Black Hat Briefings USA, the IT Underground security conference in Europe, and DefCon. Chuck has contributed to several open source security software projects and is a member of the Open Web Application Security Project, a Certified Information Systems Security Professional, and a Certified Forensic Computer Examiner. Chuck's past presentations are available on his Web site. Rohyt Belani is a Director at Mandiant and specializes in assisting organizations with securing their network infrastructure and applications. His expertise encompasses the areas of wireless security, application security and incident response. Rohyt is also an experienced and talented instructor of technical security education courses. Prior to joining MANDIANT, Rohyt was a Principal Consultant at Foundstone. Earlier in his career, he was a Research Group Member for the Networked Systems Survivability Group at the Computer Emergency Response Team (CERT). Rohyt is a frequent author of articles on SecurityFocus and is also a contributing author for "Hack Notes-Network Security" and "Extrusion Detection: Security Monitoring for Internal Intrusions". Rohyt is a regular speaker at various industry conferences and forums like OWASP, HTCIA, FBI-Cyber Security Summit, ASIS, HP World, New York State Cyber Security Conference, HackInTheBox-Malaysia, and CPM. Rohyt holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University and is a Certified Information Systems Security Professional (CISSP)."

Web applications are normally the most exposed and the most easily compromised part of an organization's network presence. This combination requires that organizations be prepared for web application compromises and have an efficient plan for dealing with them. Unfortunately, traditional techniques for forensics and incident response do not take into account the unique requirements of web applications. The multi-level architecture, business criticality, reliance on major database and middleware software components, and custom nature of web applications all create unique challenges for the security professional. Responding to a web application attack brings many unique issues, often with no clear right and wrong answers, but this talk will provide useful information to guide attendees down this bumpy path. Chuck Willis is a Senior Consultant with Mandiant, a full spectrum information security company in Alexandria, Virginia, where he concentrates in incident response, computer forensics, tool development and application security. Prior to joining MANDIANT, Chuck performed security software engineering, penetration testing, and vulnerability assessments at a large government contractor and also conducted computer forensics and network intrusion investigations as a U.S. Army Counterintelligence Special Agent. Chuck holds a Master of Science in Computer Science from the University of Illinois at Urbana-Champaign and has previously spoken at the Black Hat Briefings USA, the IT Underground security conference in Europe, and DefCon. Chuck has contributed to several open source security software projects and is a member of the Open Web Application Security Project, a Certified Information Systems Security Professional, and a Certified Forensic Computer Examiner. Chuck's past presentations are available on his Web site. Rohyt Belani is a Director at Mandiant and specializes in assisting organizations with securing their network infrastructure and applications. His expertise encompasses the areas of wireless security, application security and incident response. Rohyt is also an experienced and talented instructor of technical security education courses. Prior to joining MANDIANT, Rohyt was a Principal Consultant at Foundstone. Earlier in his career, he was a Research Group Member for the Networked Systems Survivability Group at the Computer Emergency Response Team (CERT). Rohyt is a frequent author of articles on SecurityFocus and is also a contributing author for "Hack Notes-Network Security" and "Extrusion Detection: Security Monitoring for Internal Intrusions". Rohyt is a regular speaker at various industry conferences and forums like OWASP, HTCIA, FBI-Cyber Security Summit, ASIS, HP World, New York State Cyber Security Conference, HackInTheBox-Malaysia, and CPM. Rohyt holds a Bachelor of Engineering in Computer Engineering from Bombay University and a Master of Science in Information Networking from Carnegie Mellon University and is a Certified Information Systems Security Professional (CISSP)."