Difference between pages "Upcoming events" and "Cell Phone Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
(External Links)
 
Line 1: Line 1:
<b>PLEASE READ BEFORE YOU EDIT THE LISTS BELOW</b><br>
+
== Guidelines ==
Events should be posted in the correct section, and in date order.  An event should NEVER be listed in more than one section (i.e. Ongoing/Continuous events should not be listed in Scheduled Training).  When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single (ONE) entry in the list with the date(s) and ALL locations for the event. Please use three-letter month abbreviations (i.e. Sep, NOT Sept. or September), use two digit dates (i.e. Jan 01 NOT Jan 1), and use date ranges rather than listing every date during an event(i.e. Jan 02-05, NOT Jan 02, 03, 04, 05).<br>
+
<i>Some conferences or training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
  
This is a BY DATE listing of upcoming conferences and training events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities. Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
# If on, switch it off. If off, leave off.  
  
This listing is divided into four sections (described as follows):<br>
+
#* Note only under exceptional circumstances should the handset be left switched on and in any case every precaution to prevent the handset connecting with the Communication Service Provider should be made. Consider use of one of many [[wireless preservation]] or [[RF isolation]] techniques. Note that the slightest signal leakage will allow an overwriting text message through even if a phone call can't get through.
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
<li><b><u>[[Scheduled Training Courses]]</u></b> - Training Classes/Courses that are scheduled for specific dates/locations.  This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Name, Date(s), Location(s), URL) (''note: this has been moved to its own page.'')<br></li></ol>
+
  
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. 
+
#* Instead of switching off, it may be better to remove the battery. Phones run a different part of their program when they are turned off.  You may wish to avoid having this part of the program run.  
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
+
  
== Calls For Papers ==
+
#* Note that removing the battery or powering off a mobile phone may introduce a handset unlock code upon powering the device on.
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Due Date
+
! Website
+
|-
+
|2nd Small Scale Digital Device Forensics Journal
+
|Oct 31, 2007
+
|http://ssddfj.org/submit.asp
+
|-
+
|International Association of Forensic Science Annual Meeting
+
|Jan 01, 2008
+
|http://www.iafs2008.com/abstracts/intro.asp
+
|-
+
|Usenix Annual Technical Conference
+
|Jan 07, 2008 (11:59PM PST)
+
|http://www.usenix.com/events/usenix08/cfp/
+
|-
+
|6th International Conference on Applied Cryptography and Network Security
+
|Jan 14, 2008 (11:59PM EST)
+
|http://acns2008.cs.columbia.edu/cfp.html
+
|-
+
|17th USENIX Security Symposium
+
|Jan 30, 2008 (11:59 PM PST)
+
|http://www.usenix.org/sec08/cfp/
+
|-
+
|Techno-Security 2008
+
|May 04, 2008
+
|http://www.techsec.com/html/TechnoPapers.html
+
|-
+
|Digital Forensic Research Workshop (DFRWS) 2008
+
|Mar 17, 2008
+
|http://www.dfrws.org/2008/cfp.shtml
+
|-
+
|}
+
  
== Conferences ==
+
# Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
   
|- style="background:#bfbfbf; font-weight: bold"
+
# Plug the phone in, preferably in the evidence room, as soon as possible.
! Title
+
# Retain [[search warrant]] (if necessary - [[LE]]).
! Date/Location
+
# Return device to forensic lab if able.
! Website
+
# Use [[forensically sound]] tools for processing. However, also remember ACPO Principle 2 says: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
|-
+
|6th Annual Internet Crimes Against Children National Conference
+
|Oct 15-18, San Jose, CA
+
|http://www.icactraining.org/website/registration.html
+
|-
+
|HTCIA Austin Fall Chapter Training Conference
+
|Oct 16, Austin, TX
+
|http://www.austin-htcia.org/
+
|-
+
|ToorCon 9
+
|Oct 19-21, San Diego, CA
+
|http://toorcon.org/intro.php
+
|-
+
|BlackHat Japan - Briefings
+
|Oct 23-26, Tokyo, Japan
+
|http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
+
|-
+
|Global Conference on Economic and High-Tech Crime (Open to all)
+
|Oct 24-26, Crystal City, VA
+
|https://conference.nw3c.org/index.cfm
+
|-
+
|European Network Forensic and Security Conference 2007
+
|Oct 24-26, Zuyd University, Heerlen, Netherlands
+
|http://www.enfsc2007.com/
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|Computer Security Institute Annual Meeting
+
|Nov 03-09, Arlington, VA
+
|http://www.csiannual.com/
+
|-
+
|First Forensic Forum Conference (F3 Conference)
+
|Nov 03-05, Tortworth, England
+
|http://www.f3.org.uk/
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Nov 26-27, Prague, Czech Republic
+
|http://www.dff-prague.com/
+
|-
+
|Association of AntiVirus Asia Researchers (AVAR) International Conference
+
|Nov 28-30, Seoul, Korea
+
|http://www.aavar.org/avar2007/index.html
+
|-
+
|PacSec Applied Security Conference
+
|Nov 29-30, Tokyo, Japan
+
|http://www.pacsec.jp/index.html
+
|-
+
|5th Australian Digital Forensics Conference
+
|Dec 03, Edith Cowan University, Mount Lawley, WA, Australia
+
|http://scissec.scis.ecu.edu.au/conferences2007/index.php?cf=1
+
|-
+
|HTCIA Asia Pacific Training Conference 2007
+
|Dec 12-14, Hong Kong, China
+
|http://2007.htcia.org.hk
+
|-
+
|SANS Security 2008
+
|Jan 11-19, New Orleans, LA
+
|http://www.sans.org/security08/
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 13-18, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|-
+
|4th Annual IFIP WG 11.9 International Conference on Digital Forensics
+
|Jan 27-30, Kyoto, Japan
+
|http://www.ifip119-kyoto.org/doku.php
+
|-
+
|Blackhat DC 2008 Briefings & Training
+
|Feb 12-15, Washington, DC
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|AAFS Annual Meeting 2008
+
|Feb 18-23, Washington, DC
+
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|CanSecWest Security Conference 2008
+
|Mar 19-21, Vanouver, BC, Canada
+
|http://cansecwest.com/
+
|-
+
|Blackhat Europe 2008 Briefings & Training
+
|Mar 25-28, Amsterdam, Netherlands
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|EuSecWest Security Conference 2008
+
|May 21-22, London, England
+
|http://eusecwest.com/
+
|-
+
|Techno-Security 2008
+
|Jun 01-04, Myrtle Beach, SC
+
|http://www.techsec.com/html/Techno2008.html
+
|-
+
|6th International Conference on Applied Cryptography and Network Security
+
|Jun 03-06, Columbia University, New York City, NY
+
|http://acns2008.cs.columbia.edu/
+
|-
+
|Usenix Annual Technical Conference
+
|Jun 22-27, Boston, MA
+
|http://www.usenix.com/events/usenix08/
+
|-
+
|International Association of Forensic Sciences Annual Meeting
+
|Jul 21-26, New Orleans, LA
+
|http://www.iafs2008.com/
+
|-
+
|17th USENIX Security Symposium
+
|Jul 28-Aug 01, San Jose, CA
+
|http://www.usenix.org/events/sec08/
+
|-
+
|Blackhat USA 2008 Briefings & Training
+
|Aug 02-07, Las Vegas, NV
+
|http://www.blackhat.com/html/bh-link/briefings.html
+
|-
+
|Defcon 16
+
|Aug 08-10, Las Vegas, NV
+
|http://www.defcon.org
+
|-
+
|Digital Forensic Research Workshop
+
|Aug 11-13, Baltimore, MD
+
|http://www.dfrws.org
+
|-
+
|}
+
  
== On-going / Continuous Training ==
+
== Notes ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
 
|- style="background:#bfbfbf; font-weight: bold"
+
Expand on as to what to collect:
! Title
+
 
! Date/Location or Venue
+
* [[ESN]],
! Website
+
* [[IMEI]],
|-
+
* [[Carrier]],
|Basic Computer Examiner Course - Computer Forensic Training Online
+
* Manufacturer,
|Distance Learning Format
+
* Model Number,
|http://www.cftco.com
+
* Color, and
|-
+
* Other information related to [[Cell Phone]] and [[SIM Card]]...
|Linux Data Forensics Training
+
 
|Distance Learning Format
+
Process:
|http://www.crazytrain.com/training.html
+
# Photograph the [[Cell Phone]] screen during power up.
|-
+
# Research the [[Cell Phone]] for technical specifications.
|SANS On-Demand Training
+
# Research the [[Cell Phone]] for forensic information.
|Distance Learning Format
+
# Based on phone type [[GSM]], [[CDMA]], [[iDEN]], or [[Pay As You Go]] determine acquisition tools
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
 
|-
+
GSM:
|MaresWare Suite Training
+
# Phone and SIM Card
|First full week every month, Atlanta, GA
+
# SIM Card
|http://www.maresware.com/maresware/training/maresware.htm
+
 
|-
+
CDMA:
|Evidence Recovery for Windows Vista&trade;
+
# Phone
|First full week every month, Brunswick, GA
+
 
|http://www.internetcrimes.net
+
iDEN:
|-
+
# Three major tools exist for iDEN Phones:
|Evidence Recovery for Windows Server&reg; 2003 R2
+
* iDEN Companion Pro
|Second full week every month, Brunswick, GA
+
* iDEN Media Downloader
|http://www.internetcrimes.net
+
* iDEN Phonebook Manager
|-
+
 
|Evidence Recovery for the Windows XP&trade; operating system
+
Pay As You Go:
|Third full week every month, Brunswick, GA
+
# Phone
|http://www.internetcrimes.net
+
 
|-
+
== External Links ==
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
 
|Third weekend of every month (Fri-Mon), Dallas, TX
+
Articles and Reference Materials
|http://www.md5group.com
+
*[http://www.e-evidence.info/cellarticles.html E-Evidence.Info Articles, Papers, Presentations, etc.]
|-
+
*[http://esm.cis.unisa.edu.au/new_esml/resources/publications/forensic%20analysis%20of%20mobile%20phones.pdf Forensic Analysis of Mobile Phones]
|}
+
*[http://www.ijde.org/docs/03_spring_art1.pdf Forensics and the GSM Mobile Telephone System]
==[[Scheduled Training Courses]]==
+
*[http://www.cl.cam.ac.uk/~fms27/persec-2006/goodies/2006-Naccache-forensic.pdf Law Enforcement, Forensics and Mobile Communications]
 +
*[http://www.forensics.nl/mobile-pda-forensics Mobile Phone Forensics & PDA Forensics Links]
 +
*[http://www.holmes.nl/MPF/FlowChartForensicMobilePhoneExamination.htm Netherlands Forensic Institute: Mobile Phone Forensics Examination - Basic Workflow and Preservation]
 +
*[http://csrc.nist.gov/mobilesecurity/publications.html#MF U.S. National Institute of Standards and Technology Documents]
 +
 
 +
Conferences
 +
*[http://www.MobileForensicsWorld.com/ Mobile Forensics World]
 +
 
 +
Investigative Support
 +
*[http://www.search.org/files/pdf/CellphoneInvestToolkit-0806.pdf Creating a Cell Phone Investigation Toolkit: Basic Hardware and Software Specifications]
 +
*[http://www.e-evidence.info/cellular.html E-Evidence.Info Mobile Forensic Tools]
 +
*[http://www.forensicfocus.com ForensicFocus.com(Practitioners Forum)]
 +
*[http://www.hex-dump.com Hex-Dump.com(Advanced Forum for Hex Dump and Memory Analysis)]
 +
*[http://www.Mobile-Examiner.com Mobile-Examiner.com (Forum for Practitioners)]
 +
*[http://www.Mobile-Forensics.com Mobile-Forensics.com (Research Forum for Mobile Device Forensics)]
 +
*[http://www.mfi-training.com Mobile Forensics Training Forum (Mobile Device Investigative Support and Training)]
 +
*[http://www.SmartPhoneForensics.com SmartPhoneForensics.com (Mobile Device Forensics Training and Investigative Support)]
 +
*[http://www.Phone-Forensics.com Phone-Forensics.com (Advanced Forum for Practitioners)]
 +
*[http://trewmte.blogspot.com TREW Mobile Telephone Evidence (Mobile Telephone Evidence Practitioner Site)]
 +
 
 +
Phone Research
 +
*[http://www.GSMArena.com GSMArena.com (Technical information regarding GSM Cell Phones)]
 +
*[http://www.MobileForensicsCentral.com MobileForensicsCentral.com (Information regarding Cell Phone Forensic Applications)]
 +
*[http://www.PhoneScoop.com PhoneScoop.com (Technical information regarding all Cell Phones)]
 +
*[http://www.ssddforensics.com/ Small Scale Digital Device Forensics Information]
 +
 
 +
Training
 +
*[http://www.Mobile-Forensics.com Mobile-Forensics.com (Research Forum for Mobile Device Forensics)]
 +
*[http://www.MobileForensicsWorld.com/Training.aspx Mobile Forensics World Training]
 +
*[http://www.mobileforensicstraining.com Mobile Forensics Training (Mobile Forensics Inc. Training Class site)]
 +
*[http://www.paraben-training.com/training.html Paraben-Forensics.com (Paraben's Handheld Forensic Training Classes)]
 +
*[http://www.SmartPhoneForensics.com SmartPhoneForensics.com (Mobile Device Forensics Training and Investigative Support)]
 +
*[http://www.msab.com/training/schedule Micro Systemation Training (Mobile Forensics Training)]

Latest revision as of 08:27, 11 May 2011

Guidelines

  1. If on, switch it off. If off, leave off.
    • Note only under exceptional circumstances should the handset be left switched on and in any case every precaution to prevent the handset connecting with the Communication Service Provider should be made. Consider use of one of many wireless preservation or RF isolation techniques. Note that the slightest signal leakage will allow an overwriting text message through even if a phone call can't get through.
    • Instead of switching off, it may be better to remove the battery. Phones run a different part of their program when they are turned off. You may wish to avoid having this part of the program run.
    • Note that removing the battery or powering off a mobile phone may introduce a handset unlock code upon powering the device on.
  1. Collect and preserve other surrounding and related devices. Be especially careful to collect the power charger. The phone's battery will only last a certain amount of time. When it dies, much of the data on the device may go too!
  1. Plug the phone in, preferably in the evidence room, as soon as possible.
  2. Retain search warrant (if necessary - LE).
  3. Return device to forensic lab if able.
  4. Use forensically sound tools for processing. However, also remember ACPO Principle 2 says: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

Notes

Expand on as to what to collect:

Process:

  1. Photograph the Cell Phone screen during power up.
  2. Research the Cell Phone for technical specifications.
  3. Research the Cell Phone for forensic information.
  4. Based on phone type GSM, CDMA, iDEN, or Pay As You Go determine acquisition tools

GSM:

  1. Phone and SIM Card
  2. SIM Card

CDMA:

  1. Phone

iDEN:

  1. Three major tools exist for iDEN Phones:
  • iDEN Companion Pro
  • iDEN Media Downloader
  • iDEN Phonebook Manager

Pay As You Go:

  1. Phone

External Links

Articles and Reference Materials

Conferences

Investigative Support

Phone Research

Training