British Columbia HTCIA October Meeting

Our third HTCIA Meeting in 2021 will be on Thursday, October 7. Derrick Karpo from Edmonton Police Service will discuss Forensics in the Field with Q&A.

WHEN: Thursday, October 7. 1:00 pm – 3:00 pm Pacific

WHERE: Zoom Meeting 

The Zoom Meeting URL and password will be sent to members who RSVP in advance.

Presenter: Derrick Karpo, Systems Analyst and Digital Forensic Examiner, Edmonton Police Service

Derrick Karpo is a systems analyst and digital forensic examiner who has been with the Edmonton Police Service for almost 15 years. He is also the developer of TCU Live, a live Linux distribution used for field triage, digital forensics, and anywhere you need to quickly spin up a Linux machine. In his spare time he plays guitar, hacks on electronics, spends time with his kids, and scrolls endlessly on Reddit.

Title: Forensics in the Field – Find All The Things! (Devices)

Have you ever walked into a scene and wondered where to start?

Wondered if you should pull the plug or conduct a live examination?

Left a scene wondering if you found all the devices? In this presentation, Derrick will walk you through some free and open source techniques to passively and actively interact with a network to help you find wired and wireless devices that may not be in plain view. The presentation will walk you through how to covertly examine a network, actively interact with the network, and cover techniques based on the order of volatility when dealing with networks and devices including IoT devices. Topics we will cover include:

* Packet sniffing and its value to your scene triage
* Router analysis and exploitation
* IoT devices and their value to an active investigation
* Wireless analysis
* Reverse mapping wireless BSSID’s to locate a devices locations
* War driving for networks
* Additional tools and techniques (time permitting)

Please reply to htciabc@gmail.com and let us know if you will be attending.