Presentation
Solutions for Encrypted Data Investigations
Encrypted evidence items present a problem for investigators and analysts as encrypted data cannot generally be presented for prosecutorial or administrative purposes. With the ability to password protect entire hard drives or individual devices, entire machines may be locked out of use or necessary data may be inadvertently rendered unusable. From password recovery to complete data decryption, this session will provide direction on how best to increase code-breaking abilities by gathering intelligence, socially engineering information, and employing the right tools for the job. Industry standard algorithms touched on during this session include the Microsoft Office applications, Windows Registry encryption, the Windows Encrypting File System (EFS), and the Windows Bitlocker scheme. In this session, attendees will learn: real world encryption methodology (key encryption/management); the difference between password protection and password encryption; the difference between a key space attack and dictionary attack; methods and tools to defeat industry standard encryption algorithms
Biography
Keith Lockhart, VP of Access Data
As Director of Training, Keith is responsible for the development of forensic and encryption training solutions for local, state, federal, and international law enforcement agencies as well as worldwide corporate entities involved in the prevention, investigation and prosecution of high-technology crime. Prior to joining AccessData, Keith served as a computer crime specialist at the National White Collar Crime Center (NW3C) in Fairmont, WV. Keith served as program manager of the INET (Internet Trace Evidence Recovery & Analysis) course providing the framework of complex research and design for its development and maintenance. Prior to NW3C, Keith was a police officer with Kent State University Police Department. Earlier in his career, Keith worked in the narcotics division of the Western Portage Drug Task Force in northeast Ohio. In that assignment, he worked cooperatively with the FBI, DEA, ATF, HUD and US Postal Inspection Service to successfully investigate and prosecute over one hundred felony cases.
He is a member of the International Association of Computer Investigative Specialists (IACIS), the High Technology Crime Investigator's Association (HTCIA) and the Narcotics Association of Regional Coordinating Officers (NARCO). Keith has instructed at the FBI National Academy, the ATF annual Computer Information Systems conference, the Kennesaw Southeast Cybercrime Institute, and many IACIS conferences. Keith holds a bachelor's degree in criminology from Kent State University and an applied associate degree in computer forensics from Redlands Community College.
Agenda
January 8, 2008
5:30-6:15 PM Registration, Networking, Cash Bar and Grill
6:15-6:20 PM Introduction of Speaker
6:20-7:20 PM Presentation
7:20-7:35 PM Question Period
7:35-7:40 PM Closing remarks
This meeting actually ran to 8:PM, taken 2 hours of meeting time.