[Owasp-cambridge] Updated Program - Joint OWASP Cambridge & BCS Cybercrime Forensics SIG "Mobile and Malware Forensics" Day - Friday 22nd Jan 2015 - ARU Cambridge
adrian.winckles at owasp.org
Tue Jan 19 00:06:52 UTC 2016
Some recipients failed to receive the PDF flyer I sent round before so please find below the updated program for Fridays event.
Please register as we do have some places remaining.
Joint OWASP & BCS Cybercrime Forensics SIG
“Mobile & Malware Forensics Day” 2016
Friday 22nd January 2016 10:00 – 16:00, Lord Ashcroft Building (LAB002), Anglia Ruskin University, Cambridge.
Hosted by the Department of Computing & Technology, Anglia Ruskin University, British Computer Society (BCS) Cybercrime Forensics Special Internet Group and OWASP (Open Web Application Security Project) Cambridge Chapter
OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.
The British Computer Society (BCS) Cybercrime Forensics Special Interest Group (SIG) promotes Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those groups and of the wider public.
The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement.
10:00 – 10:30 Registration & Refreshments (LAB006)
10:30 – 10:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University
10:45 – 11:45 “EMMC Flash Memory Forensics (Chip On and Chip Off Techniques)” – Kevin Mansell - Control-F
Direct eMMC’ (also known as In-system Programming or ISP) is used to perform physical extractions of Android & Windows Phone handsets & tablets which may not be possible with commercial forensic tools. Not only that, the techniques can be applied to many TomTom satnav units as well as a range of other devices which use eMMC flash memory chips internally. Direct eMMC is similar to JTAG in that it is a non-destructive method for performing a physical extraction via connections on the printed circuit board of the device..
Kevin is a leading authority on mobile phone forensics have developed and led courses for the National Centre for High Tech Crime (now part of the College of Policing), represented the UK at Interpol on mobile phone forensics and an international leading figure at conference keynotes on mobile device forensics. Kevin currently leads his own training and consultancy company specialising in digital forensics for mobile devices.
11:45 – 12:45 “Malicious Web Backdoors and Script Injections in the Payment Card Industry” -Andrew Bassi & Benn Morris – Pen Test Partners PTP Cosnulting LLC
A collection of ‘war stories’ from the trenches of Payment Card security, covering malicious web backdoors and script injection attack vectors from a technical and practical viewpoint. The talk will aim to demonstrate common attacks we see day to day and show how we technically appraise these attacks from a forensic standpoint. We will also attempt to cover the recent advances in terms of anti-forensic techniques and data extraction.
Benn Morris is a founder Partner, QSA, PFI and CREST Certified Incident Manager and Assessor. With an extensive Forensic career spanning both public and private sectors, Benn works closely with many large organisations, merchants, acquiring banks and credit card schemes to prevent and contain compromises of sensitive data.
Andrew Bassi is Payment Card Forensic Investigator and Chief Technology Officer for PTP Consulting.
12:45 – 13:45 Buffet Lunch & Networking (LAB006)
13:45 – 14:45 “Shadowserver: Recent Activities and Big Security Data” – Stewart Garrick and David Watson– Shadowserver Foundation
The 501c3 non-profit Shadowserver Foundation collects many types of large scale security data sets and freely provides daily infection data to network owners for remediation purposes. It regularly works with national CERTs, ISPs/hosting companies and law enforcement agencies combating malware, botnets and cybercrime activities. This presentation will provide an overview of how such data sets are collected and processed, the size and scale of its infrastructure and systems.Shadowserver is currently sinkholing XCodeGhost - iOS malware.
Stewart Garrick has completed 30 years experience in Law Enforcement (27 years in the Metropolitan Police Service, and 3 in the UK’s National Crime Agency). Most recently, 4 years investigating cybercrime at an international level - both on the Met’s Police Central eCrime Unit and then in the National Crime Agency as a Senior Investigating Officer. He freely admits that cybercrime represented the steepest
He retired from public service in July 2015 and has now joined The Shadowserver Foundation - a not for profit, global organisation that is committed to making the Internet safer. Upon retirement he became a National Crime Agency Special and remains active in ongoing cybercrime investigations internationally. He has presented Master classes at Europol and sits on their Internet Security Advisory Board. He is also a member of the Interpol Global Cybercrime Experts Group.
David Watson has been a member of the Shadowserver Foundation since 2008, is one of their Directors and is currently building and operating a large scale distributed honeynet sensor system for them. He is also the Chief Research Officer and a Director of the 501c3 non-profit Honeynet Project, helping to co-ordinate the development and deployment of honeynet related security tools worldwide. David regularly presents and teaches hands on training classes internationally, and is a recognised expert in his field.
14:45 – 15:45 “Decompiling Android Crypto Apps for Fun and Evidence” - Alex Caithness – CCL Forensics
Encryption is becoming an everyday issue for digital investigators; whether this is in communication data or any number of “file-locker” apps. Multiply this issue by the number of apps available in the various app stores and we are faced with large amounts of potential information which could be inaccessible to us. All is not lost though: in many cases all of the information required to decrypt the data is held on the device – you just need to discover how the application uses it. During this presentation we’ll explore how decompiling and reverse engineering Android applications can reveal the inner workings of their encryption mechanisms, what tools and techniques you can use to achieve this and a number of case studies detailing previous success stories.
Alex Caithness is a compulsive hex fiddler, regex wrangler, Python evangelist and member of the R&D team at CCL-Forensics. Over the past few years he has spent his time trying to devise ways of getting hold of more and more interesting data whilst making the data he already has more interesting, especially with regards to mobile devices. As well as developing the internal capabilities at CCL, he has also written a number of commercially available forensic tools including "Epilog" as well as open source scripts and modules.
Alex has also spoken at a number of conferences and provided training on subjects including digital fundamentals, the Python scripting language and the tools that he has written.
15:45 – 16:00 Session Wrap Up & Close
To register for this free event, please register online at
The meeting will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).
Please enter through the Helmore Building and ask at reception.
Anglia Ruskin University
Please note that there is no parking on campus.
Get further information on travelling to the university.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cambridge