It was an exciting week in Las Vegas at the Computer and Enterprise Investigations Conference (CEIC) 2014. I would like to say thank you to Guidance Software for putting on the conference and also Champlain College for giving me the opportunity to attend. My flight to Las Vegas left Monday at 6 AM. After traveling for a good part of the day, I finally arrived at Caesar’s Palace where the conference was being held. After registering, I attended the Opening Keynote presented by Victor Limongelli, the president and CEO of Guidance Software. During the keynote, Limongelli discussed the next version of EnCase (version 8). After the keynote, I attended my first session of the conference, Optimizing Your System for Superior Performance. In this session, the speaker gave the results of tests he had conducted using various computer setups to find the best upgrades to increase performance. He tried to stress that optimizing your I/O channels will give the biggest performance increase. After finishing my session, I went to the welcome reception that was put on by Guidance. At the reception, I met up with the other students from Champlain and we went out to explore Las Vegas.
The next day of the conference started early with a breakfast at 7. My first session on Tuesday was SQLite Forensics. In this session, I learned about where SQLite was found and how to find data on devices that use SQLite. After this session was the first of two industry keynotes of the conference. The speaker for this keynote was Joel Brenner, a former national counterintelligence executive and author of “America the Vulnerable.” The rest of my day consisted of three very interesting sessions: Examination Reporting Made Easy, Advanced Computer Forensic Analysis, and SSD Forensics. In Examination Reporting Made Easy, I learned how to make a report for a case in EnCase and how to customize it to what I need for that specific case. Advanced Computer Forensic Analysis explained the importance of examining shellbags and the data that can be obtained from them. In SSD Forensics, I learned about the current issues of performing examinations of SSDs. The speakers in this session described their efforts to find a way to perform examinations on SSDs in a way that allows the data found to be used in court.
Wednesday started off with another breakfast provided by Guidance at 7. I had four sessions that I attended along with the second industry keynote. The keynote speaker was Justin Somaini, the Chief Trust Officer of Box. My four sessions on Wednesday were Defrag Forensics, secure data deletion, investigating corrupt iTunes backups, and future of Encase. Defrag Forensics explained how the defrag process affects the hard drive on a computer and how to show that the defrag process had been run on a particular drive. Secure Data Deletion was similar to the defrag forensics session, but focused on programs that were meant to securely delete data. The speaker showed different examples of programs and what evidence could be found on a hard drive that showed the program had been run. In investigating corrupt iTunes backups, I learned how iTunes backups were structured and how to link data found in them together. The future of EnCase session featured a live demo of EnCase version 8 while the speaker explained some of the new features coming to EnCase.
While I was not in a session, I would go to the Expo Hall, where companies set up booths that would demo the products or services that were offered. After talking with a few of the representatives, I came away with a number of companies that I would be interested in applying for an internship with.
On Thursday, the last day of the conference, I couldn’t attend any of the sessions that were being offered as I had to leave the hotel early to fly back home. I would definitely take the opportunity to go to CEIC again if I could.
Sophomore Champlain College