By browsing this site, you are agreeing to our cookie policy. More Information

My Thoughts on CEIC 2015

Digital Forensics | May 28, 2015

CEIC 2015 is Over

This year’s CEIC is over. After a long and relaxing holiday weekend, it feels almost like it was months ago. I really enjoy being involved with CEIC every year because it gives me a chance to catch up with old friends and meet new ones. The real reason (at least the one we tell our bosses) we all go to CEIC is for the great sessions. There were so many of them this year that I wish I could have cloned myself to see them all. To make it a bit more difficult, CEIC is not just a training conference for me since I am part of the team putting it on. I wanted to put down some of my experiences from this year.

The most rewarding thing to me during the entire conference is to hear from past students about their success in completing the EnCE certification. The only way to achieve that cert is by dedication and perseverance. I get thanks from them for teaching classes they attended, but I didn’t take the test. Their excitement and enthusiasm is infectious and I love it! Congratulations to everyone who passed the 1st phase during CEIC, and good luck on the 2nd.
 
If you didn’t get to attend CEIC this year, you missed a good one. Try again for next year, and I think you will be well rewarded.

Some Sessions

Because I am part of the setup and operations of CEIC, I am not usually able to attend full session, but there are a few that I really enjoyed that I wanted to give mention to.
Monday started off great hearing about new features in IEF from Jamie McQuaid and Rob Maddox of Magnet Forensics in Investigating a User’s Internet Activity across Computers, Smartphones and Tablets. This team knows how to stay on top of industry trends and to enhance their tools with a quick response. It is great to know that Guidance has a partner dedicated to examiners like we are.
 
A must-see for me is Tracking the Use of USB Storage on Windows 8 by Colin Cree. He has been researching USB artifacts on Windows for many years, and somehow seems to find new intricacies every year. No disappointment this year!
 
It’s a safe bet on the SANS crew. I enjoyed APT Attacks Exposed: Network, Host, Memory and Malware Analysis since you can never learn too much about how others operate and think. It helps us all grow, and I am glad that Rob LeeAnuj SoniChad Tilbury, and Jake Williams are sharing their experiences.
 
I am a firm believer in everyone learning to code as a skill. Mari DeGrazia and Ron Dormido laid out a great foundation in Practical Python Forensics for those wanting to learn Python as their language. Extra points since they showed how to integrate EnCase and Python!
 
Memory forensics has become a huge source of information in all types of investigations, and Jamie Levy knows this better than most. As a part of the Volatility team, she is an immense resource and shared it in Rootkits, Exfil and APT: RAM Conquers All to help us all. I learned a lot about using Volatility from this session. I also learned about her twitter handle outside of the session, but leave it to her to spread that.

My Sessions

I had a lot of fun this year talking in my sessions. I talked about how you can expand EnScript with .NET and Python code. It was exciting to me since everyone seemed to also be excited about the possibilities. I also got a chance to speak with Matt McFadden about EnCase Portable and the huge potential it has for examiners. Got to share how I used Portable on a case to handle a location with 4 examiners and 60+ computers, and we were done before dinner! Talked to many after the session that were excited about using it at home.

Deserved Recognition

Lastly, I wanted to give some recognition for a couple people from the Guidance Software team that really make CEIC the conference that it is. The entire Guidance team works really hard for this event, but these two really make it shine.
 
There is a technical team that I am part of every year, and it is managed by Jamey Tubbs from the training division. He puts in a ton of hours, before many of you even register for CEIC, in working with the event team, hotel technical staff, and our computer rental vendor. Our conference is unique from many others because of the large scale labs with supplied computers, and it would not be the same without him.
 
Until you read from me again!
James Habben

    Load more comments
    Thank you for the comment! Your comment must be approved first

    Leave a Comment

  • comment-avatar


  • You May Also Like

    Digital Forensics

    Now Available OnDemand: Advanced Internet Examinat...

    Keep your skills up-to-date from the comfort of your home or office – no travel justification needed.
    Nov 19
    Digital Forensics

    Sneak Peek at One Piece of Our New Logo

    Since 1997, Guidance Software has had a look
    Nov 3
    Digital Forensics

    Best Practices in Recovering Data from Water-Damag...

    How successful have you and your agency been in responding to water-damaged devices?
    Oct 16