Computer-Forensics-Presentations-Victoria-BC-Defence-Lawyer

Presentations given:

Continuing Legal Education Society of BC: “Computer Forensics”

  • Paul Pearson: Faculty, Course Chair; Michael Mulligan: Faculty, Course Chair
  • Full day course instructed lawyers on an introduction to computer forensic concepts, examination techniques, as well as practical and legal issues.
  • Date: June 2011

Continuing Legal Education Society of BC: “Criminal Law: Special Issues”

  • Michael Mulligan: Faculty, Paul Pearson: Faculty
  • Mr. Mulligan and Mr. Pearson conducted the “Police use of computer forensics: an introduction for lawyers” session at a multi-topic CLE
  • Date: February 2011

CBA Criminal Section: Vancouver: “Introduction to Computer Forensics”

  • Michael Mulligan and Paul Pearson, presenters
  • Two hour session introduced criminal practicioners to computer forensic concepts and special criminal law considerations.
  • Date: Sept, 2010

CBA Criminal Section: Victoria: “Introduction to Computer Forensics”

  • Michael Mulligan and Paul Pearson, presenters
  • Two hour session introduced criminal practicioners in Victoria to computer forensic concepts and special criminal law considerations.
  • Date: June 2010

Training taken:

Neutrino – Mobile Phone Forensics – Los Angeles California

  • overview of mobile phone networks
  • how to identify mobile phones
  • how to work with various service providers
  • proper seizure techniques
  • a detailed understanding of all components that make up EnCase Neutrino
  • acquire data from mobile phones
  • acquire and examine SIM cards
  • examine the data that they have acquired
  • learn how to create logical evidence files with EnCase Neutrino
  • an overview of mobile phone data storage
  • how to use conditiona in EnCase Neutrino
  • how to report their findings

Advanced Internet Examinations – Washington DC

  • the history, operation and artifacts associated with peer-to-peer file-sharing applications such as BitTorrent™, LimeWire™ and BearShare.
  • the impact of Trojan viruses through examination of:
    • Defense issues
    • The Windows® Registry
    • Hash analysis
  • Anti-virus scanning and virus analysis using the EnCase® Virtual File System (VFS) Module and the EnCase® Physical Disk Emulator (PDE) Module
  • how to examine system monitors and key loggers
  • how to identify artifacts from instant message clients such as AOL® IM (AIM®) and Yahoo! ® Messenger
  • the operation of the Microsoft® Internet Explorer web browser with regards to typed URLs, password and form-data storage, cookies, Internet history and cache content
  • how web pages are constructed and will use this information, together with their new-found knowledge of cached Internet Explorer web content, to correctly rebuild web pages
  • artifacts introduced with Microsoft® Internet Explorer 7
  • the operation of web search engines
  • web-based email
  • Microsoft® Outlook PST structure and about viewing Lotus® Notes email data
  • the history, operation and artifacts associated with Mozilla-based web browsers (including Firefox)

Legal-Issues-Victoria-BC-Defence-Lawyer

Network Intrusion Investigations training – London England

  • The hacker mind and methodology
  • Common tool knowledge and hash sets
  • Incident response techniques and considerations
  • Understanding and processing volatile data
  • Networking 101
  • Network-based attacks
  • Network hardware devices
  • Firewall
  • TCP/IP overview
  • Core protocols and layering
  • Host enumeration and port and vulnerability scanning
  • Windows® file sharing and vulnerabilities
  • Hiding and manipulating data
  • Web server attacks
  • Remote access Trojans
  • Internet Relay Chat (IRC) bots
  • Windows rootkits
  • Buffer overflows
  • DCOM vulnerabilities
  • The Metasploit framework
  • SQL database attacks
  • Binary analysis

Advanced Computer Forensics training – Los Angeles California

  • Analysis of NT File System (NTFS) artifacts in Windows operating systems
  • Advanced NTFS data recovery
  • Examination of the Microsoft Windows Registry
  • Analysis and recovery of Microsoft Windows event log files
  • Hardware and software RAID technology, acquisition and examination
  • Principles of encrypted data recovery
  • Understanding and examining Windows BitLocker™ volumes
  • Linux and UNIX operating and file system artifacts
  • Linux partition recovery
  • Data acquisition using Linux
  • Understanding and examination of Macintosh disk and file system structure
  • Forensic examination of Macintosh computers
  • Macintosh OS X® operating system artifacts
  • Reinforcement of the EnCase® computer forensic methodology
  • Introduction to EnScript programming

Computer Forensics II training – Chicago Illinois

  • How to create and use of logical evidence files
  • How to locate and recover deleted partitions and folders
  • How to conduct keyword searches and advanced searches using GREP
  • Students will gain an understanding of the EnCase Virtual File System (VFS) and Physical Disk Emulator (PDE)
  • Students will learn about the Windows® Registry
  • Students will learn how to deal with compound file types
  • How to export files, directories and entire volumes
  • How to identify files using hash values and building hash libraries
  • How to identify Windows XP operating system artifacts such as link files, recycle bin, and user folders
  • How to prepare reports and evidence for presentation in court
  • How to recover artifacts such as swap files, file slack, and spooler files
  • How to recover printed and faxed pages

Computer Forensics I training – Houston Texas

  • What constitutes digital evidence and how computers work
  • An overview of the EnCase Computer Forensic Methodology
  • Basic structures of the FAT and NTFS file systems
  • How to create a case and how to preview/acquire media
  • How to conduct basic keyword searches
  • How to analyze file signatures and view files
  • How to restore evidence
  • How to archive files and data created through the analysis process
  • How to prepare evidence for presentation in court
  • How to verify the evidence file