EXIF Data & USB Info: Taking Your Investigation to the Next Level
Bryan Franke
This lab will introduce participants to EXIF data that can be found embedded within pictures, as well as provide a software tool and hands on application of it to view EXIF data. Learn what EXIF data is, what it contains, how to view it, how that data could enhance your investigation, and methods to document this information for the court, judge, jury in an easily understood method.

Ever wonder if someone has uploaded or downloaded information/programs/spyware to or from your computer via a flash drive? Have they connected a “keylogger” to one of your USB ports? When you are executing a search warrant wouldn’t you like to know if the suspect has other storage devices or digital cameras you have not found; connected their phone to the computer to download pictures? This session will give participants a software tool and hands on application of it so you will be able to find out quickly while still on scene. 


Facebook Advanced Searching & URL Manipulations
Justin Fitzsimmons, Lauren Wagner, Dean Chatfield, Timothy Lott
Facebook is the largest worldwide social media website and contains a substantial amount of potential investigative information. In this hands-on computer lab, attendees will use Facebook graph search, which uses specific targeted terms that can show investigative material. The presenters will demonstrate how graph search works, and explain how syntax--the structure of the search keywords and phrases--is vital to a successful search. Once a target profile has been identified, attendees will use Facebook URL manipulations. URL manipulations can show content beyond what can be seen from the profile.


Must-Have Technology Tools
Justin Fitzsimmons, Lauren WagnerDean Chatfield, Timothy Lott
This hands-on computer lab will introduce must-have software and methodologies. Topics will include Firefox add-ons such as Video Downloadhelper (to save videos from YouTube and other websites), and Screengrab (to save or copy websites). Also included will be Google searching techniques (Boolean operators) to make searching for information much for efficient and reliable. Google advanced operators, such as site: (to search only particular websites) and filetype: (to search only particular filetypes), as well as Google services such as Images (to search only images as well as reverse image searching techniques) and Scholar (to search only legal journals) will also be covered. Other software that will be introduced includes: Jing (screenshot and screencast software), VLC (for playing movies), Irfanview (for viewing images), and Audacity (for audio editing).

Tracing Email Communication
Bryan Franke
When you are investigating a case that involves email, can you find out where it came from, what service was used to send it, which network was used to send it? Participants will learn how to locate, view, and read email header data. You will learn what resources are available to determine what Internet Service Provider (ISP) was used to send the email; how to locate where and how to serve preservation requests and legal process to said ISP; and what some email services do to change the email header data and how that impacts your investigation. Participants will also learn how to geo-locate a general area for the possible suspect before you get the physical address from the ISP. These skill sets will then be applied to a variety of emails while in the lab. Various methods of documenting these activities for future court proceedings will be addressed, as well.


Twitter Investigations
Justin Fitzsimmons, Lauren WagnerDean Chatfield, Timothy Lott
Twitter has quickly become the go-to medium for today's instant communication, proven by the fact that there are 5,000 tweets per second. In this hands-on computer lab, Twitter searching will be introduced to allow searching for Twitter profiles, tweet keywords and hashtags, and even searching for tweets from a particular latitude and longitude. These Twitter searching techniques will include both standard and hidden Boolean operators, ensuring that investigators have access to the best possible evidence.