EXIF Data & USB Info: Taking Your Investigation to the Next Level

Bryan Franke
This computer lab will introduce attendees to EXIF data that can be found embedded within pictures. Attendees will learn what EXIF data is, what it contains, how to view it, how that data could enhance an investigation, and methods to document this information for the court, judge, and jury in an easily understood method. Ever wonder if someone has uploaded or downloaded information/programs/spyware via a flash drive? Have they connected a key logger to one of the USB ports? When you are executing a search warrant, would you like to know if the suspect has other storage devices or connected their phone to the computer to download pictures? Attendees will use a software tool and hands-on application of it to quickly answer these questions while still on scene. 

Facebook Advanced Searching & URL Manipulation
Lauren Wagner, Justin Fitzsimmons
Facebook is the largest worldwide social media website and contains a substantial amount of potential investigative information. In this computer lab, attendees will use Facebook graph search, which uses specific targeted terms that can show investigative material. The presenters will demonstrate how graph search works and explain how syntax, the structure of the search keywords and phrases, is vital to a successful search. Once a target profile has been identified, attendees will use Facebook URL manipulations to show content beyond what can be seen from the profile.

Field Search Lab (Pt.1 & 2)
Jim Tanner, Bryan Franke
This computer lab will provide hands-on training with Field Search, a widely used non-technical tool for conducting triage, consent searches, and compliance monitoring of computers in the field. Each attendee will receive a free, fully functional copy of Field Search v5, the latest significant upgrade to Field Search.

Must-Have Technology Tools
Lauren Wagner, Justin Fitzsimmons
This hands-on computer lab will introduce must-have software and methodologies. Topics will include Firefox add-ons such as Video Downloadhelper (to save videos from YouTube and other websites), and Screegrab (to save or copy websites). Also included will be Google searching techniques (Boolean operators) to make searching for information much more efficient and reliable. Google advanced operators, such as site: (to search only particular websites) and filetype: (to search only particular filetypes), as well as Google services such as Images (to search only images as well as reverse image searching techniques) and Scholar (to search only legal journals) will also be covered. Other software that will be introduced includes: Jing (screenshot and screencast software), VLC (for playing movies), Irfanview (for viewing images), and Audacity (for audio editing). 

Tracking Email Communication
Bryan Franke
Attendees will learn how to locate, view, and read email header data. They will also learn what resources are available to determine what Internet Service Provider (ISP) was used to send the email; where and how to serve preservation requests and legal process to said ISP; and what some email services do to change the email header data and how that impacts an investigation. Attendees will also learn how to geo-locate a general area for the possible suspect before getting the physical address from the ISP. These skill sets will then be applied to a variety of emails while in the lab. Various methods of documenting these activities for future court proceedings will also be addressed.

Twitter Investigations
Lauren Wagner, Justin Fitzsimmons
Twitter has quickly become the go-to medium for today's instant communication, proven by the fact that there are 6,000 tweets per second. In this computer lab, Twitter searching will be introduced to allow searching for Twitter profiles, tweet keywords, and hashtags, as well as searching for tweets from a particular latitude and longitude. These Twitter searching techniques will include both standard and hidden Boolean operators, ensuring that investigators have access to the best possible evidence.