Welcome!

This is the official site for the Atlanta Chapter of the High Technology Crime Investigation Association! If you are a computer forensic investigator, Information Security professional, or work daily in solving computer crime you have come to the right site.

The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, and facilitate the interchange of data, experience, ideas, and methodologies relating to investigations and security in advanced technologies. We are one of over 37 chapters of the International HTCIA organization.

Our Atlanta chapter meets monthly to discuss personal experiences and emerging trends within Information Security and Data Forensics. Each meeting we have a guest speaker lecture on a a body of knowledge relative this arena. Think you have something to offer? Then tell us about it! We are always actively seeking new topics and speakers for our meetings.

What can we say? If you work in this field we want you to come to one of our meetings to learn more about us. Maybe you will find the meeting informative. Maybe you will make a new friend. Perhaps you will stumble upon a networking opportunity. The only way to find out is to come on by, stop in, and participate in our meetings! So check our calendar and stop on by.
 
 
 

Presentation TITLE: Processing X-Way Forensics Evidence

 


GENERAL: 

 

This lecture will be centered on the processing/reprocessing of some of the X-Ways forensic
software output capabilities. X-Ways provides an excellent process for retrieving meta-data

from files such as documents, graphics, link, pdf and other files. All of which is useful to the
investigator and the discovery process. However, the meta-data field which X-Ways creates is
not easily reprocessed in a text file or in a spreadsheet. The demonstration will show how to use
a custom program to take the meta-data field and parse it to a more usable list for examination,
or discovery. The X-Ways (html) report produces a significant amount of “noise” in the meta-
data information. Another program will show how to reduce the noise in the html report to that
which is usable and easily explained.

In addition, the following programs will be demonstrated:

A program to process eml (text) files and produce delimited data which contains ALL the header
information in a usable format ready for processing.

A program which can search files (including extracted free space) for items such as IP addresses,
SSN’s, Email addresses, Phone numbers, URL’s, and Credit card numbers. It produces an output
which can be easily imported to Excel for further manipulation.

The forensic copy program which can be used to forensically copy (and verify) file copies for
preservation.

And a method of “tagging” intellectual property will be shown. This process can possibly be
used to track/trace intellectual property when it shows up on a competitor’s computer system.

 

Speaker: Dan Mares

Dan Mares Is a 27-year law enforcement retiree. He began writing software programs to facilitate

the analysis of seized electronic data in 1986, and developed the Maresware suite of
investigative software programs.

Dan assisted in the development of: Seized Computer Evidence Recovery Specialist
and Computer Investigation in an Automated Environment courses at the Federal Law
Enforcement Training Center in Glynco, Georgia, and the Basic and Advanced Data
Recovery Classes at the National White Collar Crime Center.

Dan has been President and Vice President of the Atlanta area High Tech Crime
Investigators Association, and a member of the International Association of Computer
Investigative Specialists. He is a current board member of the ICFP (Institute
of Computer Forensics Professionals). Dan received the HTCIA 2006 Lifetime
Achievement Award. Dan is a Member of the AIU (American Intercontinental
University) Dunwoody Forensics Advisory Board (2006,2007)

Dan holds a number of computer forensic certifications.


Meeting Details:

Admission: FREE

Registration Required: Yes, to get a food headcount (come anyway even if registration is closed)

Date: May 9, 2013 – 11:30 AM to 1:00 PM

 

 
Click here to register!
 
 
 
REMEMBER - To get all the benefits you must be a member. Please join or renew your 2013 membership today! Click for a membership application HERE!