Kevin Ripa, is the President of The Grayson Group of Companies and Vice President & Past President of the Alberta Association of Private Investigators. He is a former member of the Department of National Defence, serving in both foreign and domestic postings. He is now providing superior service to various levels of law enforcement, Fortune 500 companies, and the legal community, and has assisted in many complex cyber-forensics investigations around the world.
Mr. Ripa is a respected and sought after individual for his expertise in Information Technology investigations, and he has been qualified as an expert witness on numerous occasions. He also gives training and lectures to industry and law enforcement around the world, and teaches SEC301, SEC401, and FOR500 for the SANS Institute. Mr. Ripa has authored numerous articles and chapters in circulation, for a number of manuals, books, and training texts on the subjects of Computer Security and Forensics.
Digital Forensics on the International Stage
It is said that approximately 30% of investigations today involve a computer related offence. However, at least 99% of all investigations will have some kind of evidence sitting in the digital realm. Whether it is on a hard drive, deleted from a hard drive, on a cell phone, GPS, camera, Internet of Things device, pretty much anything some will do is being logged or tracked somewhere. Alexa? Yes she is listening. And so is Siri. Ever wonder if they compare notes? You can’t move on the Internet without being tracked. (No, Duck Duck Go does not make your searches anonymous). So what can you as an investigator do about all this potential evidence?
This lecture is NOT your typical “yes we can get deleted stuff” presentation. We will be talking about proper seizure techniques of media when you find it. We will be covering what you can and cannot do yourself, with evidence. Certainly we will be talking about what is available on devices, but we will be talking beyond the simple lists you are used to. Cellular devices? Yes we will discuss these too. What about seizing evidence in other countries? How do we respond to such events, and is there a difference?
Finally we will be discussing and debunking the often used line of “…I don’t need to do it forensically because it will never go to court…”. Bring your notebooks, questions, and seatbelts. This will be the fastest firehose deliver of understandable tech that you have ever sat in on!