Belkasoft at Techno Security & Digital Forensics Conference

iOS devices are becoming more and more complicated to acquire due to enhanced security and continuous advances in operating systems. This session will discuss the lifecycle of iOS versions and devices, to include major changes in iOS updates, what implications they bring to examiners, how forensic tools continue to evolve to attempt to obtain as much data as possible from these devices, and additional roadblocks and workarounds for the everyday digital forensic examiners or investigators.

John Asmussen
Digital Forensic Trainer—Belkasoft

This is the second of two sessions designed for digital forensics investigators and cyber incident responders who want to learn more about SQLite forensics and how to extract as much information as possible from their data sources. SQLite is a widely popular database format that is extensively used across many different platforms. Both iOS and Android devices use SQLite as a storage format of choice, with built-in and third-party applications relying on it to store and organize their data. Examples include WhatsApp, Telegram, Chrome, and thousands of other applications, including a wide range of desktop applications. As such, every digital forensics investigator and cyber incident responder must understand the various SQLite features and peculiarities, and use the proper DFIR tools for their investigation. In this session, we will dive into advanced SQLite forensics, covering SQL queries, specific features of Belkasoft X viewer, data conversions, and artifact extraction from SQLite databases.

If you attend this presentation, you will receive the Blue Belkasoft challenge coin.

John Asmussen
Digital Forensic Trainer—Belkasoft

“How was the network initially compromised?” This is the question that cyber incident responders hear every time they're called to do their job. Nowadays, most cyberattacks—including advanced targeted attacks—start from a simple phishing email with a weaponized attachment or web link. In this presentation, we will examine the most common initial infection vectors and show how Belkasoft X can help incident responders and forensic analysts find the necessary evidence. Additionally, we will discuss the common forensic artifacts that point to code execution on Windows systems. Join us as we explore the trail that cyber attackers leave behind and the methods to track them down.

If you attend this presentation, you will receive the Green Belkasoft challenge coin.

John Asmussen
Digital Forensic Trainer—Belkasoft

Looking to dive into the complex world of Android forensics? Look no further than this presentation with Belkasoft X! With the sheer variety of Android devices on the market, digital forensic investigators need to have a nuanced understanding of each vendor's specific models and their unique characteristics. Join our expert for an in-depth exploration of the many factors that go into acquiring data from a diverse array of Android phones, including those powered by Qualcomm, MediaTek, Spreadtrum, and many more. You'll come away from this session equipped with the knowledge and techniques you need to confidently tackle any Android forensic investigation using Belkasoft X.

If you attend this presentation, you will receive the Yellow Belkasoft challenge coin.

John Asmussen
Digital Forensic Trainer—Belkasoft

In this presentation, we'll provide an in-depth review of macOS system artifacts and demonstrate why they are crucial in DFIR investigations. We'll explore how to analyze APFS and various artifacts to uncover evidence of user activity and system settings, and network connections, including autoruns, notifications, and preferences. Our expert speaker will also discuss the T2 security chip and its forensic implications. We'll demonstrate how to acquire data from devices with the T2 security chip using Belkasoft X and highlight the challenges associated with this type of acquisition. Finally, we'll delve into the world of macOS application artifacts and showcase how Belkasoft X can extract and analyze data from various macOS applications. You'll learn how to uncover vital information that can help piece together a timeline of events, and demonstrate the capabilities of the tool when it comes to application artifact analysis.

If you attend this presentation, you will receive the Red Belkasoft challenge coin.

John Asmussen
Digital Forensic Trainer—Belkasoft

Get ready for a wild ride as we take a deep dive into the latest Belkasoft X product! This session is packed with tricks and tips that will help you become a more effective investigator and save precious time. We'll explore how Belkasoft X supports heterogeneous device cases, including computers, mobiles, drones, and clouds, making it easier than ever to extract and recover critical artifacts. With out-of-the-box extraction capabilities and powerful automation tools, you'll be able to streamline your workflow and supercharge your investigation process. But wait, there's more! We'll also take a look at the exciting cloud execution capabilities of this amazing tool and the ways to orchestrate your workflow including both Belkasoft and third-party tools. Don't miss out on this epic presentation! In this session we will discuss the ways the latest Belkasoft X product allows you to be more effective and save your time with multiple usable tricks. We will discuss heterogeneous device cases (having computers, mobiles, drones and clouds inside the same case), out-of-the-box artifact extraction and recovery, automation and orchestration Belkasoft and other tools inside your workflow, and complete the presentation with discussion of powerful cloud execution capabilities of the tool.

If you attend this presentation, you will receive the Ultimate Belkasoft Coin Rack Holder, which will hold together all the coins you collected on other tracks we had (red, yellow, blue, and green). Learn how to become a better DFIR investigator with Belkasoft and at the same time make your Belkasoft TechnoSecurity coin collection complete!

John Asmussen
Digital Forensic Trainer—Belkasoft

SQLite databases are the most widely used and established databases for mobile devices due to their lightweight structure, no requirements for dependencies, and full control by developers. This session will dive deep into SQLite databases, covering content ranging from basic to advanced. The talk will cover different components such as Pages, Freelist, Journal Files, Write Ahead Logs, Unallocated space, and the importance of performing your SQLite examinations within a forensic viewer

John Asmussen
Digital Forensic Trainer—Belkasoft

In today's threat landscape, bad actors are not just content with gaining initial access to a target network, but rather they aim to establish a persistent presence and move laterally to compromise larger networks. In this session, we will examine the most common techniques used by attackers to achieve persistence and lateral movement. We will review the persistence mechanisms and files widely used in cyberattacks targeted at Windows devices and the most common techniques adversaries use for lateral movement. We will also demonstrate how Belkasoft X can help cyber incident responders in uncovering the tactics and techniques used by cyber threat actors. With Belkasoft X, investigators can trace every move of the attackers, identify the lateral movement paths, and detect the persistence mechanisms that cybercriminals use to maintain control over the compromised systems. In addition, we will cover the use of YARA rules and Sigma rules, which are powerful tools for detecting and classifying malware and suspicious activities. Join us to learn how Belkasoft X can help you in unmasking the intruders and tracing their every move.

If you attend this presentation, you will receive the Green Belkasoft challenge coin.

John Asmussen
Digital Forensic Trainer—Belkasoft