Department of Defense Cyber Crime Conference 2011

The DoD Cyber Crime Conference focuses on all aspects of computer crime and incident response including intrusion investigations, cyber crime law, digital forensics, information assurance, cyber crime investigations, as well as the research, development, testing, and evaluation of digital forensic tools.

The goal is to prepare attendees for the new crimes of today and the near future. Speakers will discuss new approaches and new perspectives. The conference is sponsored by the DoD Cyber Crime Center.

The 2011 DoD Cyber Crime Conference will be held January 21- 28, 2011 at the Hyatt Regency Hotel in Atlanta, GA.

Department of Defense Cyber Crime Conference 2011

Cyber Crime Conference Schedule

The schedule for the 2011 Department of Defense Cyber Crime Conference is as follows:

Pre-Conference Training: January 21-24, 2011
Conference: January 25-28, 2011
Exposition: January 25-27, 2011

Who Can Attend the Cyber Crime Conference

In order to attend the conference you must meet the below criteria:

  • DoD personnel
  • DoD-sponsored contractors
  • Defense Industrial Base (DIB) Partners  (CIPAC)
  • Federal, state and local law enforcement
  • U.S. sponsored government representatives working in the following fields:
    • Counterintelligence Special Agents
    • Criminal Investigators
    • Computer Forensics Examiners
    • Prosecutors – federal, state, local, military
    • DoD Information Assurance/Systems Administrators
    • Computer Forensics Research and Development Personnel
    • Federal, State and Local Law Enforcement
    • Educators in federally funded information assurance program, like CyberCops or National Centers of Excellence for Information Assurance
  • U.S.-sponsored government representatives from Australia, Canada, the United Kingdom and New Zealand

Registration Fees

Registration is open for the 2011 Cyber Crime Conference, and closes on January 14, 2011. The registration fee schedule is as follows:

  • Early Registration (ends December 31, 2010)
    • Government Attendee: $400
    • Industry Attendee: $575
    • Fee includes: Tuesday night reception and all activities from Tuesday morning through Friday. This does not include the pre-conference training.
  • Late Registration (after December 31, 2010)
    • Government Attendee: $500
    • Industry Attendee: $675
  • Speaker Registration
    • Fee: $150
    • Fee applies only for those attending conference sessions (the conference sessions begin Tuesday morning and end Friday).
    • Fee includes: The reception and all activities.
  • Classified Training (Cyber Counterintelligence)
    • Fee: $80
    • Clearances must be submitted no later than 4 January 2011.
  • Exhibitor Registration
    • Fee: $135
  • Press Registration
    • Fee: $0
    • Press can attend the general session on January 25, 2011

Training Sessions for Cyber Crime Conference 2011

The 16 training sessions that will be available at the 2011 DoD Cyber Crime Conference are as follows:

DoD Cyber Crime Conference Training SessionFollow the Script Please!
This workshop will introduce students to the concepts of writing and editing scripts to automate incident response activities. Students will learn how to author and edit incident response scripts for Windows and Linux environments. This session is intended for beginners and those who simply need a refresher.

Advanced Network Intrusion Traffic Analysis
Attendees will learn how to identify intrusion traffic, understand the techniques used by the attacker, and how to reconstruct the intrusion traffic. Attendees will also learn how to identify the attack vector and mitigate loss and secure the vulnerability using Wireshark, Netwitness and Snort.

Analyzing Malicious Carrier Files
This class will cover the fundamentals of analyzing malicious carrier files such as PDFs, Microsoft Office documents, and CHM files, used in spear phishing attacks. They will cover the structure of common carrier file types and methods for recognizing, extracting, deobfuscating and analyzing embedded scripts and shellcode. They will then leverage this embedded logic to enable accurate extraction of any additional payloads found within the carrier file. This course will be a combination of file-level forensic examination and malicious code analysis.

Introduction to Botnets

Botnets are a significant part of the Advanced Persistent Threat (APT) facing corporate and government networks today. This course introduces botnets and gives the students an opportunity to get hands-on experience setting up and running a self-contained botnet.  In addition, students will look at the evidence left behind from a botnet compromise in network traffic and Windows system artifacts.

Introduction to Cyber Analysis: Teaching an Old Dogma New Tricks

Cyber analysis is a growing field that combines traditional analysis with the highly technical concepts of network intrusions to determine how various incidents are connected. This course provides an overview of cyber analysis as it applies to the network intrusion problem, and covers a basic overview of network intrusions and electronic artifacts, an introduction to basic Analyst Notebook use, and an introduction to analyzing the data.

Introduction to EnCase for Prosecutors and Case Agents
A quality computer forensic examination is worthless if the communicated results are not understood by the consumer. This course will cover some of the basic terminology, functions, capabilities and limitations of a common primary forensic tool used during forensic examinations.

Intro to Malware Analysis Techniques
This course teaches fundamentals and concepts involved in malware analysis at a basic level. Malicious code is often found on computer systems during network intrusion investigations. The main goals of analysis are to assess an executable to discover its functionality, and to identify the artifacts of its presence and usage.

Mac Forensics – 2011
This training addresses forensic examinations of Mac systems (OS X). They will approach the Mac platform with traditional forensic methods using EnCase to find and analyze OS X artifacts. They will also use OS X to examine exported OS X specific data which can best be viewed in its native environment.

Network Exploitation Analysis Techniques
This training session combines the disciplines of Pen Testing, Information Assurance, and Forensics into a unique opportunity to learn the components of a network attack, the traffic the attack generates, and the artifacts left behind. Presenters will use Metasploit to launch attacks while monitoring network traffic for analysis. After examining the captured traffic, forensic artifacts of the attack will be identified and discussed.


This course will teach students how to use the TUX4N6 digital triage tool to safely preview the active files on a suspect computer in a forensically sound manner.  The TUX4N6 tool is based on the Linux operating system and has the advantage of being able to “read” other computer system’s files without writing to or altering the data on those systems. Students will be taught how to conduct a manual search of a computer, use automated features to search the computer for keywords and specific file types, and how to save evidence to external storage media.

Online Anonymity
In this course, tools and methodologies will be demonstrated and provided that will enable an examiner or investigator to conduct information gathering efforts while obfuscating their source location.

Pen Testing 101
This training session will introduce open source pen testing tools and methods to students. You’ll learn the importance of Rules of Engagement for both tester and target.  Then you’ll dive into a white box test to prepare for the black box test at the end of the session.

Snort for Network Analysis
This training session is intended for incident responders and anyone with a desire to learn how to use Snort to analyze network traffic. Attendees will use Snort to quickly gain insight into the analysis of previously captured network traffic to locate particular files, or types of files, and for “anomalies” that are indicators of an intrusion.

Windows Incident Response
This course focuses on response in a Windows environment. Topics addressed include search and seizure, and incident response with Windows 2003 server.

Wireless Technology Workshop
This session makes use of practical, hands-on exercises to present and reinforce wireless technologies and techniques.  Attendees will learn how to use various wireless technologies and walk away knowing both the strengths and weaknesses of commercial wireless solutions.  Attendees will utilize Bluetooth and WiFi technologies, and learn open-source as well as proprietary attacks to exploit their inherent weaknesses.  Attendees will also capture and analyze open and encrypted data traffic with Wireshark and other open source tools.  Further, the presenters will cover methodologies to secure wireless networks, and techniques to scan for hidden access points and other wireless devices.  Other topics that will be presented include cracking tools, accidental association, direction finding, creating wireless heat maps, and denial of service.

Cyber Crime Conference Training Session

Windows 7 Forensics
Among the topics that will be discussed are: Libraries, Jump Lists, Pinning, Gadgets, Thumbnail Caching, Sticky Notes, exFAT, System Protection and Backup (Windows Backup, System Image, Previous Versions, Volume Shadow Copies), Virtualization, XP Mode, Registry, SuperFetch, Windows Search, Indexing, BitLocker and BitLocker to Go.

SANS Metasploit Kung FU Training Sessions

Metasploit was designed to help testers with confirming vulnerabilities using an Open Source framework. This course will help students get the most out of this free tool. This class will provide students with an in-depth understanding of the Metasploit Framework, and show them how to apply the capabilities of the framework in a comprehensive penetration testing and vulnerability assessment regimen. The class will cover exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws. The course will also cover many of the pitfalls that a tester may encounter when using the Metasploit Framework and how to avoid or work around them, making tests more efficient and safe.

Classified Training Session

The classified session will focus on cyber counterintelligence topics in the following areas:

  • Cyber CI Policy both at the National and DoD levels
  • Cyber CI training both at the National and DoD levels
  • What the DoD services are seeing from State and Non-State actors in terms of Cyber CI
  • What the DoD services are doing in regards to Cyber CI
  • National level program with a Cyber CI focus

The briefings will center around the tactics, techniques, and procedures along with updates on current policies, investigations and operations from the services and National level agencies.  Due to the sensitive nature of the Tactics, Techniques and Procedures (TTPs), policies, investigations and operations the session will be classified Secret//NOFORN.

More on the 2011 DoD Cyber Crime Conference

If you have any questions on the conference, email

Do you plan on attending this conference or any other security conference in 2011?

Leave a Reply

Your email address will not be published. Required fields are marked *