Tuesday brought on the second day of CEIC, I awoke early to get some breakfast to take on the full day of classes. The first class I attended was “Field Triage and RAM Analysis,” where I learned why grabbing RAM is so important. The speaker, Matt McFadden, showed us a cool EnScript that allows investigators to run it off of a flash drive plugged into the suspects computer and grab the RAM data. The downside to this is that you mess with data on the suspects computer so McFadden warned us to always try to make the smallest footprint. I then went to see the second keynote speaker of the conference. The speaker was Joel Brenner and he talked about how vulnerable the US is when it comes to data theft. He pointed out that while outside sources are still mostly to blame for the data loss, insider threats are on the rise. He mentioned that the US has very hypocritical and confliction views when it comes to information. We want it both ways, we want to be able to have privacy but we also expect everyone to be transparent so we know what’s going on all the time. He told us about how foreign espionage is on the rise and that espionage has changed “from a retail to a wholesale business.” His ending points were that companies need to decide the level of risk they are willing to take on and that companies need to instill more effective policy. My second class of the day was “Finding Data on Wearable Computing Devices.” The speaker, Steve Watson, told us that wearable devices are on the rise and that there is a need to understand them and how to gather data from them so they can be used to help cases when found at a crime scene. He went over all kinds of wearable devices, he told us about the Omate Truesmart which is basically a computer on your wrist. He told us of the service, Android ADB as one of the ways to pull data from these wearable devices. As these are relatively new products, data collection on these devices is still in its early stages. After the wearable forensics class I had lunch, but there was a surprise presentation in the expo room where lunch was held. Julie Desautels and Chapin Bryce, Champlain College students, were there to present the acquisition of Google Glass Artifacts and Julie showed of her Capstone project that was on Google Glass. It was a very interesting and informative presentation, they did a great job! The next class I attended was “Challenges in Obtaining and Analyzing Information from Mobile Devices.” The speaker, Oleg Davydov, showed us the different data extractions from iOS, Android, and Blackberry while using the app WhatsApp as an example when showing of what data can be collected. He showed us the data analysis of each OS using the mobile forensic tool Oxygen and showed us the file location that we can find important information. Each OS has different file paths for this information. Something I found very interesting is with Blackberry, you don’t need to look at the device at all you just need to look at the Blackberry backup for the phone. The last class I went to was “SSD Forensics.” This class was all about the differences between hard disk drives and solid state drives. They talked about the challenges of gathering unallocated space with SSDs because the drive is told to wipe the blocks when a files is told to be deleted. I found the vast differences between the two drives and the challenges that come with gathering data off of solid state drives very interesting. That was the end of my second day at CEIC, I am very excited to attend my classes and learn a whole lot more tomorrow. Some other classes that were going on at CEIC are, “When Does Security Incident Response Reporting Become Actionable?”, “Working with Data Encryption During Collection and Processing”, “SQLite Forensics”, “Network Forensic Investigation of Hacking Incidents”, “Analysis and Correlation of Mac Logs” and many more. Scott Barrett