Mobile & Malware Forensics Day 2016

Friday 22 January 2016

10.00am - 4.00pm

Anglia Ruskin University, Cambridge Campus, East Road, Cambridge, CB1 1PT
The meeting will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).
Please enter through the Helmore Building and ask at reception.
Please note that there is no parking on campus.

Hosted by the Department of Computing & Technology, Anglia Ruskin University, BCS, The Chartered Institute for IT Cybercrime Forensics Special Internet Group and OWASP (Open Web Application Security Project) Cambridge Chapter.


OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.BCS, The Chartered Institute for IT Cybercrime Forensics Special Interest Group (SIG) promotes Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those groups and of the wider public.

The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on
aspects of computing and application security is a key part of this enhancement.


  • 10:00 - 10:30 Registration & Refreshments (LAB006)
  • 10:30 - 10:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University
  • 10:45 - 11:45 “EMMC Flash Memory Forensics (Chip On and Chip Off Techniques)” - Kevin Mansell - Control-F.
    Kevin is a leading authority on mobile phone forensics have developed and led courses for the National Centre for High Tech Crime (now part of the College of Policing), represented the UK at Interpol on mobile phone forensics and an international leading figure at conference keynotes on mobile device forensics. Kevin currently leads his own training and consultancy company specialising in digital
    forensics for mobile devices.
  • 11:45 - 12:45 “Malicious Web Backdoors and Script Injections in the Payment Card Industry” -Andrew Bassi & Benn Morris - Pen Test Partners PTP LLC
    A collection of ‘war stories’ from the trenches of Payment Card security, covering malicious web backdoors and script injection attack vectors from a technical and practical viewpoint. The talk will aim to demonstrate common attacks we see day to day and show how we technically appraise these attacks from a forensic standpoint. We will also attempt to cover the recent advances in terms of anti-forensic techniques and data extraction.
  • 12:45 - 13:45 Buffet Lunch & Networking (LAB006)
  • 13:45 - 14:45 “Peer to Peer (P2P) Botnets - Technology and Takedowns” - Stewart Garrick and Daniel Morris - Shadowserver Foundation
    Stewart Garrick has completed 30 years experience in Law Enforcement (27 years in the Metropolitan Police Service, and 3 in the UK’s National Crime Agency). Most recently, 4 years investigating cybercrime at an international level - both on the Met’s Police Central eCrime Unit and then in the National Crime Agency as a Senior Investigating Officer. He freely admits that cybercrime represented the steepest. He retired from public service in July 2015 and has now joined The Shadowserver Foundation - a not for profit, global organisation that is committed to making the Internet safer. Upon retirement he became a National Crime Agency Special and
    remains active in ongoing cybercrime investigations internationally. He has presented Master classes at Europol and sits on their Internet Security Advisory Board. He is also a member of the Interpol Global Cybercrime Experts Group.
  • 14:45 - 15:45 TBC - Malware Reverse Engineering or Mobile Application Forensics
  • 15:45 - 16:00 Session Wrap Up & Close

Get further information on travelling to the university.


Cybercrime Forensics event - 220116 (2) Cybercrime Forensics event - 220116 (1) 

Cybercrime Forensics event - 220116 (3) Cybercrime Forensics event - 220116 (4)


PDF Icon Decompiling Android Crypto Apps For Fun and Evidence - Alex Caithness (6.71MB)

PDF Icon Vote eMMC!