July 2019
Mon Tue Wed Thu Fri Sat Sun
































Upcoming Events

Simplepie detected an error. Please run the compatibility utility.
The following Simplepie error occurred:
A feed could not be found at http://www.google.com/calendar/feeds/htciaontario%40gmail.com/public/full?futureevents=true&sortorder=ascending&orderby=starttime&singleevents=true&hl=en-GB&ctz=America/Toronto&max-results=5

Login Form

January 2012 Meeting PDF Print E-mail
Written by Barry Kuang   
Monday, 23 January 2012 16:07

Greetings HTCIA Members,

Welcome back to the 2012 HTCIA Ontario Chapter. We are hoping this is going to be a great year for us all.

HTCIA is more than just a professional associationl it's an opportunity for you to connect with other investigators, receive training, and get answers that you might not otherwise have access to. In face, any chance you have to expand your network -- whether locally or nationally or internationally via any of our channels -- is a chance to improve your investigative knowledge, skills and abilities.


Our first meeting of the year will be:


Thursday 26 January 2012

Toronto Police College
70 Birmingham Street,
Toronto, Ontario


Link to map:



This month our topics will include:

How to Succeed in the Business of Detecting Data Exfiltration Done by Copying Without Really Having Any Apparent Artifacts to Work with

Dr. G.S. Graham will entertain and dazzle us on how,  'Stealing IP and PI and other initials by copying is a growth industry. When done by an insider who would normally have the authority to access the information, it is difficult to detect. Jonathan Grier addressed this topic in an interesting paper at the 2011 Digital Forensics Research Workshop (DFRWS). The context for his investigation was analyzing the filesystem, where there are no apparent artifacts for a copying operation (even in the Windows Registry).'  Dr. G.S. Graham will present his approach in this talk.

The topic should be of interest to enterprise investigators dealing with disgruntled employees and to law enforcement officers dealing with the production of illicit information.


Mr. Maurice Ragogna will conduct a demonstration of the “All Access Pass” training offered by ChappellU.  This “ All Access Pass” includes unlimited access to a variety of courses covering network analysis, troubleshooting and security.

Some of the most popular courses include:

  • Core 1: Wireshark Functionality and TCP/IP Analysis
  • Core 2: Wireshark Network Troubleshooting/Security
  • CS42: Hacked Hosts
  • CS43: Analyze and Improve Throughput
  • CS44: Top 10 Reasons Your Network is Slow
  • CS53: Wireshark 1.4 New Features
  • CS50: WLAN Analysis 101
  • CS60: Troubleshooting with Coloring Rules
  • CS61: Tshark Command-Line Capture

This topic should be of value to those who have a limited training budget.

So come on out and enjoy what should be a great and rewarding meeting for all!!

Membership Renewal:

Renew your membership today! To renew your dues online, visit www.htcia.org, link to "members area/member login" and enter your user name and password.

If you have already renewed your dues, thank you for your continued support!


2012 HTCIA Ontario Chapter Executive Committee

Ben Whittaker -- President
G. Scott Graham -- 1st VP
Matthew Ross -- 2nd VP





Last Updated on Monday, 23 January 2012 16:17
Canadian Police Services Live Analysis Workshop PDF Print E-mail
Written by Barry Kuang   
Thursday, 24 November 2011 18:30

For the first time, the Canadian Police College, Technological Crime Learning Institute in Ottawa is offering one of our computer forensic courses to the private sector.  It is normally only for the law enforcement.  This event is a 4 day Live Analysis workshop for extracting items of evidence from RAM.


"NEW for this Workshop ONLY: Any person in the private sector that is working closely with law enforcement may attend this workshop. Please send your registration form before December 10th, 2011.

Canadian Police College: Live Analysis Workshop


This four-day workshop is designed for technological crime investigators who may be required to seize and / or analyze system information or memory contents from live computers. It looks at memory structures along with the different types of system information available on live computers.

It also addresses the proper methodology and techniques for seizing memory and system information from live computers. Techniques for extracting images, passwords, chat logs, documents, and other artefacts from volatile data will also be covered as will the basic interpretation and analysis of live system information.

The focus of the workshop is to give the investigator confidence in seizing volatile data from live computer systems, and to give the investigator the necessary skills to perform a basic analysis of the seized data.


  • Windows memory architecture basics
  • Methodological concerns
  • Tools and techniques for acquiring computer memory
  • Tools and techniques for searching and recovering artefacts from memory
  • Tools and techniques for acquiring system information
  • Interpretation and possible responses to system information


  • To be eligible to register in the Live Analysis workshop at the Canadian Police College (CPC), a potential participant must be either:
  • an employee of a Canadian or an international police service
  • an employee with Peace Officer status from a Canadian government agency (federal, provincial or municipal)
  • an employee who has an investigative mandate within an agency from the public or private sector

Technical knowledge criteria:

Individuals must have successfully completed a course of training in computer forensic analysis (e.g. EnCase, CMPFOR, etc.).


  • Canadian Police: $500
  • Canadian Agencies / Private Sector: $700
  • International: $900


January 24-27, 2012. 8am to 4pm. (Four days)
Canadian Police College
1 Sandridge Road

Contact Information: CPC Registrar – 613-993-6033 or This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Registration information and forms are available at: http://www.cpc.gc.ca/en/registration



Last Updated on Thursday, 24 November 2011 18:38
Membership for 2012 PDF Print E-mail
Written by Barry Kuang   
Friday, 04 November 2011 09:52


Renewal of your 2012 membership is now open. Members should have received e-mail from Duncan Monkhouse and the Executive Secretary.


Last Updated on Thursday, 24 November 2011 19:00
News Update PDF Print E-mail
Written by Barry Kuang   
Friday, 04 November 2011 18:22

Congratulations to the newly elected executive committee - Ontario
Chapter HTCIA.

Your new Executive, effective January 1, 2012 are:

President - Ben WHITTAKER;
1st VP - Dr G. Scott GRAHAM;
2nd VP - Matt ROSS;
Sec. - Eugene SILVA; and
Treas. - Neil GREENBERG.

Thanks to Peter IRISH(IDTC - TPS)  for his presentation on Facebook
Artifacts and Herr Doctor Professor G.Scott GRAHAM (UofT) for his
presentation  on Stuxnet Forensics.

Both did a superb job! If you missed their presentation, it will be
included in a USB thumbdrive which will be presented to each member
attending the November 24, meeting.

The November 24 meeting will be held at "East Side Mario's Restaurant
3075 Argentia Road
Mississauga, ON L5N8P7

The bottom line.... if you take the investigation and prevention of
high tech crime seriously you can't
afford to miss these timely presentations given by experts, at our
monthly meetings.

Please join me in thanking the outgoing executive: Ben Whittaker, Dan
Huton, Brent Salmon and Neil Greenberg, the outgoing Chapter Exec
members, for a job well done.

Last Updated on Friday, 04 November 2011 18:27
January 2012 Meeting PDF Print E-mail
Written by Barry Kuang   
Friday, 04 November 2011 09:51


The first meeting of the new year will be held on Thursday, January 26, 7 - 9 p.m. at the Toronto Police College, 70 Birmingham Street, Toronto.


Last Updated on Thursday, 24 November 2011 18:44

Page 9 of 13
Copyright © 2019 htciaontario.org. All Rights Reserved.


Preferred Meeting Locations

Who's Online

We have 11 guests online