Ljuban is an employee of Ministry of Interior, Republic of Serbia for over 10 years where he is working as an Independent police inspector in the Cybercrime division. He finished School for computer technologies and has a master degree in Law from University of Belgrade. He got his master’s degree in Forensics Computing and Cybercrime Investigation at University College in Dublin. He specializes in Data forensics, Network forensics and investigations, Wireless networks intrusions, Network Security, Vulnerability Internet forensics, Malware and memory forensics, Hacking, DoS & DDoS attacks, Electronic Data and Communications Interception, Internet frauds and intellectual property violations, Credit and payment cards fraud, Identity theft investigations, Perl scripting and Data Base management. His other specialist qualification include Computer and mobile phones forensics, Cyber Incident Response & Investigation, Computer Security Incident Response, Advanced Hacking techniques, Cybercrime undercover techniques, Computer and computer related frauds, Child exploitation investigations, Special Investigative Methods and he serves as an court expert. Ljuban has a vast experience as a forensic instructor and a lecturer, some of which include: Internet forensics training, Informant Development Training, E.C.T.E.G Introductory IT Forensics and Network Investigations & Initial Training Skills Development Course (Train the trainer), Advanced Malware & Memory forensics, McAfee Malware training, Network Data Specialist Training (Based on ETSI LI standards), IACIS bacis forensics and many more.
Geo-locating the IM service users and analysis of communication logs
My presentation will be covering some of the technical aspects of investigative techniques and police procedures in the process of geo-locating those suspects that are using Internet as a communication tool. We will be showing how to locate suspects when our only information is there email or user account on IM services such as Skype, Viber and IRC. Among other things, during the presentation we will demonstrate changes that are made in Skype protocol after Microsoft acquired this company and how can we make these useful for us as business and home users. Also, we will be showing some of the possibilities we have in order to locate a person (or a location of the machine) in those cases where available data is TeamViewer ID or a phone number. In this section we will demonstrate the possibilities that we have in order to geo-locate users of popular services such as Viber or TeamViewer.
In the second part of the presentation we will be showing a log analysis tool aimed towards police investigators assigned to detect suspects who use SQLI based attacks or similar web based attack methods. Considering the fact that in most cases police investigators will receive a huge amount of log files without any selection, this tool should save analysis time and provide them with possible attack IP’s. It is designed in a way that even those investigators with average education can successfully use it and retrieve data that would in other situation be impossible to find manually or without advanced knowledge in Linux grep syntax, log analysis and their structure.
All the recommendations and tools that we will demonstrate during this session are based on the real life experience and solved cases where the victims were Serbian citizens or legal entities, or on the cases where we had been assigned to locate suspects operating from unknown locations. Therefor, all these facts want be given just as a list of possibilities but also as a recommendation for our colleagues to be used in their every day police activities.