Skip Main Navigation
Page Content
This event has ended

Atlanta HTCIA Meeting: Thursday, May 9th 2013

Atlanta HTCIA

Thursday, May 9, 2013 from 11:30 AM to 1:00 PM (EDT)

Atlanta HTCIA Meeting: Thursday, May 9th 2013

Ticket Information

Type Remaining End Quantity
HTCIA May 2013 Meeting 31 Tickets Ended Free  

Share Atlanta HTCIA Meeting: Thursday, May 9th 2013

Event Details



Presentation TITLE: Processing X-Way Forensics Evidence




This lecture will be centered on the processing/reprocessing of some of the X-Ways forensic
software output capabilities. X-Ways provides an excellent process for retrieving meta-data

from files such as documents, graphics, link, pdf and other files. All of which is useful to the
investigator and the discovery process. However, the meta-data field which X-Ways creates is
not easily reprocessed in a text file or in a spreadsheet. The demonstration will show how to use
a custom program to take the meta-data field and parse it to a more usable list for examination,
or discovery. The X-Ways (html) report produces a significant amount of “noise” in the meta-
data information. Another program will show how to reduce the noise in the html report to that
which is usable and easily explained.

In addition, the following programs will be demonstrated:

A program to process eml (text) files and produce delimited data which contains ALL the header
information in a usable format ready for processing.

A program which can search files (including extracted free space) for items such as IP addresses,
SSN’s, Email addresses, Phone numbers, URL’s, and Credit card numbers. It produces an output
which can be easily imported to Excel for further manipulation.

The forensic copy program which can be used to forensically copy (and verify) file copies for

And a method of “tagging” intellectual property will be shown. This process can possibly be
used to track/trace intellectual property when it shows up on a competitor’s computer system.


Speaker: Dan Mares

Dan Mares Is a 27-year law enforcement retiree. He began writing software programs to facilitate

the analysis of seized electronic data in 1986, and developed the Maresware suite of
investigative software programs.

Dan assisted in the development of: Seized Computer Evidence Recovery Specialist
and Computer Investigation in an Automated Environment courses at the Federal Law
Enforcement Training Center in Glynco, Georgia, and the Basic and Advanced Data
Recovery Classes at the National White Collar Crime Center.

Dan has been President and Vice President of the Atlanta area High Tech Crime
Investigators Association, and a member of the International Association of Computer
Investigative Specialists. He is a current board member of the ICFP (Institute
of Computer Forensics Professionals). Dan received the HTCIA 2006 Lifetime
Achievement Award. Dan is a Member of the AIU (American Intercontinental
University) Dunwoody Forensics Advisory Board (2006,2007)

Dan holds a number of computer forensic certifications.

Meeting Details:

Admission: FREE

Registration Required: Yes, to get a food headcount (come anyway even if registration is closed)

Date: May 9, 2013 – 11:30 AM to 1:00 PM



American InterContinental University

500 Embassy Row

Have questions about Atlanta HTCIA Meeting: Thursday, May 9th 2013? Contact Atlanta HTCIA
Attendee List Sort by: Date | First Name | Last Name
Show More

When & Where

AIU Dunwoody
500 Embassy Row
Atlanta, GA 30328

Thursday, May 9, 2013 from 11:30 AM to 1:00 PM (EDT)

  Add to my calendar
Atlanta HTCIA Meeting: Thursday, May 9th 2013
Atlanta, GA Events Class

Interested in hosting your own event?

Join millions of people on Eventbrite.

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.