CyberCon 2025 - Agenda
Schedule and order subject to change.
07:00 – Registration & Buffet Breakfast
08:00 – Opening Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
08:15 – Leveraging Open Source Intelligence for Criminal Investigations | Sophia Kwong, Open Source Intelligence Analyst Supervisor, Royal Canadian Mounted Police
Session Description
With society’s increasing dependence on the Internet, personal information has become more accessible. Through open source intelligence analysis, law enforcement can leverage publicly available information to generate tangible investigative leads.
This presentation uses case studies to highlight organizational policies, case law, legislation, and legal applications as they relate to using the Internet for investigations. Setting up social media profiles (sock puppets), capturing and saving online information for evidence, network attribution, and best practice recommendations for online risk reduction are also discussed.
10:15 – Refreshment Break: Network + Explore Exhibits
10:30 – Leveraging Open Source Intelligence for Criminal Investigations Resumes
11:30 – Is Seeing Believing? How Deep Fakes Affect Open Source Intelligence | Kailey Skemp, Open Source Analyst, Organized Crime Agency of BC & Sophia Kwong, Open Source Intelligence Analyst Supervisor, Royal Canadian Mounted Police
Session Description
Do you think seeing is believing? In recent years, artificially created media known as “deep fakes” have been increasingly used to distribute “fake news”, manipulate public opinions, and commit criminal offences.
This presentation examines key differences between misinformation and disinformation, the evolution of deep fakes, and the impact their use has on communities around the world. Participants will also hear about the impact deep fakes have on open source intelligence work and learn best practices to verify the authenticity of online information.
12:30 – Lunch Buffet & Networking
13:30 – Open-Source Intelligence (OSINT) Training | Chris Pierre, BA, CFE, CISSP – Managing Director, KeyNorth Professional Services Group
Course Description
KeyNorth Group will be delivering foundational Open-Source Intelligence (OSINT) training. This session will introduce core OSINT concepts, search techniques, and practical tools to help participants gather publicly available information safely, ethically, and effectively – laying a solid foundation for more advanced investigative work in the digital space.
Certificate of Attendance provided upon completion of course.
Important Session Information – Please Read Carefully
This session is designed to be highly interactive, with hands-on exercises throughout. To get the most out of the training, participants must bring a laptop capable of connecting to the Internet.
Requirements:
⦁ Access to web search engines
⦁ Access to archive.org (Wayback Machine)
⦁ Access to standard social media platforms: Facebook, Instagram, and X.com (formerly Twitter)
It is strongly recommended that participants create their own accounts on these platforms prior to the session, as research tasks will require active use of them.
Additionally, please ensure your device includes or has access to:
PDF creation tools
Screen capture software (e.g., Snipping Tool with video capability or a suitable alternative)
These tools are essential for full participation and will be used throughout the session for documentation and analysis exercises.
15:45 – Refreshment Break: Network + Explore Exhibits
16:00 – Open-Source Intelligence (OSINT) Training Resumes
17:30 – Closing Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
07:00 – Buffet Breakfast
08:00 – Opening Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
08:05 – Tracking the Untraceable: A Global Manhunt Powered by Cryptocurrency Intelligence | Sgt. Danielle Brock, Criminal Intelligence Unit, Vancouver Police Department
Session Description
Sgt. Brock led a complex, high-profile international investigation spanning 14 countries, culminating in the capture and repatriation of Canada’s third most wanted criminal. This case exemplifies the power of advanced cryptocurrency tracing techniques and their growing relevance in modern criminal investigations.
The operation showcases not only the technical skill required to trace illicit funds across decentralized platforms, but also the critical importance of coordinated efforts between global law enforcement agencies and private sector partners. Through strategic intelligence-sharing, cross-jurisdictional collaboration, and the application of cutting-edge blockchain analytics, investigators were able to dismantle a sophisticated criminal network and bring a high-value target to justice.
This session will walk attendees through key operational milestones, investigative strategies, and lessons learned — offering an inside look at how technology, teamwork, and tenacity converged to close a case of international significance.
09:00 – Cryptocurrency Investigations for the Front Line (CIFL) Course | Casey Bohn – Senior Training Specialist, Chainalysis
Session Description
Cryptocurrency Investigations for the Front Line (CIFL) is a foundational course equipping law enforcement officers with the knowledge and tools to recognize and respond to the use of cryptocurrency by suspects in the field.
Designed specifically for frontline personnel, the course demystifies cryptocurrency and blockchain technology, offering practical insights into identifying indicators, understanding the ecosystem, and initiating investigations.
Participants will gain a comparative understanding of cryptocurrency and traditional currency, explore key blockchain typologies, and learn investigative techniques relevant to crypto-related cases. The course also covers field awareness, search warrant considerations, blockchain analytics, interview strategies, and asset seizure or forfeiture procedures.
Course Agenda
- Cryptocurrency Awareness in the Field and Why It Matters
- Cryptocurrency Technology
- Buying, Selling, Transferring Cryptocurrency
- Cryptocurrency Crime
- Investigating Cryptocurrency Cases
Examples include: search warrant tips, blockchain analytics, interview strategies, and asset seizure/forfeiture
Key Learning Outcomes
- Recognize cryptocurrency indicators
- Understand cryptocurrency and blockchain basics
- Compare cryptocurrency and traditional currency
- Learn blockchain industry typologies
- Enhance cryptocurrency ecosystem knowledge for investigations
- Learn how to initiate cryptocurrency-related investigations
10:30 – Refreshment Break: Network + Explore Exhibits
10:45 – Cryptocurrency Investigations for the Front Line (CIFL) Course Resumes
12:15 – Lunch Buffet & Networking
01:15 – TRM Certified Investigator (TRM-CI) Course | Keri Patrick, CFE – Lead Instructor, TRM Labs
Course Description
The TRM Certified Investigator (TRM-CI) course equips participants with essential skills for conducting cryptocurrency investigations. This comprehensive training focuses on understanding cryptocurrency fundamentals, conducting on-chain investigations, and applying blockchain forensic techniques to trace transactions and identify illicit activities. Participants will learn how to leverage blockchain intelligence to link suspicious activity to real-world entities.
Participants will gain hands-on experience investigating mixers, cross-chain movement, DeFi protocols, and NFTs—emerging areas that are critical to modern investigations. Designed specifically for law enforcement and financial intelligence professionals, the course uses real-world case studies and practical exercises to enhance investigative capabilities.
The program also develops core analytical reasoning and data interpretation skills that can be applied across different investigative environments, making it ideal for those using multiple tools or open-source methods.
Key Learning Outcomes
- Identify and explain crypto-crime typologies across multiple blockchain ecosystems
- Leverage off-chain open-source intelligence (OSINT) sources to enhance blockchain investigations
- Identify transaction data types and understand blockchain intelligence sources
- Understand clustering techniques and heuristics including co-input spending, change analysis, and address type analysis
- Identify attribution on UTXO and account-based blockchains
- Analyze behavioral patterns of blockchain activity by entities
- Trace transactions at both the address and entity level across multiple blockchains
- Document on-chain transactional activity effectively for investigations or court proceedings
- Understand the general components of crypto compliance and risk management
- Apply investigative techniques to complex case studies involving darknet markets, ransomware, and other illicit activities
Modules Include
- Fundamentals Review
- Follow the Money
- Illicit Activity
- Conducting On-Chain Investigations
- Compliance and Risk Management Overview
Certification
Participants who successfully complete the training quiz will receive a digital certificate and badge from TRM Academy’s credentialing partner, Accredible.
The quiz will be available on Day 3 of the conference via BCACP’s Canadian Police Knowledge Network (CPKN) platform.
Showcase your achievement and build your professional profile with recognized credentials!
Prerequisites
No prior experience is required.
However, participants are encouraged to complete TRM Academy’s Crypto Fundamentals Certification (TRM-CFC) before attending, which is available for free!
The 3-hour, self-paced online course will provide a comprehensive orientation to the crypto ecosystem and key concepts related to crypto-based fraud and financial crime. Register here for the free course.
15:15 – Refreshment Break: Network + Explore Exhibits
15:30 – TRM Certified Investigator (TRM-CI) Course Resumes
16:30 – Good Cop, Bot Cop | Ritesh Kotak, Cybersecurity and Tech Analyst/Lawyer/ Media Contributor
Session Description
AI is transforming every sector — and public safety is no exception. This engaging session will explore how law enforcement and community partners can harness AI as a powerful tool rather than view it as a threat. From streamlining investigations and improving situational awareness to strengthening community engagement, AI offers opportunities to work smarter, safer, and more effectively.
Led by Ritesh Kotak, a renowned technology and cybersecurity analyst with a career spanning policing, law, and the private sector, this session will provide practical insights into how AI is reshaping the future of policing and public safety. Through real-world examples and a critical lens, attendees will gain a clear understanding of the possibilities, challenges, and ethical considerations that come with adopting AI — and leave with strategies to leverage these tools for positive impact.
Whether you are in uniform, part of a civilian agency, or simply curious about the intersection of AI and public safety, this session will demonstrate how “Good Cop, Bot Cop” can become a reality.
17:30 – Closing Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
07:00 – Buffet Breakfast
08:00 – Opening Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
08:05 – Incident Response in Policing: What the Cybersecurity Numbers Are Telling Us and Why It Matters | Shannon Parker, Director | National Incident Response Team, Deloitte INC.
Session Description
Ransomware attacks on police departments are no longer hypothetical—they’re happening with increasing frequency and impact. In this session, we’ll walk through breach response experiences from two real-world incidents involving law enforcement agencies, offering a behind-the-scenes look at how these crises unfolded and what we can learn from them.
We’ll explore:
What the numbers say about the scale and speed of cyber threats
Common gaps and vulnerabilities exploited in policing environments
The true cost of a breach: downtime, disruption, insurance, and beyond
Challenges specific to policing, including privacy, chain of custody, and digital evidence
Practical strategies to prepare, respond, and recover more effectively
This session is designed for police and public safety leaders who want to better understand the evolving risks—and take actionable steps to safeguard their organizations before it’s too late.
09:15 – Behind the Firewall: Lessons from a Major Ransomware Attack on a Critical Infrastructure Organization | Brant Arnold-Smith, Division Manager/Commanding Officer Protective Services & Emergency Management & Trevor Verbeke, Division Manager, IT Infrastructure & Cyber Security
Session Description
In October 2022, the Metro Vancouver Regional District experienced a cyber security incident that was quickly contained through immediate actions like isolating affected systems, conducting forensic analysis and engaging law enforcement.
The response involved collaboration between various departments and agencies, ensuring a comprehensive approach to managing the incident. Recovery efforts focused on restoring normal operations and enhancing cyber security measures. This incident underscored the importance of proactive measures and a coordinated response to protect critical infrastructure and services.
10:15 – Refreshment Break: Network + Explore Exhibits
10:30 – International Collaboration in Cybercrime: A Canadian Leadership Perspective | S/Sgt. Benjamin Hitchcock, Senior Investigator, National Cybercrime Coordination Centre, Royal Canadian Mounted Police
Session Description
Since 2019, Staff Sergeant Ben Hitchcock has served as Canada’s first permanent officer on the Joint Cybercrime Action Task Force (JCAT) at Europol—a multinational team dedicated to combatting the world’s most sophisticated and destructive cybercriminal groups.
In this presentation, Sergeant Hitchcock will share insights from his work at the heart of international cybercrime investigations, highlighting how Canadian law enforcement is contributing on the global stage. From dismantling ransomware groups to securing specialized tools and training for domestic agencies, his efforts have not only elevated Canada’s presence in global operations but also strengthened cybercrime response capabilities at home.
Attendees will gain a unique perspective on:
- How international cyber investigations are coordinated and executed
- Canada’s evolving role in multinational enforcement efforts
- Real-world examples of cross-border operations targeting prolific cybercriminals
- Opportunities for Canadian police services to access advanced tools, training, and intelligence
This is a rare opportunity to hear directly from a Canadian officer embedded in one of the world’s most important cybercrime task forces – and to explore how global collaboration is shaping the future of law enforcement.
11:30 – Panel: Crypto, Crime, and Case Law: Legal Perspectives and Investigative Realities | James Whiting, Acting Administrative Crown Counsel BC Prosecution Services, Ministry of Attorney General & Steven Johnston Crown Prosecutor, Alberta Crown Prosecutor Services
Session Description
As cryptocurrency becomes increasingly embedded in criminal investigations, Canadian prosecutors are facing new and complex challenges. These range from emerging case law to evolving standards around digital evidence.
In this engaging legal panel, James Whiting, Acting Administrative Crown Counsel with BC Prosecution Services, and Steven Johnston, Crown Prosecutor with Alberta Crown Prosecutor Services, will share their perspectives on the evolving legal landscape in Canada as it relates to cryptocurrency.
Topics will include:
- Current legal climate and emerging trends in crypto-related prosecutions
- Notable Canadian case law and judicial considerations
- The intersection of OSINT and blockchain analysis in major investigations
- Real-world case studies that illustrate how it all comes together in court
Designed for investigators, analysts, and justice sector professionals, this session will bridge legal insight with investigative practice, equipping attendees with a clearer understanding of how crypto and OSINT are shaping prosecutions today.
12:30 – Closing Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman