CyberCon 2025 - Agenda
07:00 – Registration & Buffet Breakfast
08:00 – Opening Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
08:30 – Leveraging Open Source Intelligence for Criminal Investigations | Sophia Kwong, Open Source Intelligence Analyst Sup., RCMP
Session Description
With society’s increasing dependence on the Internet, personal information has become more accessible. Through open source intelligence analysis, law enforcement can leverage publicly available information to generate tangible investigative leads.
This presentation uses case studies to highlight organizational policies, case law, legislation, and legal applications as they relate to using the Internet for investigations. Setting up social media profiles (sock puppets), capturing and saving online information for evidence, network attribution, and best practice recommendations for online risk reduction are also discussed.
09:15 – Is Seeing Believing? How Deep Fakes Affect Open Source Intelligence | Sophia Kwong, Open Source Intelligence Analyst Sup., RCMP & Kailey Skemp, Open Source Analyst, Organized Crime Agency of BC
Session Description
Do you think seeing is believing? In recent years, artificially created media known as “deep fakes” have been increasingly used to distribute “fake news”, manipulate public opinions, and commit criminal offences.
This presentation examines key differences between misinformation and disinformation, the evolution of deep fakes, and the impact their use has on communities around the world. Participants will also hear about the impact deep fakes have on open source intelligence work and learn best practices to verify the authenticity of online information.
10:00 – Refreshment Break: Network + Explore Exhibits
10:15 – Open-Source Intelligence (OSINT) Training | Chris Pierre BA, CFE, CISSP, KeyNorth Professional Services Group
Course Objectives
KeyNorth Group will be delivering foundational Open-Source Intelligence (OSINT) training. This session will introduce core OSINT concepts, search techniques, and practical tools to help participants gather publicly available information safely, ethically, and effectively – laying a solid foundation for more advanced investigative work in the digital space.
Important Session Information – Please Read
This session is designed to be highly interactive, with hands-on exercises throughout. To get the most out of the training, participants must bring a laptop capable of connecting to the Internet.
Requirements:
- Access to web search engines
- Access to archive.org (Wayback Machine)
- Access to standard social media platforms: Facebook, Instagram, and X.com (formerly Twitter)
It is strongly recommended that participants create their own accounts on these platforms prior to the session, as research tasks will require active use of them.
Additionally, please ensure your device includes or has access to:
- PDF creation tools
- Screen capture software (e.g., Snipping Tool with video capability or a suitable alternative)
These tools are essential for full participation and will be used throughout the session for documentation and analysis exercises.
12:15 – Lunch Buffet & Networking
13:15 – Open-Source Intelligence (OSINT) Training Resumes
14:15 – Crypto Currency Fundamentals | Caleb Carroll , Chainalysis Inc.
Course Objectives
Details coming soon.
15:30 – Refreshment Break: Network + Explore Exhibits
15:45 – Crypto Currency Training Resumes
17:00 – Closing Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
07:00 – Buffet Breakfast
08:00 – Opening Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
08:00 – TRM Certified Investigator (TRM-CI) Course | Keri Patrick, CFE – Lead Instructor, TRM Labs
Course Description
The TRM Certified Investigator (TRM-CI) course equips participants with essential skills for conducting cryptocurrency investigations. This comprehensive training focuses on understanding cryptocurrency fundamentals, conducting on-chain investigations, and applying blockchain forensic techniques to trace transactions and identify illicit activities. Participants will learn how to leverage blockchain intelligence to link suspicious activity to real-world entities.
Participants will gain hands-on experience investigating mixers, cross-chain movement, DeFi protocols, and NFTs—emerging areas that are critical to modern investigations. Designed specifically for law enforcement and financial intelligence professionals, the course uses real-world case studies and practical exercises to enhance investigative capabilities.
The program also develops core analytical reasoning and data interpretation skills that can be applied across different investigative environments, making it ideal for those using multiple tools or open-source methods.
Key Learning Outcomes
- Identify and explain crypto-crime typologies across multiple blockchain ecosystems
- Leverage off-chain open-source intelligence (OSINT) sources to enhance blockchain investigations
- Identify transaction data types and understand blockchain intelligence sources
- Understand clustering techniques and heuristics including co-input spending, change analysis, and address type analysis
- Identify attribution on UTXO and account-based blockchains
- Analyze behavioral patterns of blockchain activity by entities
- Trace transactions at both the address and entity level across multiple blockchains
- Document on-chain transactional activity effectively for investigations or court proceedings
- Understand the general components of crypto compliance and risk management
- Apply investigative techniques to complex case studies involving darknet markets, ransomware, and other illicit activities
Modules Include
- Fundamentals Review
- Follow the Money
- Illicit Activity
- Conducting On-Chain Investigations
- Compliance and Risk Management Overview
Certification
Participants who successfully complete the Day 3 quiz will receive a digital certificate and badge from our credentialing partner, Accredible.
Prerequisites
No prior experience is required. However, participants are encouraged to complete TRM’s Crypto Fundamentals Certification (TRM-CFC) before attending for free!
The 3-hour, self-paced online course will provide a comprehensive orientation to the crypto ecosystem and key concepts related to crypto-based fraud and financial crime. Register here for the free course
10:00 – Refreshment Break: Network + Explore Exhibits
10:15 – TRM Certified Investigator (TRM-CI) Course Resumes
12:30 – Lunch Buffet & Networking
13:30 – Tracking the Untraceable: A Global Manhunt Powered by Cryptocurrency Intelligence | Sgt. Danielle Brock, Criminal Intelligence Unit, Vancouver Police Department
Session Description
Sgt. Brock led a complex, high-profile international investigation spanning 14 countries, culminating in the capture and repatriation of Canada’s third most wanted criminal. This case exemplifies the power of advanced cryptocurrency tracing techniques and their growing relevance in modern criminal investigations.
The operation showcases not only the technical skill required to trace illicit funds across decentralized platforms, but also the critical importance of coordinated efforts between global law enforcement agencies and private sector partners. Through strategic intelligence-sharing, cross-jurisdictional collaboration, and the application of cutting-edge blockchain analytics, investigators were able to dismantle a sophisticated criminal network and bring a high-value target to justice.
This session will walk attendees through key operational milestones, investigative strategies, and lessons learned — offering an inside look at how technology, teamwork, and tenacity converged to close a case of international significance.
14:30 – Breach Response in Policing: What the Numbers Are Telling Us – and Why It Matters | Shannon Parker, Director, Cyber Strategy and Risk Advisory, Deloitte Canada
Session Description
Ransomware attacks on police departments are no longer hypothetical—they’re happening with increasing frequency and impact. In this session, we’ll walk through breach response experiences from two real-world incidents involving law enforcement agencies, offering a behind-the-scenes look at how these crises unfolded and what we can learn from them.
We’ll explore:
What the numbers say about the scale and speed of cyber threats
Common gaps and vulnerabilities exploited in policing environments
The true cost of a breach: downtime, disruption, insurance, and beyond
Challenges specific to policing, including privacy, chain of custody, and digital evidence
Practical strategies to prepare, respond, and recover more effectively
This session is designed for police and public safety leaders who want to better understand the evolving risks—and take actionable steps to safeguard their organizations before it’s too late.
15:30 – Refreshment Break: Network + Explore Exhibits
15:45 – Behind the Firewall: Lessons from a Major Ransomware Attack on a Critical Infrastructure Organization | Brant Arnold-Smith, Division Manager/Commanding Officer Protective Services & Emergency Management & Trevor Verbeke, Division Manager, IT Infrastructure & Cyber Security
Session Description
When a major ransomware attack hit a Canadian infrastructure organization, it triggered an urgent, coordinated response. The team had to act swiftly to contain the threat and minimize damage across essential systems.
This case study offers a behind-the-scenes look at the incident—what worked, what didn’t, and the staggering numbers that underscore the growing risk to public sector organizations. The key takeaways are timely, actionable, and highly relevant.
17:00 – Closing Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
07:00 – Buffet Breakfast
08:00 – Opening Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman
08:15 – International Collaboration in Cybercrime: A Canadian Leadership Perspective | Sgt. Benjamin Hitchcock, Canadian Cybercrime Liaison Officer
Session Description
Since 2019, Sergeant Ben Hitchcock has served as Canada’s first permanent officer on the Joint Cybercrime Action Task Force (JCAT) at Europol—a multinational team dedicated to combatting the world’s most sophisticated and destructive cybercriminal groups.
In this presentation, Sergeant Hitchcock will share insights from his work at the heart of international cybercrime investigations, highlighting how Canadian law enforcement is contributing on the global stage. From dismantling ransomware groups to securing specialized tools and training for domestic agencies, his efforts have not only elevated Canada’s presence in global operations but also strengthened cybercrime response capabilities at home.
Attendees will gain a unique perspective on:
- How international cyber investigations are coordinated and executed
- Canada’s evolving role in multinational enforcement efforts
- Real-world examples of cross-border operations targeting prolific cybercriminals
- Opportunities for Canadian police services to access advanced tools, training, and intelligence
This is a rare opportunity to hear directly from a Canadian officer embedded in one of the world’s most important cybercrime task forces – and to explore how global collaboration is shaping the future of law enforcement.
09:15 – Panel: Crypto, Crime, and Case Law: Legal Perspectives and Investigative Realities | James Whiting, Acting Administrative Crown Counsel BC Prosecution Services, Ministry of Attorney General Steven & Johnston Crown Prosecutor, Alberta Crown Prosecutor Services
Session Description
As cryptocurrency becomes increasingly embedded in criminal investigations, Canadian prosecutors are facing new and complex challenges. These range from emerging case law to evolving standards around digital evidence.
In this engaging legal panel, James Whiting, Acting Administrative Crown Counsel with BC Prosecution Services, and Steven Johnston, Crown Prosecutor with Alberta Crown Prosecutor Services, will share their perspectives on the evolving legal landscape in Canada as it relates to cryptocurrency.
Topics will include:
- Current legal climate and emerging trends in crypto-related prosecutions
- Notable Canadian case law and judicial considerations
- The intersection of OSINT and blockchain analysis in major investigations
- Real-world case studies that illustrate how it all comes together in court
Designed for investigators, analysts, and justice sector professionals, this session will bridge legal insight with investigative practice—equipping attendees with a clearer understanding of how crypto and OSINT are shaping prosecutions today.
10:15 – Refreshment Break: Network + Explore Exhibits
10:30 – Special Announcement Coming Soon!
12:00 – Closing Remarks | Sgt. Skigh Murray, Chairman & Cst. Bryson Davies, Co-Chairman