2013 Speakers



Willi Ballenthin

Consultant, Mandiant

Doing More with Less: Triaging Compromised Systems With Constrained Resources

Willi Ballenthin is a consultant at Mandiant who specializes in incident response and computer forensics. He can typically be found investigating intrusions at Fortune 500 companies and enjoys developing tools or techniques in the evenings. Willi is the author of a number of cross-platform Python libraries including python-registry, python-evtx, and INDXParse.py.


Nicole L. Beebe, Ph.D

Assistant Professor, The University of Texas at San Antonio

SIFTER – Search Indices for Text Evidence Relevancy

Nicole L. Beebe is an Assistant Professor in the Department of Information Systems & Cyber Security, at the University of Texas at San Antonio. Dr. Beebe has over 15 years of commercial and government experience in digital forensics. She was a computer crime investigator for the Air Force Office of Special Investigations from 1998-2007. Dr. Beebe is a licensed private investigator and holds two certifications in digital forensics (EnCE and ACE). Her digital forensics research was published in the Journal of Digital Investigation and Decision Support Systems, and she has an article forthcoming in IEEE Transactions on Information Forensics and Security.


Brian Carrier

VP of Digital Forensics, Basis Technology

Autopsy 3: Extensible Desktop Forensics

Brian leads the digital forensics team at Basis Technology, delivering services and developing custom systems. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and the Autopsy digital forensics platform. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab. Brian is on the committees of many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.


Tobin Craig

Lab Chief, US Department of Transportation (DOT)

Making Molehills Out of Mountains: Data Reduction Using Sleuth Kit Tools

Tobin Craig is the Laboratory Chief for CCU. He has over 25 years of international forensic science experience in eight different disciplines, working for both the British and the United States governments. He has successfully designed and managed forensic laboratories in Northern Ireland, as well as the US Secret Service, VA OIG, and NASA. He is a CFCE, a CCE, a CISSP, and a Member of the Royal Society of Chemistry…..just not a programmer.


Simson Garfinkel

Associate Professor, Naval Postgraduate School

Forensics Visualizations with Open Source Tools

Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School. Based in Arlington VA, Garfinkel’s research interests include computer forensics, the emerging field of usability and security, personal information management, privacy, information policy, and terrorism. He holds six US patents for his computer-related research and has published dozens of journal and conference papers in security and computer forensics.


Pavel Gladyshev

Programme Director of MSc in Forensic Computing & Cybercrime Investigation, University College Dublin

FIREBrick: Open Source Forensic Hardware Platform

Dr. Pavel Gladyshev is a lecturer at the University College Dublin (Ireland), where he is directing Digital Forensics Investigation Research Laboratory (DigitalFIRE). Dr. Gladyshev holds a Ph.D. in the field of digital forensics and is one of the founders of the state machine theory of digital forensic analysis. Prior to joining the university, Dr. Gladyshev worked as an IT forensics analyst at the Dublin practice of Ernst & Young. He continues to actively work as a consultant in criminal and civil investigations. Dr. Gladyshev serves on the INTERPOL steering committee on IT Crime.


Kristinn Gudjonsson

Security Engineer, Google

Plaso – Exploration of the Inner Workings of the Framework

Kristinn Gudjonsson is a senior security engineer at Google, focused on forensics, incident response, tool development, and whatever gets thrown his way. Prior to joining Google, he worked as a technical security manager at ArionBanki and before then, as a security/incident response/forensics consultant at Skyggnir. Kristinn holds a M.Sc. degree in computer engineering from INT (Institut National des Telecommunications) in Paris as well as a B.Sc. degree in electrical and computer engineering from the University of Iceland. Kristinn also holds several certifications, including GCIA, GCIH and GCFA Gold. Kristinn is the creator of the tool log2timeline, and now one of the core developers of the new backend engine of log2timeline, called Plaso.


Tyler Hudak

Sr. Security Consultant, KoreLogic Security

MASTIFF: Automated Static Analysis Framework

Tyler Hudak is a Senior Security Consultant for KoreLogic Security and has extensive real-world experience in malware analysis and incident handling for Fortune 500 firms. Tyler is a member of the Forum of Incident Response and Security Teams (FIRST) and leads the FIRST Malware Analysis Special Interest Group. He has presented at several conferences, participates on the board of the NorthEast Ohio Information Security Forum, and maintains a blog at http://secshoggoth.blogspot.com.


Doug Koster

Senior Computer Forensic Examiner, ManTech

Computer Forensic Triage Using Manta Ray

Doug Koster is a forensic examiner and python programmer working for ManTech, CFIA. Doug has 13 years of experience performing dead-box forensics for various government customers. Doug holds a MS in Computer & Information Systems an MBA as well as the following certifications; EnCE, GCFA, GCFE, A+ & PMP.


Stuart Maclean

Software Engineer, University of Washington

A Tool For Answering the Question: What Changed on Disk?

An API for API Hookers: Taking A Closer Look At Malware

Stuart Maclean is a software engineer at the University of Washington, Seattle, USA. He has been developing software, mostly in Java and C, for use in cybersecurity for about 2 years. His interests include disk forensics, emulators, malware analysis sandboxes, and most other things to answer the question, “What does this program do?” Stuart holds a Ph.D. in Computer Science from the University of Southampton, England.


Jon Stewart

Founder, Lightbox Technologies

Bulk_Extract Like a Boss

Jon Stewart is a software developer and founder of Lightbox Technologies. Jon is one of the creators of Lightgrep, a new regular expression search engine for forensics. He was previously employed as director of software development for Guidance Software, Inc. At Guidance, he helped design, develop, and evangelize the EnScript programming language embedded in the company’s EnCase software. He also created Guidance’s eDiscovery Suite, a distributed application for searching and collecting documents from systems over a network. Jon lives in Washington, DC.


The Volatility Development Team

The State of Volatility: Open Source Memory Forensics

The authors of this presentation are the core developers of The Volatility Framework. They are also analysts who have spent the past decade using memory analysis on a daily basis to augment digital investigations, malware analysis, and reverse engineering. This team actively maintains and supports Volatility software development and its thriving community. The team also offers the authoritative training in memory and malware analysis for numerous commercial and government organizations around the world. The authors have presented at a variety of industry conferences that include RSA, Blackhat, Defcon, DoD Cyber Crime Conference, DFRWS, American Academy of Forensics Sciences, and Europol’s High Tech Crime Expert Meeting.