The Naval Postgraduate School
Michael McCarrin is a Research Associate at the Naval Postgraduate School and the principal investigator of the Digital Evaluation and Exploitation Project (DEEP). His research interests are approximate matching, scalable algorithms, forensics and machine learning.
The Naval Postgraduate School
Bruce Allen is a Research Associate at the Naval Postgraduate School and the primary developer of the hashdb database. He is the author of the hdb-blacklist Autopsy module.
Cory Altheide & Johan Berggren
Cory Altheide has fifteen years of information security, forensics & incident investigations experience. During this time he has performed numerous investigations in a variety of industries, ranging from financial crimes to state-sponsored espionage. Cory is currently responsible for cloud forensics preparedness and response at Google.
Cory is the primary author of “Digital Forensics with Open Source Tools” and a contributing author on “UNIX & Linux Forensic Analysis” & “Handbook of Digital Forensics and Investigation.
Brian leads the digital forensics team at Basis Technology, delivering services and developing custom systems. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and the Autopsy digital forensics platform. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab. Brian is on the committees of many conferences, workshops and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.
Richard is a software engineer on the digital forensics team at Basis Technology. He is currently the development team lead for Autopsy. Prior to joining Basis Technology, Richard did software development at the Defense Cyber Crime Center (DC3). Before finding his niche in the world of digital forensics, Richard’s career included writing ballistic missile defense simulation software, writing business intelligence software, and a brief stint in the video games industry. Richard earned a Master of Science degree in Computer Science at Colorado Technical University and a Bachelor of Science Degree with a minor in Applied Mathematics at the University of Colorado.
Rob Fry is an accomplished architect, inventor and public speaker with 18 years experience primarily in large scale Internet companies and the utility industry. In his current role he specializes in security automation, threat detection, data analytics, machine learning, and building cloud security solutions. At Netflix he invented FIDO, a patent pending open source incident response and remediation platform and while at Yahoo created the DUBS configuration and automation framework for production servers. In his free time he enjoys working on advisor board, CABs and engineering steering teams with a passion for helping create products in the cloud and security space by working with venture capitalist to develop stealth and startup companies.
Jon Stewart, Zack Weger
Jon Stewart and Zack Weger are both software developers in the digital forensics consulting practice at Stroz Friedberg, LLC. Jon previously worked at Lightbox Technologies and Guidance Software. Zack is a recent graduate of the University of Texas at Dallas, where he majored in computer science and applied mathematics.
George Mason University
Jim Jones is an Associate Professor of Computer Forensics and Cybersecurity Engineering at George Mason University. He has been a cyber security practitioner, researcher, and educator for over 20 years. During that time, he has led and performed network and system vulnerability and penetration tests, led a cyber incident response team, conducted digital forensics investigations, and taught university courses in cyber security, penetration testing, digital forensics, and programming. Past and current funded research sponsors include DARPA, DHS, NSF, and DoD. His research interests are focused on digital artifact extraction, analysis, and manipulation, and on offensive cyber deception in adversarial environments. Jim earned his Bachelor’s degree from Georgia Tech (Industrial and Systems Engineering, 1989), Master’s degree from Clemson University (Mathematical Sciences, 1995), and PhD from George Mason University (Computational Sciences and Informatics, 2008).
Daniel White is a security engineer at Google, focused on forensics, incident response, tool development, and keeping people and data safe.
Brian is a digital forensic analyst currently residing in the Baltimore, Maryland area. He has approximately 15 years of experience in the cyber security field, with 10 of those years focusing on digital forensics/incident response (DFIR), both in the United States Air Force and the private sector. His initial exposure to the DFIR field occurred during a 6 month deployment to Mosul, Iraq in 2004-2005, when he served on a team that provided mobile device analytic information in support of tactical military operations. During his tenure in the Air Force, he has worked with numerous DoD entities and been invited to speak and share information at several intelligence community events. After his military service ended he entered the private sector and has worked (globally) on a wide range of cases. His favorite aspect of this DFIR field is that it is always changing and evolving; and every case has unique problems, questions, and solutions.
Matthew Seyer & David Cowen
G-C Partners, LLC
Matthew Seyer, is a consultant at G-C Partners, LLC based in Dallas, Texas. He has obtained a Bachelor of Technology in Information Assurance and Digital Forensics at Oklahoma State University Institute of Technology Okmulgee and an Associate in Applied Sciences of Digital Forensics at Richland College. Over the past three years Mr. Seyer has been involved with researching and creating tools for file system journal forensics. Both David Cowen and Matthew Seyer are hosts of the Forensic Lunch, a webcast that covers digital forensics topics Fridays at noon (CST) on Google Hangouts. You can follow Matthew Seyer on twitter: @forensic_matt.
Ryan Benson is a Digital Forensic Examiner at Stroz Friedberg’s San Francisco office. He previously worked at Mandiant, doing incident response and forensic investigations. In his free time he likes to develop open source forensic tools and has spoken at multiple conferences and events about his projects.
Ryan holds a Bachelor’s degree in Computer Engineering from the University of the Pacific. During his undergraduate studies, he did an internship in the FBI’s Silicon Valley Regional Computer Forensics Lab. He holds several certifications including the GIAC Certified Forensic Analyst (GCFA) and GIAC Certified Incident Handler (GCIH).
The Volatility Team
The Volatility Foundation
The authors of this presentation are the core developers of The Volatility Framework (@volatility) and the authors of The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. These are the same analysts who have spent the past decade using memory analysis on a daily basis to augment digital investigations, malware analysis, and reverse engineering. This team actively maintains and supports the Volatility software and its thriving community. This team also offers the authoritative training in memory and malware analysis, which has been taught for numerous commercial and government organizations around the world. They have presented at a variety of industry leading conferences that include RSA, Blackhat, Defcon, DoD Cyber Crime Conference, DFRWS, American Academy of Forensics Sciences, and Europol’s High Tech Crime Expert Meeting.